Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Babylon search problem [Closed]


  • This topic is locked This topic is locked

#1
bigredyeeha

bigredyeeha

    Member

  • Member
  • PipPip
  • 35 posts
I am having a problem with the Babylon search engine changing my home page and search functions. I have cleaned the registry and chrome settings several times, but it keeps coming back. Here is my OTL log:

OTL logfile created on: 8/17/2013 9:13:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jon Lowry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 58.51% Memory free
7.60 Gb Paging File | 5.84 Gb Available in Paging File | 76.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 200.55 Gb Free Space | 44.72% Space Free | Partition Type: NTFS
Drive D: | 17.02 Gb Total Space | 2.45 Gb Free Space | 14.41% Space Free | Partition Type: NTFS

Computer Name: WOLFLING | User Name: Jon Lowry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/17 21:11:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
PRC - [2013/07/24 17:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/08/02 12:14:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/13 07:40:06 | 002,699,216 | ---- | M] () -- c:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll
MOD - [2013/07/24 17:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 17:49:45 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
MOD - [2013/07/24 17:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 17:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/24 17:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/24 17:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/12 11:29:36 | 000,534,824 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\Windows\SysNative\ngvpnmgr.exe -- (NgVpnMgr)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Stopped] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/07/25 01:17:16 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/01 18:13:30 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2013/06/12 16:13:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/06 20:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/04/16 13:49:30 | 000,082,224 | ---- | M] (ElcomSoft Co. Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv64.exe -- (EWSASERV)
SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/04/12 06:38:40 | 000,103,496 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngvpn.sys -- (NgVpn)
DRV:64bit: - [2013/04/12 06:38:40 | 000,031,304 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nglog.sys -- (NgLog)
DRV:64bit: - [2013/04/12 06:38:40 | 000,028,744 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngwfp.sys -- (NgWfp)
DRV:64bit: - [2013/04/12 06:38:40 | 000,026,184 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ngfilter.sys -- (NgFilter)
DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/10/22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 04:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 04:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 04:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 04:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 04:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/20 16:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012/08/20 16:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2011/11/28 15:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/10/01 02:16:50 | 000,393,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/05 21:04:00 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/05/09 18:09:00 | 000,122,368 | ---- | M] (Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_U_USBSER.sys -- (Generalusbserialser20675)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/01 12:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/02 00:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/08/02 12:14:48 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/07/28 21:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/31 12:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 07:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2010/12/01 12:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/01/28 14:46:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/28 14:46:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/22 18:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
IE:64bit: - HKLM\..\SearchScopes\{379819C5-082F-406A-9D9E-938B81CA5D95}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{4C6AB4BD-96D7-4335-97AB-C4588C2427C2}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{4FDD993D-F656-4134-8E18-AFCCC84F8912}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{CB469F30-480D-4846-B7EB-63F186F828BD}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {270F17A7-1D21-4C4A-A1C6-8D9CFA32A290}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.as...q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...6-D7D8F8825AFD}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3289663
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {270F17A7-1D21-4C4A-A1C6-8D9CFA32A290}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...123715&tsp=4967
IE - HKCU\..\SearchScopes\{26B10A67-3208-40FB-841A-DC8517CF66D6}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{270F17A7-1D21-4C4A-A1C6-8D9CFA32A290}: "URL" = http://search.condui...0229871141&UM=2
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....Terms}&ei=UTF-8
IE - HKCU\..\SearchScopes\{5FB49AFC-8016-4EB2-A383-78E96790C85E}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{8D0C8EE9-3A00-45F3-8EAA-348A89C4DFB8}: "URL" = http://websearch.ask...4E-D9230A2E5849
IE - HKCU\..\SearchScopes\{9A597EE9-594F-46B1-A97C-3F277AB0CADE}: "URL" = http://search.avg.co...{language}&nt=1
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.as...q={searchTerms}
IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://search.musicf...q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...6-D7D8F8825AFD}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jon Lowry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jon Lowry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/26 15:53:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/06/04 06:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/06/04 06:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/06/07 12:46:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/25 01:17:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/06/07 12:46:08 | 000,000,000 | ---D | M]

[2012/03/27 19:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Extensions
[2012/03/27 19:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/08/14 00:30:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions
[2013/08/09 16:36:37 | 000,000,000 | ---D | M] (KeyBar 1.13) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694}
[2013/08/12 07:07:44 | 000,000,000 | ---D | M] (InternetHelper3.1) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
[2013/07/25 01:21:27 | 000,000,000 | ---D | M] (WhiteSmoke New) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
[2013/03/11 14:37:56 | 000,000,000 | ---D | M] (Playboost Gamebar) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{A79D8B60-1FF0-47F0-8E79-8CDE1FECB0FD}
[2013/08/12 07:09:14 | 000,000,000 | ---D | M] (SySaver) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\[email protected]
[2013/06/30 01:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\[email protected]
[2012/05/25 08:38:16 | 000,031,267 | ---- | M] () (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi
[2013/04/07 15:48:09 | 000,195,574 | ---- | M] () (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/06/15 11:06:35 | 000,002,575 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\askcom.xml
[2013/08/07 00:26:54 | 000,006,507 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\babylon.xml
[2013/08/12 07:07:44 | 000,001,011 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\conduit.xml
[2011/06/24 08:01:54 | 000,001,908 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\metacrawler.xml
[2013/06/24 03:25:59 | 000,002,646 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\Search_Results.xml
[2013/08/14 00:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/08/12 07:09:07 | 000,000,000 | ---D | M] (SySaver) -- C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
[2013/07/25 01:17:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/25 01:17:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/03/10 09:58:36 | 000,002,201 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\scenicreflectionstb.xml
[2013/05/28 00:40:31 | 000,002,644 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Jon Lowry\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jon Lowry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jon Lowry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Cargo Bridge: Armor Games Edition = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0\
CHR - Extension: CityVille = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgkinlmadnbppnmldahlkmpkopceiepj\1_0\
CHR - Extension: Gmail = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Angry Birds = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Cargo Bridge: Armor Games Edition = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0\
CHR - Extension: CityVille = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgkinlmadnbppnmldahlkmpkopceiepj\1_0\
CHR - Extension: Gmail = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/08/17 20:48:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (SySaver) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Jon Lowry\AppData\Local\SySaver\temp.dat File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (WinToFlash Suggestor) - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Jon Lowry\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Jenkat Games Arcade] C:\Users\Jon Lowry\AppData\Roaming\Jenkat\Jenkat Games Arcade\JenkatGA.exe ()
O4 - HKCU..\Run: [PC Health Kit] C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe (PC Health Labs)
O4 - HKCU..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2ECEE45-E66C-43D0-BF61-9B61E89D0E19}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E73B43AB-B625-4EF7-932A-B128EF0F8391}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20 - AppInit_DLLs: (c:\PROGRA~3\BROWSE~2\261562~1.220\{C16C1~1\BrowserDefender.dll) - c:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/07 01:44:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (?\Z:\)
O34 - HKLM BootExecute: (uto<"*,.bat,m32\acppage.dll,sp.dll,)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/17 21:11:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
[2013/08/17 20:48:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/08/17 20:34:18 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\avgchrome
[2013/08/17 20:34:08 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013/08/17 20:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013/08/17 20:33:38 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\WebPlayer
[2013/08/15 01:21:10 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\Create a Template How to Build a Tree Bench This Old House_files
[2013/08/14 15:16:33 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\despicable me fabric - BuyCheapr.com_files
[2013/08/14 00:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/08/12 07:09:40 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\PC Health Kit
[2013/08/12 07:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit
[2013/08/12 07:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Health Kit
[2013/08/12 07:09:30 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SySaver
[2013/08/12 07:09:06 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\SySaver
[2013/08/12 06:52:26 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\A Classy Way to Keep the Bugs Away_files
[2013/08/12 01:54:56 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\Health Benefits of Drinking Warm Lemon Water Healthy Food Place_files
[2013/08/11 01:25:01 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jenkat Games Arcade
[2013/08/11 01:24:53 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Jenkat
[2013/08/11 01:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo Browser Settings
[2013/08/10 02:00:21 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\The Captain's Trove_files
[2013/08/10 01:56:08 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\Corn Syrup painting_files
[2013/08/10 01:53:26 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\Intuit Small Business Big Game. The Opportunity of a Lifetime._files
[2013/08/10 01:42:19 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\Bibs & Booties by simplethingspatterns Sewing Pattern_files
[2013/08/10 01:30:09 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\ACN
[2013/08/09 16:36:38 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\SearchProtect
[2013/08/09 16:36:06 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\DefaultTab
[2013/08/09 16:35:25 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[2013/08/08 02:37:32 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\Remy Eats Blood Sausage (Food Oddities - www.foododdities.com) - YouTube_files
[2013/08/08 02:20:07 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\WebMD Health Search_files
[2013/08/08 02:18:21 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\GYMNEMA Uses, Side Effects, Interactions and Warnings - WebMD_files
[2013/08/08 02:18:00 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\Gymnema Sylvestre - Google Search_files
[2013/08/08 02:17:09 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\gymnema, high blood sugar, low blood sugar, diabetes - Women Living Naturally_files
[2013/08/07 23:05:59 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\crockpot cabbage rolls_files
[2013/08/07 22:02:00 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Jared
[2013/08/07 22:01:53 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Carla
[2013/08/07 22:01:45 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Jon
[2013/08/07 00:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Datamngr
[2013/08/05 22:59:58 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\Nevada State College _files
[2013/08/01 06:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/31 23:59:17 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Taxes
[2013/07/31 04:58:57 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\DealPlyLive
[2013/07/31 04:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DealPlyLive
[2013/07/31 04:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPlyLive
[2013/07/31 04:58:55 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Dealply
[2013/07/29 00:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013/07/25 01:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/22 20:20:34 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.sys
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/17 21:40:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/08/17 21:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/17 21:11:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
[2013/08/17 21:09:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/17 21:09:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/17 20:55:51 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/17 20:55:51 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/17 20:48:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/17 20:47:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/17 20:47:47 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/15 01:34:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJon Lowry.job
[2013/08/15 01:21:10 | 000,180,567 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Create a Template How to Build a Tree Bench This Old House.htm
[2013/08/15 01:19:45 | 000,073,636 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\The Selkie and the Dragon, by chance, met one day and spoke of things not oft seen, then each went on his way....jpg
[2013/08/15 01:15:56 | 000,002,279 | ---- | M] () -- C:\Users\Jon Lowry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/15 01:15:05 | 003,018,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/15 01:15:05 | 000,944,646 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/15 01:15:05 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/14 15:16:33 | 000,157,033 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\despicable me fabric - BuyCheapr.com.htm
[2013/08/14 15:05:14 | 000,382,221 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\rufflebutt2.jpg
[2013/08/14 15:04:51 | 001,530,459 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\rufflebutt6_2_.jpg
[2013/08/14 15:04:43 | 000,002,544 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\rufflebutt6.jpg
[2013/08/14 15:04:34 | 001,079,897 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\rufflebutt9.jpg
[2013/08/14 15:04:26 | 000,135,146 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\rufflebutt 64.95.jpg
[2013/08/14 15:04:16 | 001,578,485 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\rufflebutt3.jpg
[2013/08/14 00:23:19 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/13 01:15:49 | 003,188,687 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\U. S. Compensation Plan Overview July 2013.pdf
[2013/08/12 23:27:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000UA.job
[2013/08/12 07:09:36 | 000,001,057 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\PC Health Kit.lnk
[2013/08/12 07:08:27 | 000,000,009 | ---- | M] () -- C:\END
[2013/08/12 06:52:26 | 000,112,519 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\A Classy Way to Keep the Bugs Away.htm
[2013/08/12 01:54:56 | 000,055,401 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Health Benefits of Drinking Warm Lemon Water Healthy Food Place.htm
[2013/08/11 21:11:41 | 000,001,068 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\TornTV.lnk
[2013/08/10 21:45:35 | 000,043,898 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\556742_702761169750367_212356274_n.jpg
[2013/08/10 02:17:18 | 000,094,802 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\ACN Digital Phone_ Free Calls and ACN Video Phone.pdf
[2013/08/10 02:00:21 | 000,032,895 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\The Captain's Trove.htm
[2013/08/10 01:56:08 | 000,168,670 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Corn Syrup painting.htm
[2013/08/10 01:53:26 | 000,407,728 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Intuit Small Business Big Game. The Opportunity of a Lifetime..htm
[2013/08/10 01:42:19 | 000,107,632 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Bibs & Booties by simplethingspatterns Sewing Pattern.htm
[2013/08/09 16:40:42 | 000,049,035 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\944599_633693763328035_873798693_n.jpg
[2013/08/09 16:36:12 | 000,000,258 | RHS- | M] () -- C:\Users\Jon Lowry\ntuser.pol
[2013/08/08 02:37:32 | 000,489,063 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Remy Eats Blood Sausage (Food Oddities - www.foododdities.com) - YouTube.htm
[2013/08/08 02:20:07 | 000,096,616 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\WebMD Health Search.htm
[2013/08/08 02:18:21 | 000,136,642 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\GYMNEMA Uses, Side Effects, Interactions and Warnings - WebMD.htm
[2013/08/08 02:18:00 | 000,505,824 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Gymnema Sylvestre - Google Search.htm
[2013/08/08 02:17:09 | 000,014,618 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\gymnema, high blood sugar, low blood sugar, diabetes - Women Living Naturally.htm
[2013/08/07 23:05:59 | 001,150,818 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\crockpot cabbage rolls.htm
[2013/08/07 14:27:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000Core.job
[2013/08/07 03:07:42 | 000,006,144 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/05 22:59:58 | 000,055,958 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Nevada State College .htm
[2013/08/01 06:10:27 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/31 05:12:28 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/07/29 22:09:42 | 000,000,124 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013/07/29 22:07:13 | 004,997,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/27 05:46:52 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/15 01:21:09 | 000,180,567 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Create a Template How to Build a Tree Bench This Old House.htm
[2013/08/15 01:19:45 | 000,073,636 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\The Selkie and the Dragon, by chance, met one day and spoke of things not oft seen, then each went on his way....jpg
[2013/08/14 15:16:33 | 000,157,033 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\despicable me fabric - BuyCheapr.com.htm
[2013/08/14 15:05:14 | 000,382,221 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\rufflebutt2.jpg
[2013/08/14 15:04:51 | 001,530,459 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\rufflebutt6_2_.jpg
[2013/08/14 15:04:43 | 000,002,544 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\rufflebutt6.jpg
[2013/08/14 15:04:34 | 001,079,897 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\rufflebutt9.jpg
[2013/08/14 15:04:26 | 000,135,146 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\rufflebutt 64.95.jpg
[2013/08/14 15:04:15 | 001,578,485 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\rufflebutt3.jpg
[2013/08/14 00:23:19 | 000,002,279 | ---- | C] () -- C:\Users\Jon Lowry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/14 00:23:19 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/13 01:15:49 | 003,188,687 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\U. S. Compensation Plan Overview July 2013.pdf
[2013/08/12 07:09:36 | 000,001,057 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\PC Health Kit.lnk
[2013/08/12 06:52:24 | 000,112,519 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\A Classy Way to Keep the Bugs Away.htm
[2013/08/12 01:54:53 | 000,055,401 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Health Benefits of Drinking Warm Lemon Water Healthy Food Place.htm
[2013/08/11 21:11:41 | 000,001,068 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\TornTV.lnk
[2013/08/10 21:45:33 | 000,043,898 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\556742_702761169750367_212356274_n.jpg
[2013/08/10 02:17:18 | 000,094,802 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\ACN Digital Phone_ Free Calls and ACN Video Phone.pdf
[2013/08/10 02:00:17 | 000,032,895 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\The Captain's Trove.htm
[2013/08/10 01:56:07 | 000,168,670 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Corn Syrup painting.htm
[2013/08/10 01:53:25 | 000,407,728 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Intuit Small Business Big Game. The Opportunity of a Lifetime..htm
[2013/08/10 01:42:18 | 000,107,632 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Bibs & Booties by simplethingspatterns Sewing Pattern.htm
[2013/08/09 16:40:42 | 000,049,035 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\944599_633693763328035_873798693_n.jpg
[2013/08/09 16:37:04 | 000,000,009 | ---- | C] () -- C:\END
[2013/08/08 02:37:31 | 000,489,063 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Remy Eats Blood Sausage (Food Oddities - www.foododdities.com) - YouTube.htm
[2013/08/08 02:20:07 | 000,096,616 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\WebMD Health Search.htm
[2013/08/08 02:18:18 | 000,136,642 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\GYMNEMA Uses, Side Effects, Interactions and Warnings - WebMD.htm
[2013/08/08 02:18:00 | 000,505,824 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Gymnema Sylvestre - Google Search.htm
[2013/08/08 02:17:09 | 000,014,618 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\gymnema, high blood sugar, low blood sugar, diabetes - Women Living Naturally.htm
[2013/08/07 23:05:58 | 001,150,818 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\crockpot cabbage rolls.htm
[2013/08/05 22:59:58 | 000,055,958 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Nevada State College .htm
[2013/08/01 06:10:27 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/29 00:04:18 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013/07/29 00:04:18 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2013/07/29 00:04:18 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013/07/13 00:19:59 | 000,099,384 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\inst.exe
[2013/04/12 11:31:30 | 000,234,280 | ---- | C] () -- C:\Windows\ngmsi.dll
[2013/04/12 11:30:42 | 000,020,776 | ---- | C] () -- C:\Windows\ngutil.exe
[2013/02/15 14:42:41 | 001,042,432 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\chrtmp
[2013/02/07 01:20:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/07 01:20:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/07 01:20:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/07 01:20:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/07 01:20:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/11 15:12:08 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/01/04 21:12:28 | 000,006,144 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/28 17:23:06 | 000,000,049 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE2.dat
[2012/12/28 17:21:45 | 000,000,050 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_loginapplet_LIVE.dat
[2012/12/28 17:21:45 | 000,000,024 | ---- | C] () -- C:\Users\Jon Lowry\random.dat
[2012/12/28 17:20:04 | 000,000,049 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE1.dat
[2012/12/22 20:20:34 | 000,007,859 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.cat
[2012/12/22 20:20:33 | 000,001,167 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.inf
[2012/11/20 18:36:30 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/08/25 12:42:13 | 000,000,258 | RHS- | C] () -- C:\Users\Jon Lowry\ntuser.pol
[2012/05/19 08:48:52 | 000,870,128 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\mcs.rma
[2012/03/31 03:08:06 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2012/03/31 02:32:14 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/03/18 16:06:46 | 000,000,132 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/02 22:10:42 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/07 01:22:56 | 000,000,032 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE.dat
[2011/12/23 16:12:26 | 000,000,097 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Local\fusioncache.dat
[2011/06/03 15:10:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/16 20:50:25 | 000,001,854 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\GhostObjGAFix.xml
[2011/02/06 01:26:14 | 000,000,117 | ---- | C] () -- C:\Users\Jon Lowry\jagex_runescape_preferences2.dat
[2011/02/06 01:24:11 | 000,000,034 | ---- | C] () -- C:\Users\Jon Lowry\jagex_runescape_preferences.dat
[2011/01/29 11:50:13 | 000,000,124 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/11 14:37:55 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\.BitTornado
[2012/06/11 20:41:10 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\.minecraft
[2013/03/11 14:37:55 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\AnvSoft
[2013/07/20 05:01:07 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Aventail
[2011/12/29 05:13:10 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\AVG
[2013/03/11 14:37:55 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\AVG2013
[2013/08/17 20:37:12 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Azureus
[2013/02/07 01:21:58 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Babylon
[2012/06/11 20:24:07 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Barnes & Noble
[2013/03/11 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Blackboard
[2013/02/10 16:39:27 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\calibre
[2012/03/18 19:48:43 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/09 13:01:59 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\com.bitcasa.Bitcasa
[2013/02/07 01:59:14 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Curiolab
[2013/07/31 04:58:55 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Dealply
[2013/08/17 20:46:12 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\DefaultTab
[2013/03/11 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Digiarty
[2013/02/07 01:39:56 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\DriverCure
[2011/06/23 09:01:39 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Encryptomatic, LLC
[2013/06/15 12:53:08 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\FamilyTreeMaker
[2013/06/30 23:30:17 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\GoforFiles
[2011/03/31 13:16:50 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\InterTrust
[2013/08/11 01:24:53 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Jenkat
[2011/11/30 02:38:36 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\MusicNet
[2013/05/23 23:41:33 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Nico Mak Computing
[2013/08/12 07:09:40 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\PC Health Kit
[2013/03/11 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Philips
[2013/03/11 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Philips-Songbird
[2011/06/23 09:01:35 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\PSTViewer
[2013/08/09 16:36:38 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\SearchProtect
[2013/08/07 22:06:45 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\SoftGrid Client
[2013/02/07 01:39:56 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\SpeedyPC Software
[2013/08/12 01:20:28 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Spotify
[2011/01/25 12:49:18 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\TP
[2012/12/08 12:14:27 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\TuneUp Software
[2011/08/18 19:38:14 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Unity
[2013/07/13 00:19:59 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Vso
[2012/01/05 19:25:01 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\wargaming.net
[2012/05/25 07:21:49 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Windows Live Writer
[2012/12/14 07:48:20 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Wondershare Video Converter Platinum
[2012/12/16 13:58:00 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Wondershare Video Converter Ultimate

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/08/08 02:04:05 | 000,000,000 | ---D | M](C:\Users\Jon Lowry\Desktop\? Sea Salt Flush Secrets - YouTube_files) -- C:\Users\Jon Lowry\Desktop\▶ Sea Salt Flush Secrets - YouTube_files
[2013/08/08 02:04:05 | 000,000,000 | ---D | C](C:\Users\Jon Lowry\Desktop\? Sea Salt Flush Secrets - YouTube_files) -- C:\Users\Jon Lowry\Desktop\▶ Sea Salt Flush Secrets - YouTube_files
[2013/08/08 02:04:04 | 000,540,635 | ---- | M] ()(C:\Users\Jon Lowry\Desktop\? Sea Salt Flush Secrets - YouTube.htm) -- C:\Users\Jon Lowry\Desktop\▶ Sea Salt Flush Secrets - YouTube.htm
[2013/08/08 02:04:00 | 000,540,635 | ---- | C] ()(C:\Users\Jon Lowry\Desktop\? Sea Salt Flush Secrets - YouTube.htm) -- C:\Users\Jon Lowry\Desktop\▶ Sea Salt Flush Secrets - YouTube.htm
[2013/08/08 02:03:11 | 000,000,000 | ---D | M](C:\Users\Jon Lowry\Desktop\? The Lemon Diet a Master Cleanse Detox Diet - YouTube_files) -- C:\Users\Jon Lowry\Desktop\▶ The Lemon Diet a Master Cleanse Detox Diet - YouTube_files
[2013/08/08 02:03:10 | 000,466,901 | ---- | M] ()(C:\Users\Jon Lowry\Desktop\? The Lemon Diet a Master Cleanse Detox Diet - YouTube.htm) -- C:\Users\Jon Lowry\Desktop\▶ The Lemon Diet a Master Cleanse Detox Diet - YouTube.htm
[2013/08/08 02:03:10 | 000,000,000 | ---D | C](C:\Users\Jon Lowry\Desktop\? The Lemon Diet a Master Cleanse Detox Diet - YouTube_files) -- C:\Users\Jon Lowry\Desktop\▶ The Lemon Diet a Master Cleanse Detox Diet - YouTube_files
[2013/08/08 02:03:05 | 000,466,901 | ---- | C] ()(C:\Users\Jon Lowry\Desktop\? The Lemon Diet a Master Cleanse Detox Diet - YouTube.htm) -- C:\Users\Jon Lowry\Desktop\▶ The Lemon Diet a Master Cleanse Detox Diet - YouTube.htm

========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:BF3D62E7
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
  • 0

Advertisements


#2
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi , welcome to Geeks to Go. My name is blmadara and I will be helping you with your problems. Please be patient with me as I am still in training and my responses will have to be reviewed by an expert before I can post them.

I'd like to go over some things that will help both of us.

  • Read each of my posts entirely before performing my instructions. It would be helpful if you printed my instructions so you can read and check the steps as you perform them.
  • Follow the steps exactly in the order posted.
  • Please don't be afraid to ask questions. If you don't understand something, let me know before continuing.
  • If you can't perform a certain step, or you're unsure about what to do, please stop and let me know.
  • It is very important that you stay with me until the end so we make sure that we have removed all the bad stuff.
  • Please don't attach any logs to your posts unless I request it. It is easier for me if you copy and paste the logs into your reply.
  • Finally, never fix anything using other programs on your own. This can hinder my ability to see what is wrong with your computer and make it harder to clean your computer.

I am currently reviewing your logs and will reply with instructions as soon as possible. There should be a file called Extras.txt which will be in the same location as OTL. Please post that file as well.
  • 0

#3
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi bigredyeeha,

Step One: Add/Remove Programs

You are using peer-to-peer program(s), specifically BitTornado and Azureus.
These are optional removals. However, anytime you are running any type of peer-to-peer application, you are more prone to infection by malware, and this is probably how you became infected in the first place. The choice to remove them is entirely up to you, but I would strongly recommend that you do.
If you do not want to remove them, please at least refrain from using any peer-to-peer programs for the remainder of my fix.

I recommend that you uninstall the following programs:
BitTornado
Azureus


There is a great tutorial about removing programs in Windows 7 here if you need help.


Step Two: Backup Registry with ERUNT
The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be extremely dangerous if you do not know exactly what you are doing so follow the steps that are listed below exactly. If you cannot perform some of these steps or if you have any questions please ask before proceeding.

Backing Up Your Registry
  • Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Posted Image

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Step Three: OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot


Note: If you are using the pro version or trial version of Malwarebytes 1.6 or higher please disable it for the duration of this fix as it may interfere with the successful execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.



Run OTL
Posted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following (do not copy the word "quote")

    :Commands
    [createrestorepoint]

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{379819C5-082F-406A-9D9E-938B81CA5D95}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.as...q={searchTerms}
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...6-D7D8F8825AFD}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3289663
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...123715&tsp=4967
    IE - HKCU\..\SearchScopes\{26B10A67-3208-40FB-841A-DC8517CF66D6}: "URL" = http://search.condui...q={searchTerms}
    IE - HKCU\..\SearchScopes\{270F17A7-1D21-4C4A-A1C6-8D9CFA32A290}: "URL" = http://search.condui...0229871141&UM=2
    IE - HKCU\..\SearchScopes\{8D0C8EE9-3A00-45F3-8EAA-348A89C4DFB8}: "URL" = http://websearch.ask...4E-D9230A2E5849
    IE - HKCU\..\SearchScopes\{9A597EE9-594F-46B1-A97C-3F277AB0CADE}: "URL" = http://search.avg.co...{language}&nt=1
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search.as...q={searchTerms}
    IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://search.musicf...q={searchTerms}
    IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...6-D7D8F8825AFD}
    [2013/08/09 16:36:37 | 000,000,000 | ---D | M] (KeyBar 1.13) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694}
    [2013/08/12 07:07:44 | 000,000,000 | ---D | M] (InternetHelper3.1) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
    [2013/07/25 01:21:27 | 000,000,000 | ---D | M] (WhiteSmoke New) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
    [2013/03/11 14:37:56 | 000,000,000 | ---D | M] (Playboost Gamebar) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{A79D8B60-1FF0-47F0-8E79-8CDE1FECB0FD}
    [2013/08/12 07:09:14 | 000,000,000 | ---D | M] (SySaver) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\[email protected]
    [2013/06/15 11:06:35 | 000,002,575 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\askcom.xml
    [2013/08/07 00:26:54 | 000,006,507 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\babylon.xml
    [2013/08/12 07:07:44 | 000,001,011 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\conduit.xml
    [2011/06/24 08:01:54 | 000,001,908 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\metacrawler.xml
    [2013/08/12 07:09:07 | 000,000,000 | ---D | M] (SySaver) -- C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
    [2013/05/28 00:40:31 | 000,002,644 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
    O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O2 - BHO: (SySaver) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Jon Lowry\AppData\Local\SySaver\temp.dat File not found
    O2 - BHO: (WinToFlash Suggestor) - {FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKCU..\Run: [PC Health Kit] C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe (PC Health Labs)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
    O9 - Extra Button: WinToFlash Suggestor - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
    O9 - Extra 'Tools' menuitem : WinToFlash Suggestor options - {A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F} - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll (Novicorp LLC)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_04)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
    O20 - AppInit_DLLs: (c:\PROGRA~3\BROWSE~2\261562~1.220\{C16C1~1\BrowserDefender.dll) - c:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
    O34 - HKLM BootExecute: (?\Z:\)
    O34 - HKLM BootExecute: (uto<"*,.bat,m32\acppage.dll,sp.dll,)
    [2013/08/17 20:34:08 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
    [2013/08/17 20:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
    [2013/08/12 07:09:30 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SySaver
    [2013/08/12 07:09:06 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\SySaver
    [2013/08/09 16:36:38 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\SearchProtect
    [2013/08/09 16:36:06 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\DefaultTab
    [2013/08/09 16:35:25 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
    [7 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2 C:\*.tmp files -> C:\*.tmp -> ]
    [2013/08/11 21:11:41 | 000,001,068 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\TornTV.lnk
    [2013/08/09 16:37:04 | 000,000,009 | ---- | C] () -- C:\END
    [2011/12/29 05:13:10 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\AVG
    [2013/02/07 01:21:58 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\Babylon
    [2013/08/12 07:09:40 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\PC Health Kit
    [2013/08/09 16:36:38 | 000,000,000 | ---D | M] -- C:\Users\Jon Lowry\AppData\Roaming\SearchProtect

    :Files
    C:\Program Files (x86)\WinToFlash Suggestor\
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the log it produces in your next reply.
  • Open OTL again, check Scan all Users, click the Run Scan button. Post the log it produces in your next reply.

Step Four: AdwCleaner

Download AdwCleaner from here or here and save it to your desktop.
Run AdwCleaner and select Delete.

Once done it will ask to reboot, allow this.
On reboot a log will be produced, please post it in your next reply.

Step Five: aswMBR

Download aswMBR.exe to your desktop.

  • Double click aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select, No.
  • Click Scan to start the scan.
    Posted Image
  • When the scan ends click Save Log and save it to your desktop.
    Posted Image
  • Post the log in your next reply.


What I need in your next post:
1. Three OTL logs, the one produced by the fix, OTL.txt produced by the new scan and Extras.txt which was produced the first time you ran OTL.
2. The log produced by AdwCleaner.
3. The log produced by aswMBR.
  • 0

#4
bigredyeeha

bigredyeeha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
The OTL fix is hanging at: O34 - HKLM BootExecute: (?\Z:\) and won't go past it. Should I run it in safe mode?
  • 0

#5
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Yes, give safe mode a try and if it doesn't work skip that step and move on.
  • 0

#6
bigredyeeha

bigredyeeha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OTL Fix Log:

All processes killed
========== COMMANDS ==========
Unable to start System Restore Service. Error code 1084
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{379819C5-082F-406A-9D9E-938B81CA5D95}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{379819C5-082F-406A-9D9E-938B81CA5D95}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{26B10A67-3208-40FB-841A-DC8517CF66D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26B10A67-3208-40FB-841A-DC8517CF66D6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{270F17A7-1D21-4C4A-A1C6-8D9CFA32A290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{270F17A7-1D21-4C4A-A1C6-8D9CFA32A290}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8D0C8EE9-3A00-45F3-8EAA-348A89C4DFB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D0C8EE9-3A00-45F3-8EAA-348A89C4DFB8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9A597EE9-594F-46B1-A97C-3F277AB0CADE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A597EE9-594F-46B1-A97C-3F277AB0CADE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Folder C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694}\ not found.
Folder C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ not found.
Folder C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\ not found.
Folder C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{A79D8B60-1FF0-47F0-8E79-8CDE1FECB0FD}\ not found.
Folder C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\[email protected]\ not found.
File C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\askcom.xml not found.
File C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\babylon.xml not found.
File C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\conduit.xml not found.
File C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\metacrawler.xml not found.
Folder C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]\ not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC36B0BD-27F0-4cdd-8AB1-50651EFC3EFD}\ not found.
File C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PC Health Kit not found.
File C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F}\ not found.
File C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A52C66B3-D4A9-4d10-A67D-2BEF0A85AB3F}\ not found.
File C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.dll not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\PROGRA~3\BROWSE~2\261562~1.220\{C16C1~1\BrowserDefender.dll deleted successfully.
File c:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll not found.
C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender folder moved successfully.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings folder moved successfully.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} folder moved successfully.
C:\ProgramData\BrowserDefender\2.6.1562.220 folder moved successfully.
C:\ProgramData\BrowserDefender folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SySaver folder moved successfully.
C:\Users\Jon Lowry\AppData\Local\SySaver folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\SearchProtect\Res folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\SearchProtect folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\DefaultTab folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com folder moved successfully.
C:\Windows\SysWow64\sho1AF9.tmp deleted successfully.
C:\Windows\SysWow64\sho1F3E.tmp deleted successfully.
C:\Windows\SysWow64\sho3CC2.tmp deleted successfully.
C:\Windows\SysWow64\sho7DC8.tmp deleted successfully.
C:\Windows\SysWow64\sho8769.tmp deleted successfully.
C:\Windows\SysWow64\shoF2D5.tmp deleted successfully.
C:\Windows\SysWow64\_r_a_p_.tmp deleted successfully.
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCall.dll deleted successfully.
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla.exe deleted successfully.
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla11.dll deleted successfully.
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla11.exe deleted successfully.
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla2.dll deleted successfully.
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla3.dll deleted successfully.
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla4.dll deleted successfully.
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseData.ini deleted successfully.
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP folder deleted successfully.
C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP\WiseCustomCall.dll deleted successfully.
C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP\WiseCustomCalla2.dll deleted successfully.
C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP\WiseCustomCalla21.dll deleted successfully.
C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP\WiseCustomCalla31.exe deleted successfully.
C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP\WiseCustomCalla32.dll deleted successfully.
C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP\WiseCustomCalla33.dll deleted successfully.
C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP\WiseCustomCalla34.dll deleted successfully.
C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP\WiseCustomCalla37.dll deleted successfully.
C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP\WiseCustomCalla37.exe deleted successfully.
C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP\WiseData.ini deleted successfully.
C:\Windows\6B6C4C461B7E4A419E70ACFBB22B1D81.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\IExp0.tmp folder deleted successfully.
C:\IExp1.tmp folder deleted successfully.
File C:\Users\Jon Lowry\Desktop\TornTV.lnk not found.
C:\END moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\AVG\Track Eraser folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\AVG\Rescue\PC Tuneup 2011 folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\AVG\Rescue folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\AVG\PC Tuneup\User Reports folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\AVG\PC Tuneup\Logs folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\AVG\PC Tuneup folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\AVG\BoostSpeed folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\AVG folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\PC Health Kit\Undo folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\PC Health Kit\Log folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\PC Health Kit\Backup folder moved successfully.
C:\Users\Jon Lowry\AppData\Roaming\PC Health Kit folder moved successfully.
Folder C:\Users\Jon Lowry\AppData\Roaming\SearchProtect\ not found.
========== FILES ==========
C:\Program Files (x86)\WinToFlash Suggestor folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Jon Lowry\Desktop\cmd.bat deleted successfully.
C:\Users\Jon Lowry\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.WOLFLING
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2836 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jon Lowry
->Temp folder emptied: 21234149 bytes
->Temporary Internet Files folder emptied: 6537825 bytes
->Java cache emptied: 68482169 bytes
->FireFox cache emptied: 69247784 bytes
->Google Chrome cache emptied: 334010770 bytes
->Flash cache emptied: 42173 bytes

User: Mcx1-WOLFLING
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-WOLFLING.WOLFLING
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4071171 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 45470537 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 10005484 bytes

Total Files Cleaned = 533.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08212013_013635

Files\Folders moved on Reboot...
C:\Users\Jon Lowry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Jon Lowry\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL Second run log:

OTL logfile created on: 8/21/2013 1:28:07 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jon Lowry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 48.87% Memory free
7.60 Gb Paging File | 5.63 Gb Available in Paging File | 73.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 100.63 Gb Free Space | 22.44% Space Free | Partition Type: NTFS
Drive D: | 17.02 Gb Total Space | 2.45 Gb Free Space | 14.41% Space Free | Partition Type: NTFS

Computer Name: WOLFLING | User Name: Jon Lowry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/17 21:11:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
PRC - [2013/07/24 17:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/01/31 07:10:00 | 000,201,808 | ---- | M] (Somoto) -- C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe
PRC - [2012/02/15 13:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/21 11:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/02 12:14:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 09:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/15 01:45:27 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a65a89dc687715adf46de23e717b842b\IAStorUtil.ni.dll
MOD - [2013/08/15 01:24:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 01:23:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/15 01:23:16 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 01:22:59 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/08/15 01:22:53 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 01:22:49 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/15 01:22:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/24 17:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 17:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 17:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/24 17:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/24 17:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013/07/09 23:26:12 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2011/03/21 11:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 11:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/12 11:29:36 | 000,534,824 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\Windows\SysNative\ngvpnmgr.exe -- (NgVpnMgr)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/08/21 01:13:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/25 01:17:16 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/01 18:13:30 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2012/11/06 20:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/04/16 13:49:30 | 000,082,224 | ---- | M] (ElcomSoft Co. Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv64.exe -- (EWSASERV)
SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/04/12 06:38:40 | 000,103,496 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngvpn.sys -- (NgVpn)
DRV:64bit: - [2013/04/12 06:38:40 | 000,031,304 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nglog.sys -- (NgLog)
DRV:64bit: - [2013/04/12 06:38:40 | 000,028,744 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngwfp.sys -- (NgWfp)
DRV:64bit: - [2013/04/12 06:38:40 | 000,026,184 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ngfilter.sys -- (NgFilter)
DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/10/22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 04:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 04:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 04:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 04:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 04:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/20 16:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012/08/20 16:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2011/11/28 15:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/10/01 02:16:50 | 000,393,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/05 21:04:00 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/05/09 18:09:00 | 000,122,368 | ---- | M] (Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_U_USBSER.sys -- (Generalusbserialser20675)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/01 12:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/02 00:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/08/02 12:14:48 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/07/28 21:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/31 12:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 07:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2010/12/01 12:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/01/28 14:46:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/28 14:46:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/22 18:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{4C6AB4BD-96D7-4335-97AB-C4588C2427C2}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{4FDD993D-F656-4134-8E18-AFCCC84F8912}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{CB469F30-480D-4846-B7EB-63F186F828BD}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {270F17A7-1D21-4C4A-A1C6-8D9CFA32A290}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..\SearchScopes,DefaultScope = {270F17A7-1D21-4C4A-A1C6-8D9CFA32A290}
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....Terms}&ei=UTF-8
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..\SearchScopes\{5FB49AFC-8016-4EB2-A383-78E96790C85E}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jon Lowry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jon Lowry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/26 15:53:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/06/04 06:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/06/04 06:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/06/07 12:46:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/25 01:17:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/06/07 12:46:08 | 000,000,000 | ---D | M]

[2012/03/27 19:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Extensions
[2012/03/27 19:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/08/19 02:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions
[2013/06/30 01:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\[email protected]
[2012/05/25 08:38:16 | 000,031,267 | ---- | M] () (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi
[2013/04/07 15:48:09 | 000,195,574 | ---- | M] () (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/06/24 03:25:59 | 000,002,646 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\Search_Results.xml
[2013/08/19 02:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/07/25 01:17:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/25 01:17:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/03/10 09:58:36 | 000,002,201 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\scenicreflectionstb.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Jon Lowry\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jon Lowry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jon Lowry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Cargo Bridge: Armor Games Edition = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0\
CHR - Extension: CityVille = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgkinlmadnbppnmldahlkmpkopceiepj\1_0\
CHR - Extension: Gmail = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Angry Birds = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Cargo Bridge: Armor Games Edition = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlpiaibleklmjieibbnmkignbggodmmj\2.1.1_0\
CHR - Extension: CityVille = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgkinlmadnbppnmldahlkmpkopceiepj\1_0\
CHR - Extension: Gmail = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/08/21 01:36:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000..\Run: [Facebook Update] C:\Users\Jon Lowry\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000..\Run: [Jenkat Games Arcade] C:\Users\Jon Lowry\AppData\Roaming\Jenkat\Jenkat Games Arcade\JenkatGA.exe ()
O4 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2ECEE45-E66C-43D0-BF61-9B61E89D0E19}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E73B43AB-B625-4EF7-932A-B128EF0F8391}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/07 01:44:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\MOUNTPOINTS2\{A2605C0F-4ED6-11E2-813C-9706E0E15EE0}\SHELL\AUTOPLAY\DROPTARGET)
O34 - HKLM BootExecute: (\Shell\Autoplay\MUIVerb...)
O34 - HKLM BootExecute: (ration))
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/21 01:13:05 | 017,737,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/08/20 20:08:46 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\Allrecipes - Austrian_files
[2013/08/20 20:08:02 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\Allrecipes - German_files
[2013/08/19 23:26:24 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\WinZip
[2013/08/19 23:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Driver Updater
[2013/08/19 23:26:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Driver Updater
[2013/08/19 23:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer
[2013/08/19 23:26:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip Registry Optimizer
[2013/08/19 22:58:55 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\AmazingDesigns_files
[2013/08/19 02:12:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/19 02:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/08/19 02:10:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/08/18 18:42:29 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\calibre-cache
[2013/08/17 21:44:55 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Media Player Classic
[2013/08/17 21:11:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
[2013/08/17 20:48:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/08/17 20:34:18 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\avgchrome
[2013/08/17 20:33:38 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\WebPlayer
[2013/08/15 01:10:39 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/15 01:10:38 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/15 01:10:37 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/15 01:10:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/15 01:10:37 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/15 01:10:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/15 01:10:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/15 01:10:37 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/15 01:10:37 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/15 01:10:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/15 01:10:37 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/15 01:10:35 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/15 01:10:35 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/15 01:10:35 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/15 01:10:34 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/14 00:57:03 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 00:57:03 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 00:57:02 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 00:56:30 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/14 00:56:30 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/14 00:56:29 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/14 00:56:28 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/14 00:56:27 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/14 00:56:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/14 00:56:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/14 00:56:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/14 00:56:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/14 00:56:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/14 00:55:54 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/14 00:55:52 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 00:55:52 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/14 00:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/08/12 07:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit
[2013/08/12 07:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Health Kit
[2013/08/11 01:25:01 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jenkat Games Arcade
[2013/08/11 01:24:53 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Jenkat
[2013/08/11 01:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo Browser Settings
[2013/08/10 01:30:09 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\ACN
[2013/08/07 22:02:00 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Jared
[2013/08/07 22:01:53 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Carla
[2013/08/07 22:01:45 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Jon
[2013/08/07 00:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Datamngr
[2013/08/01 06:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/31 23:59:17 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Taxes
[2013/07/31 04:58:57 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\DealPlyLive
[2013/07/31 04:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DealPlyLive
[2013/07/31 04:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPlyLive
[2013/07/31 04:58:55 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Dealply
[2013/07/29 00:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013/07/25 01:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/22 20:20:34 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/08/21 13:31:29 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/21 13:31:29 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/21 01:36:39 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/08/21 01:34:03 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJon Lowry.job
[2013/08/21 01:29:25 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/08/21 01:29:23 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/21 01:29:23 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\WinZipDriverUpdater_UPDATES.job
[2013/08/21 01:29:22 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/21 01:29:22 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer_UPDATES.job
[2013/08/21 01:29:22 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer_DEFAULT.job
[2013/08/21 01:29:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/21 01:29:08 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/21 01:13:12 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/08/21 01:13:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/21 01:13:05 | 017,737,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/08/21 01:09:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/20 23:27:02 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000UA.job
[2013/08/20 20:08:46 | 000,181,269 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Allrecipes - Austrian.htm
[2013/08/20 20:08:02 | 000,193,573 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Allrecipes - German.htm
[2013/08/19 23:26:17 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\WinZip Driver Updater.lnk
[2013/08/19 23:26:09 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\WinZip Registry Optimizer.lnk
[2013/08/19 23:25:44 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/08/19 23:25:44 | 000,001,848 | ---- | M] () -- C:\Users\Jon Lowry\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/08/19 22:58:55 | 000,059,193 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\AmazingDesigns.htm
[2013/08/19 22:32:57 | 000,086,595 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Detox Water.jpg
[2013/08/19 02:10:47 | 000,000,924 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\NTREGOPT.lnk
[2013/08/18 19:24:33 | 003,094,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/18 19:24:33 | 000,971,070 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/18 19:24:33 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/18 18:41:11 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/08/17 21:11:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
[2013/08/15 01:15:56 | 000,002,279 | ---- | M] () -- C:\Users\Jon Lowry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/14 00:23:19 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/12 07:09:36 | 000,001,057 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\PC Health Kit.lnk
[2013/08/09 16:36:12 | 000,000,258 | RHS- | M] () -- C:\Users\Jon Lowry\ntuser.pol
[2013/08/07 14:27:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000Core.job
[2013/08/07 03:07:42 | 000,006,144 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/01 06:10:27 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/31 05:12:28 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/07/29 22:09:42 | 000,000,124 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013/07/29 22:07:13 | 004,997,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/25 22:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/25 22:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/25 22:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/25 22:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/25 22:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/25 22:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/25 22:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/25 22:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/25 20:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/25 20:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/25 20:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/25 20:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/25 20:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/25 19:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/25 18:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/25 02:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/25 01:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

========== Files Created - No Company Name ==========

[2013/08/20 20:08:46 | 000,181,269 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Allrecipes - Austrian.htm
[2013/08/20 20:08:01 | 000,193,573 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Allrecipes - German.htm
[2013/08/19 23:26:31 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\WinZipDriverUpdater_UPDATES.job
[2013/08/19 23:26:21 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\Registry Optimizer_DEFAULT.job
[2013/08/19 23:26:18 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\Registry Optimizer_UPDATES.job
[2013/08/19 23:26:17 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\WinZip Driver Updater.lnk
[2013/08/19 23:26:09 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\WinZip Registry Optimizer.lnk
[2013/08/19 22:58:54 | 000,059,193 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\AmazingDesigns.htm
[2013/08/19 22:32:57 | 000,086,595 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Detox Water.jpg
[2013/08/19 02:10:47 | 000,000,924 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\NTREGOPT.lnk
[2013/08/14 00:23:19 | 000,002,279 | ---- | C] () -- C:\Users\Jon Lowry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/14 00:23:19 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/12 07:09:36 | 000,001,057 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\PC Health Kit.lnk
[2013/08/01 06:10:27 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/29 00:04:18 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013/07/29 00:04:18 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2013/07/29 00:04:18 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013/07/13 00:19:59 | 000,099,384 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\inst.exe
[2013/04/12 11:31:30 | 000,234,280 | ---- | C] () -- C:\Windows\ngmsi.dll
[2013/04/12 11:30:42 | 000,020,776 | ---- | C] () -- C:\Windows\ngutil.exe
[2013/02/15 14:42:41 | 001,042,432 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\chrtmp
[2013/02/07 01:20:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/07 01:20:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/07 01:20:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/07 01:20:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/07 01:20:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/11 15:12:08 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/01/04 21:12:28 | 000,006,144 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/28 17:23:06 | 000,000,049 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE2.dat
[2012/12/28 17:21:45 | 000,000,050 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_loginapplet_LIVE.dat
[2012/12/28 17:21:45 | 000,000,024 | ---- | C] () -- C:\Users\Jon Lowry\random.dat
[2012/12/28 17:20:04 | 000,000,049 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE1.dat
[2012/12/22 20:20:34 | 000,007,859 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.cat
[2012/12/22 20:20:33 | 000,001,167 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.inf
[2012/11/20 18:36:30 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/08/25 12:42:13 | 000,000,258 | RHS- | C] () -- C:\Users\Jon Lowry\ntuser.pol
[2012/05/19 08:48:52 | 000,870,128 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\mcs.rma
[2012/03/31 03:08:06 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2012/03/31 02:32:14 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/03/18 16:06:46 | 000,000,132 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/02 22:10:42 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/07 01:22:56 | 000,000,032 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE.dat
[2011/12/23 16:12:26 | 000,000,097 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Local\fusioncache.dat
[2011/06/03 15:10:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/16 20:50:25 | 000,001,854 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\GhostObjGAFix.xml
[2011/02/06 01:26:14 | 000,000,117 | ---- | C] () -- C:\Users\Jon Lowry\jagex_runescape_preferences2.dat
[2011/02/06 01:24:11 | 000,000,034 | ---- | C] () -- C:\Users\Jon Lowry\jagex_runescape_preferences.dat
[2011/01/29 11:50:13 | 000,000,124 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:BF3D62E7
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >


I am unable to locate the extras log.

ADW Log:

# AdwCleaner v3.000 - Report created 21/08/2013 at 14:03:06
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jon Lowry - WOLFLING
# Running from : C:\Users\Jon Lowry\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\DealPlyLive
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Deleted : C:\Program Files (x86)\1ClickDownload
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DealPlyLive
Folder Deleted : C:\Program Files (x86)\FilesFrog Update Checker
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Program Files (x86)\Wondershare
Folder Deleted : C:\Program Files (x86)\Common Files\Wondershare
Folder Deleted : C:\Windows\System32\ARFC
Folder Deleted : C:\Users\Jon Lowry\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Jon Lowry\AppData\Local\Conduit
Folder Deleted : C:\Users\Jon Lowry\AppData\Local\DealPlyLive
Folder Deleted : C:\Users\Jon Lowry\AppData\Local\PackageAware
Folder Deleted : C:\Users\Jon Lowry\AppData\Local\Supreme Savings
Folder Deleted : C:\Users\Jon Lowry\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Jon Lowry\AppData\Local\Wondershare
Folder Deleted : C:\Users\Jon Lowry\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Jon Lowry\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jon Lowry\AppData\LocalLow\delta
Folder Deleted : C:\Users\Jon Lowry\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Jon Lowry\AppData\Roaming\DealPly
Folder Deleted : C:\Users\Jon Lowry\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Folder Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\jetpack
Folder Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\SweetPacksToolbarData
File Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\Search_Results.xml
File Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\user.js
File Deleted : C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbajpeofkjjeiamcglnmldoboonfkiol
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Iminent.Mediator.Communication.DataContracts.TestContentCommand
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer
Key Deleted : HKLM\SOFTWARE\Classes\SMBarBroker.SMBarDealer.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKCU\Software\5953dfd9bd6aee40
Key Deleted : HKLM\SOFTWARE\5953dfd9bd6aee40
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43769158-3B03-4932-8D8A-8F0F344BF024}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{503E067F-2914-4EDD-8432-2D6C52635E23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6492E171-2427-4932-B414-33574A089F5E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{503E067F-2914-4EDD-8432-2D6C52635E23}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Somoto
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\Software\iMeshSRTB
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Supreme Savings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\WNLT

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "2e109f21000000000000ac81121c065c");
Line Deleted : user_pref("extensions.delta.instlDay", "15924");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.22.0");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.22.00:27:03");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.22.0");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=123715&tsp=4967");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [12756 octets] - [21/08/2013 13:56:16]
AdwCleaner[R1].txt - [12817 octets] - [21/08/2013 14:02:29]
AdwCleaner[S0].txt - [12134 octets] - [21/08/2013 14:03:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12195 octets] ##########

ASWMBR Log:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-21 14:34:06
-----------------------------
14:34:06.342 OS Version: Windows x64 6.1.7601 Service Pack 1
14:34:06.343 Number of processors: 2 586 0x2505
14:34:06.343 ComputerName: WOLFLING UserName:
14:34:07.946 Initialize success
14:34:30.501 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:34:30.505 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 3
14:34:30.641 Disk 0 MBR read successfully
14:34:30.645 Disk 0 MBR scan
14:34:30.650 Disk 0 unknown MBR code
14:34:30.664 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
14:34:30.680 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459212 MB offset 409600
14:34:30.714 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17424 MB offset 940875776
14:34:30.739 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
14:34:30.902 Disk 0 scanning C:\Windows\system32\drivers
14:34:40.218 Service scanning
14:35:27.978 Modules scanning
14:35:27.994 Disk 0 trace - called modules:
14:35:28.016 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:35:28.027 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80050e1060]
14:35:28.038 3 CLASSPNP.SYS[fffff88001bbb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f49050]
14:35:28.048 Scan finished successfully
14:35:40.009 Disk 0 MBR has been saved successfully to "C:\Users\Jon Lowry\Desktop\MBR.dat"
14:35:40.015 The log file has been saved successfully to "C:\Users\Jon Lowry\Desktop\aswMBR.txt"
  • 0

#7
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi bigredyeeha,

I noticed that you installed WinZip Registry Optimizer recently. The use of registry cleaners will not increase your system's speed and could harm your registry so badly that your PC no longer boots. I strongly advise against their use as they tend to do more harm than good. Please refrain from using WinZip Registry Optimizer and any other malware removal program while I am helping you with your computer.

For more information about Registry Cleaning Tools, read this.

I've also noticed that you have recently downloaded Vuze. This is another peer to peer program like Bit Tornado and Azureus which I suggested you uninstall in my previous post. I must insist that you refrain from using all 3 of these programs until we are finished removing the malware from your computer. The downloads from these programs are what is likely causing your repeated infections and I'm just wasting my time if you use them before we are finished.

Step One: OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot


Note: If you are using the pro version or trial version of Malwarebytes 1.6 or higher please disable it for the duration of this fix as it may interfere with the successful execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.

Run OTL
Posted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following (do not copy the word "quote")

    :Commands
    [createrestorepoint]

    :OTL
    PRC - [2013/01/31 07:10:00 | 000,201,808 | ---- | M] (Somoto) -- C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
    FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
    [2013/06/30 01:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\[email protected]
    [2013/04/07 15:48:09 | 000,195,574 | ---- | M] () (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
    [2012/05/25 08:38:16 | 000,031,267 | ---- | M] () (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi
    [2013/06/24 03:25:59 | 000,002,646 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\Search_Results.xml
    O4 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe (Somoto)
    O34 - HKLM BootExecute: (SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\MOUNTPOINTS2\{A2605C0F-4ED6-11E2-813C-9706E0E15EE0}\SHELL\AUTOPLAY\DROPTARGET)
    O34 - HKLM BootExecute: (\Shell\Autoplay\MUIVerb...)
    O34 - HKLM BootExecute: (ration))
    [2013/08/12 07:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit
    [2013/08/12 07:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Health Kit
    [2013/08/07 00:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Datamngr
    [2013/07/31 04:58:57 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\DealPlyLive
    [2013/07/31 04:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DealPlyLive
    [2013/07/31 04:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPlyLive
    [2013/07/31 04:58:55 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Dealply
    [2013/08/21 01:29:22 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer_UPDATES.job
    [2013/08/21 01:29:22 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer_DEFAULT.job
    [2013/08/19 23:26:17 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\WinZip Driver Updater.lnk
    [2013/08/19 23:26:09 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\WinZip Registry Optimizer.lnk
    [2013/08/19 23:26:31 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\WinZipDriverUpdater_UPDATES.job
    [2013/08/12 07:09:36 | 000,001,057 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\PC Health Kit.lnk

    :Files
    C:\Program Files (x86)\FilesFrog Update Checker
    C:\PROGRAM FILES\WEB ASSISTANT
    C:\Program Files\Updater By SweetPacks
    ipconfig /release /c
    ipconfig /renew /c
    ipconfig /flushdns /c
    netsh winsock reset all /c
    netsh int ip reset all /c

    :Commands
    [resethosts]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the log it produces in your next reply.
  • Open OTL again.
  • Under Extra Registry heading, select Use Safelist.
  • click the Run Scan button. Post both logs it produces in your next reply.

Step Two: Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here or here

Double Click mbam-setup.exe to install the application. Please do not accept the trial right now.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step Three: Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Right click SecurityCheck.exe, select Run as administrator, and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step Four: What problems remain?

Please let me know how your computer is running and what specific problems remain.

What I need in your next post:
1. 3 OTL logs, the one produced by the fix, and Extras.txt and OTL.txt logs produced by the new scan.
2. The report produced by MBAM.
3. The report produced by Security Check, checkup.txt
4. Please let me know how your computer is running and what specific problems remain.

.
  • 0

#8
bigredyeeha

bigredyeeha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
ok, After the last things you have had me run, search.conduit is back. Two weird programs, Webcake Desktop startup manager and PC Speed up now start on boot up. We did not install either of these. Also, sometong called desktop 365 wants to mange my icons, which we also did not install.

OTL Fix log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named update_checker.exe was found!
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
File C:\Program Files\Updater By SweetPacks\Firefox not found.
Registry value HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58bd07eb-0ee0-4df0-8121-dc9b693373df}\ not found.
File C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension not found.
File C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\[email protected] not found.
File C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi not found.
File C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{285ACFBB-8E53-4feb-90E6-F02A128927F3}.xpi not found.
File C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\Search_Results.xml not found.
Registry value HKEY_USERS\S-1-5-21-538650268-2924358156-1730836174-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SDP not found.
File C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit folder moved successfully.
C:\Program Files (x86)\PC Health Kit folder moved successfully.
C:\ProgramData\Datamngr folder moved successfully.
Folder C:\Users\Jon Lowry\AppData\Local\DealPlyLive\ not found.
Folder C:\ProgramData\DealPlyLive\ not found.
Folder C:\Program Files (x86)\DealPlyLive\ not found.
Folder C:\Users\Jon Lowry\AppData\Roaming\Dealply\ not found.
C:\Windows\Tasks\Registry Optimizer_UPDATES.job moved successfully.
C:\Windows\Tasks\Registry Optimizer_DEFAULT.job moved successfully.
File C:\Users\Public\Desktop\WinZip Driver Updater.lnk not found.
C:\Users\Public\Desktop\WinZip Registry Optimizer.lnk moved successfully.
File C:\Windows\tasks\WinZipDriverUpdater_UPDATES.job not found.
C:\Users\Jon Lowry\Desktop\PC Health Kit.lnk moved successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\FilesFrog Update Checker not found.
File\Folder C:\PROGRAM FILES\WEB ASSISTANT not found.
File\Folder C:\Program Files\Updater By SweetPacks not found.
< ipconfig /release /c >
Windows IP Configuration
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::9517:185a:43a5:c2aa%11
Default Gateway . . . . . . . . . :
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.local.tld:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{A2ECEE45-E66C-43D0-BF61-9B61E89D0E19}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 26:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:872:2c30:3f57:fff9
Link-local IPv6 Address . . . . . : fe80::872:2c30:3f57:fff9%35
Default Gateway . . . . . . . . . : ::
C:\Users\Jon Lowry\Desktop\cmd.bat deleted successfully.
C:\Users\Jon Lowry\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::9517:185a:43a5:c2aa%11
IPv4 Address. . . . . . . . . . . : 192.168.0.6
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.local.tld:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 26:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:c6:21d2:3f57:fff9
Link-local IPv6 Address . . . . . : fe80::c6:21d2:3f57:fff9%35
Default Gateway . . . . . . . . . : ::
C:\Users\Jon Lowry\Desktop\cmd.bat deleted successfully.
C:\Users\Jon Lowry\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jon Lowry\Desktop\cmd.bat deleted successfully.
C:\Users\Jon Lowry\Desktop\cmd.txt deleted successfully.
< netsh winsock reset all /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Jon Lowry\Desktop\cmd.bat deleted successfully.
C:\Users\Jon Lowry\Desktop\cmd.txt deleted successfully.
< netsh int ip reset all /c >
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\Jon Lowry\Desktop\cmd.bat deleted successfully.
C:\Users\Jon Lowry\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.WOLFLING
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jon Lowry
->Temp folder emptied: 23572041 bytes
->Temporary Internet Files folder emptied: 29771131 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2206876 bytes
->Google Chrome cache emptied: 330209002 bytes
->Flash cache emptied: 26 bytes

User: Mcx1-WOLFLING
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-WOLFLING.WOLFLING
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2559653 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 370.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08232013_212537

Files\Folders moved on Reboot...
C:\Users\Jon Lowry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Jon Lowry\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

OTL New Scan log:

OTL logfile created on: 8/23/2013 9:26:49 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jon Lowry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 60.61% Memory free
7.60 Gb Paging File | 5.89 Gb Available in Paging File | 77.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 92.06 Gb Free Space | 20.53% Space Free | Partition Type: NTFS
Drive D: | 17.02 Gb Total Space | 2.45 Gb Free Space | 14.41% Space Free | Partition Type: NTFS

Computer Name: WOLFLING | User Name: Jon Lowry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/23 21:36:16 | 000,979,024 | ---- | M] (337 Technology Limited.) -- C:\Program Files (x86)\Desk 365\desk365.exe
PRC - [2013/08/23 21:36:16 | 000,424,016 | ---- | M] (337 Technology Limited.) -- C:\Program Files (x86)\Desk 365\deskSvc.exe
PRC - [2013/08/23 21:36:14 | 000,301,120 | ---- | M] (Wsys Co., Ltd.) -- C:\ProgramData\eSafe\eGdpSvc.exe
PRC - [2013/08/23 12:33:36 | 000,022,528 | ---- | M] () -- C:\Program Files (x86)\BasicServe\basicserve.exe
PRC - [2013/08/17 21:11:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
PRC - [2013/08/14 16:06:32 | 000,051,992 | ---- | M] (cake bake) -- C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe
PRC - [2013/08/14 16:06:32 | 000,050,968 | ---- | M] (WebCake LLC) -- C:\Users\Jon Lowry\AppData\Roaming\Tepfel\WebCakeDesktop.exe
PRC - [2013/07/24 17:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/12/14 14:13:34 | 000,320,448 | ---- | M] () -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe
PRC - [2012/02/15 13:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/21 11:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/02 12:14:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 09:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/23 21:39:05 | 001,310,720 | ---- | M] () -- C:\Program Files (x86)\BasicServe\basicserve.dll
MOD - [2013/08/23 21:36:16 | 000,232,016 | ---- | M] () -- C:\Program Files (x86)\Desk 365\edeskcmn.dll
MOD - [2013/08/23 21:36:16 | 000,181,840 | ---- | M] () -- C:\Program Files (x86)\Desk 365\libpng.dll
MOD - [2013/08/23 21:36:16 | 000,145,488 | ---- | M] () -- C:\Program Files (x86)\Desk 365\enotify.dll
MOD - [2013/08/23 21:36:16 | 000,099,408 | ---- | M] () -- C:\Program Files (x86)\Desk 365\mbdet.dll
MOD - [2013/08/23 21:36:16 | 000,068,176 | ---- | M] () -- C:\Program Files (x86)\Desk 365\libpopdlg.dll
MOD - [2013/08/15 01:45:27 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a65a89dc687715adf46de23e717b842b\IAStorUtil.ni.dll
MOD - [2013/08/15 01:24:12 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8dc1c182cd1f10cd2abcfecd01fe9eeb\System.Web.ni.dll
MOD - [2013/08/15 01:24:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 01:23:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/15 01:23:16 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 01:22:59 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/08/15 01:22:53 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 01:22:49 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/15 01:22:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/24 17:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 17:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 17:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/24 17:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/24 17:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013/07/21 15:48:15 | 002,052,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/07/21 15:48:15 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/07/09 23:26:12 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/04/19 15:55:06 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2012/10/05 03:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/03/21 11:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 11:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/12 11:29:36 | 000,534,824 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\Windows\SysNative\ngvpnmgr.exe -- (NgVpnMgr)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/08/23 21:36:16 | 000,424,016 | ---- | M] (337 Technology Limited.) [Auto | Running] -- C:\Program Files (x86)\Desk 365\deskSvc.exe -- (desksvc)
SRV - [2013/08/23 21:36:14 | 000,301,120 | ---- | M] (Wsys Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\eGdpSvc.exe -- (WsysSvc)
SRV - [2013/08/23 12:33:36 | 000,022,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BasicServe\basicserve.exe -- (BasicServe Service)
SRV - [2013/08/21 01:13:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 16:06:32 | 000,051,992 | ---- | M] (cake bake) [Auto | Running] -- C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe -- (WebCakeUpdater)
SRV - [2013/07/25 01:17:16 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/01 18:13:30 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2012/12/14 14:13:34 | 000,320,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PC Speed Up\PCSUService.exe -- (PCSUService)
SRV - [2012/11/06 20:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/04/16 13:49:30 | 000,082,224 | ---- | M] (ElcomSoft Co. Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv64.exe -- (EWSASERV)
SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/04/12 06:38:40 | 000,103,496 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngvpn.sys -- (NgVpn)
DRV:64bit: - [2013/04/12 06:38:40 | 000,031,304 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nglog.sys -- (NgLog)
DRV:64bit: - [2013/04/12 06:38:40 | 000,028,744 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngwfp.sys -- (NgWfp)
DRV:64bit: - [2013/04/12 06:38:40 | 000,026,184 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ngfilter.sys -- (NgFilter)
DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/10/22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 04:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 04:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 04:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 04:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 04:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/20 16:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012/08/20 16:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2011/11/28 15:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/10/01 02:16:50 | 000,393,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/05 21:04:00 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/05/09 18:09:00 | 000,122,368 | ---- | M] (Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_U_USBSER.sys -- (Generalusbserialser20675)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/01 12:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/02 00:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/08/02 12:14:48 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/07/28 21:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/31 12:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 07:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2010/12/01 12:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/01/28 14:46:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/28 14:46:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/22 18:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{4C6AB4BD-96D7-4335-97AB-C4588C2427C2}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{4FDD993D-F656-4134-8E18-AFCCC84F8912}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{CB469F30-480D-4846-B7EB-63F186F828BD}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {da51d4f6-3e7e-4ef8-b400-9198e0874606} - C:\Program Files (x86)\KeyBar_1.14\prxtbKeyB.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {D7F076EF-8D8C-4DBC-A8B8-B7DF004B5C6F}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3291327
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {da51d4f6-3e7e-4ef8-b400-9198e0874606} - C:\Program Files (x86)\KeyBar_1.14\prxtbKeyB.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {D7F076EF-8D8C-4DBC-A8B8-B7DF004B5C6F}
IE - HKCU\..\SearchScopes\{47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF}: "URL" = http://www.basicserv...s={searchTerms}
IE - HKCU\..\SearchScopes\{5FB49AFC-8016-4EB2-A383-78E96790C85E}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{D7F076EF-8D8C-4DBC-A8B8-B7DF004B5C6F}: "URL" = http://search.condui...6832811610&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..CT3291327.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "KeyBar 1.14 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "KeyBar 1.14 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "KeyBar 1.14 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://search.condui...661793&UM=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jon Lowry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jon Lowry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/26 15:53:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/06/04 06:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/06/04 06:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/06/07 12:46:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/25 01:17:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/06/07 12:46:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\[email protected]: C:\Program Files (x86)\LyricSing\128.xpi [2013/08/23 21:35:08 | 000,006,223 | ---- | M] ()

[2012/03/27 19:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Extensions
[2012/03/27 19:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/08/23 21:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions
[2013/08/23 21:35:22 | 000,000,000 | ---D | M] (KeyBar 1.14) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{da51d4f6-3e7e-4ef8-b400-9198e0874606}
[2013/08/23 21:35:58 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\[email protected]
[2013/08/23 21:35:23 | 000,000,999 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\conduit.xml
[2013/08/19 02:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/08/23 21:39:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/23 21:39:08 | 000,000,000 | ---D | M] (BasicServe) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
[2013/07/25 01:17:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/03/10 09:58:36 | 000,002,201 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\scenicreflectionstb.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...=CT3291327&UM=2
CHR - default_search_provider: suggest_url = http://suggest.searc...4002980619&UM=2
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Jon Lowry\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jon Lowry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jon Lowry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Web Cake = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\
CHR - Extension: Gmail = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Drive = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Web Cake = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh\1.0.3_0\
CHR - Extension: Gmail = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/23 21:26:36 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (LyricsSing) - {145ae49d-519a-4796-bbd0-bc58fe3363bc} - C:\Program Files (x86)\LyricSing\128.dll (LyricsSing)
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\Tepfel\WebCakeIEClient.dll (Bake-Cake)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (KeyBar 1.14 Toolbar) - {da51d4f6-3e7e-4ef8-b400-9198e0874606} - C:\Program Files (x86)\KeyBar_1.14\prxtbKeyB.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (KeyBar 1.14 Toolbar) - {da51d4f6-3e7e-4ef8-b400-9198e0874606} - C:\Program Files (x86)\KeyBar_1.14\prxtbKeyB.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKCU..\Run: [ConduitFloatingPlugin_dnmlhhbehhdmajijfenoldcajelckpmn] C:\Program Files (x86)\Conduit\CT3291327\plugins\TBVerifier.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Desk 365] C:\Program Files (x86)\Desk 365\desk365.exe (337 Technology Limited.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Jon Lowry\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Jenkat Games Arcade] C:\Users\Jon Lowry\AppData\Roaming\Jenkat\Jenkat Games Arcade\JenkatGA.exe ()
O4 - HKCU..\Run: [PCSpeedUp] C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe ()
O4 - HKCU..\Run: [WebCake Desktop] C:\Users\Jon Lowry\AppData\Roaming\Tepfel\WebCakeDesktop.exe (WebCake LLC)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2ECEE45-E66C-43D0-BF61-9B61E89D0E19}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E73B43AB-B625-4EF7-932A-B128EF0F8391}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/07 01:44:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (兠y)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/23 21:37:17 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\PCSpeedUp
[2013/08/23 21:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
[2013/08/23 21:36:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Speed Up
[2013/08/23 21:36:47 | 000,000,000 | ---D | C] -- C:\ProgramData\BasicServe
[2013/08/23 21:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BasicServe
[2013/08/23 21:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\337
[2013/08/23 21:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365
[2013/08/23 21:36:17 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Desk 365
[2013/08/23 21:36:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desk 365
[2013/08/23 21:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013/08/23 21:35:53 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Tepfel
[2013/08/23 21:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tepfel
[2013/08/23 21:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/08/23 21:35:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyBar_1.14
[2013/08/23 21:35:38 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\Conduit
[2013/08/23 21:35:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/08/23 21:35:23 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\SearchProtect
[2013/08/23 21:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LyricSing
[2013/08/22 12:57:24 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\sugar-free-gummy-worms-75525_files
[2013/08/21 13:56:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/21 01:13:05 | 017,737,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/08/20 20:08:46 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\Allrecipes - Austrian_files
[2013/08/20 20:08:02 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\Allrecipes - German_files
[2013/08/19 02:12:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/19 02:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/08/19 02:10:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/08/18 18:42:29 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\calibre-cache
[2013/08/17 21:44:55 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Media Player Classic
[2013/08/17 21:11:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
[2013/08/17 20:48:48 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/08/17 20:34:18 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\avgchrome
[2013/08/17 20:33:38 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\WebPlayer
[2013/08/15 01:10:39 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/15 01:10:38 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/15 01:10:37 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/15 01:10:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/15 01:10:37 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/15 01:10:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/15 01:10:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/15 01:10:37 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/15 01:10:37 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/15 01:10:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/15 01:10:37 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/15 01:10:35 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/15 01:10:35 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/15 01:10:35 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/15 01:10:34 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/14 00:57:03 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 00:57:03 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 00:57:02 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 00:56:30 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/14 00:56:30 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/14 00:56:29 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/14 00:56:28 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/14 00:56:27 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/14 00:56:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/14 00:56:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/14 00:56:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/14 00:56:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/14 00:56:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/14 00:55:54 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/14 00:55:52 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 00:55:52 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/14 00:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/08/11 01:25:01 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jenkat Games Arcade
[2013/08/11 01:24:53 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Jenkat
[2013/08/11 01:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo Browser Settings
[2013/08/10 01:30:09 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\ACN
[2013/08/07 22:02:00 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Jared
[2013/08/07 22:01:53 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Carla
[2013/08/07 22:01:45 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Jon
[2013/08/01 06:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/31 23:59:17 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Taxes
[2013/07/29 00:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013/07/25 01:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/22 20:20:34 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/08/23 22:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/23 22:09:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/23 21:55:04 | 000,025,083 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Teddy Graham Race cars.jpg
[2013/08/23 21:52:46 | 000,089,314 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\1236877_510148929075732_679244080_n.jpg
[2013/08/23 21:36:55 | 000,001,048 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\PC Speed Up.lnk
[2013/08/23 21:36:51 | 000,000,000 | ---- | M] () -- C:\ProgramData\3f263f32233b372f_c
[2013/08/23 21:36:16 | 000,773,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2013/08/23 21:36:16 | 000,420,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2013/08/23 21:35:54 | 000,000,009 | ---- | M] () -- C:\END
[2013/08/23 21:32:12 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/23 21:32:11 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/23 21:26:36 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/08/23 21:25:05 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\LyricsSing Update.job
[2013/08/23 21:21:37 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/23 21:21:33 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\PC SpeedUp Service Deactivator.job
[2013/08/23 21:21:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/23 21:21:15 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/23 17:27:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000UA.job
[2013/08/23 16:55:25 | 000,029,668 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\game of thrones drinking game.jpg
[2013/08/23 13:34:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJon Lowry.job
[2013/08/22 13:33:17 | 000,043,686 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\SIP THE SHRINKER.jpg
[2013/08/22 13:25:50 | 003,107,118 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/22 13:25:50 | 000,975,474 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/22 13:25:50 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/22 12:57:24 | 000,247,552 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\sugar-free-gummy-worms-75525.htm
[2013/08/21 14:27:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000Core.job
[2013/08/21 01:13:12 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/08/21 01:13:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/21 01:13:05 | 017,737,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/08/20 20:08:46 | 000,181,269 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Allrecipes - Austrian.htm
[2013/08/20 20:08:02 | 000,193,573 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Allrecipes - German.htm
[2013/08/19 23:25:44 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/08/19 23:25:44 | 000,001,848 | ---- | M] () -- C:\Users\Jon Lowry\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/08/19 22:32:57 | 000,086,595 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Detox Water.jpg
[2013/08/19 02:10:47 | 000,000,924 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\NTREGOPT.lnk
[2013/08/18 18:41:11 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/08/17 21:11:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
[2013/08/15 01:15:56 | 000,002,279 | ---- | M] () -- C:\Users\Jon Lowry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/14 00:23:19 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/09 16:36:12 | 000,000,258 | RHS- | M] () -- C:\Users\Jon Lowry\ntuser.pol
[2013/08/07 03:07:42 | 000,006,144 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/01 06:10:27 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/31 05:12:28 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/07/29 22:09:42 | 000,000,124 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013/07/29 22:07:13 | 004,997,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/25 22:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/25 22:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/25 22:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/25 22:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/25 22:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/25 22:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/25 22:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/25 22:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/25 20:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/25 20:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/25 20:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/25 20:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/25 20:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/25 19:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/25 18:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/25 02:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/25 01:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

========== Files Created - No Company Name ==========

[2013/08/23 21:55:04 | 000,025,083 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Teddy Graham Race cars.jpg
[2013/08/23 21:52:46 | 000,089,314 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\1236877_510148929075732_679244080_n.jpg
[2013/08/23 21:36:57 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\PC SpeedUp Service Deactivator.job
[2013/08/23 21:36:55 | 000,001,048 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\PC Speed Up.lnk
[2013/08/23 21:36:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\3f263f32233b372f_c
[2013/08/23 21:35:08 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\LyricsSing Update.job
[2013/08/23 21:35:05 | 000,000,009 | ---- | C] () -- C:\END
[2013/08/23 16:55:24 | 000,029,668 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\game of thrones drinking game.jpg
[2013/08/22 13:33:16 | 000,043,686 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\SIP THE SHRINKER.jpg
[2013/08/22 12:57:22 | 000,247,552 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\sugar-free-gummy-worms-75525.htm
[2013/08/20 20:08:46 | 000,181,269 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Allrecipes - Austrian.htm
[2013/08/20 20:08:01 | 000,193,573 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Allrecipes - German.htm
[2013/08/19 22:32:57 | 000,086,595 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Detox Water.jpg
[2013/08/19 02:10:47 | 000,000,924 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\NTREGOPT.lnk
[2013/08/14 00:23:19 | 000,002,279 | ---- | C] () -- C:\Users\Jon Lowry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/14 00:23:19 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/01 06:10:27 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/29 00:04:18 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013/07/29 00:04:18 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2013/07/29 00:04:18 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013/07/13 00:19:59 | 000,099,384 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\inst.exe
[2013/04/12 11:31:30 | 000,234,280 | ---- | C] () -- C:\Windows\ngmsi.dll
[2013/04/12 11:30:42 | 000,020,776 | ---- | C] () -- C:\Windows\ngutil.exe
[2013/02/15 14:42:41 | 001,042,432 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\chrtmp
[2013/02/07 01:20:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/07 01:20:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/07 01:20:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/07 01:20:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/07 01:20:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/11 15:12:08 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/01/04 21:12:28 | 000,006,144 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/28 17:23:06 | 000,000,049 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE2.dat
[2012/12/28 17:21:45 | 000,000,050 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_loginapplet_LIVE.dat
[2012/12/28 17:21:45 | 000,000,024 | ---- | C] () -- C:\Users\Jon Lowry\random.dat
[2012/12/28 17:20:04 | 000,000,049 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE1.dat
[2012/12/22 20:20:34 | 000,007,859 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.cat
[2012/12/22 20:20:33 | 000,001,167 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.inf
[2012/11/20 18:36:30 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/08/25 12:42:13 | 000,000,258 | RHS- | C] () -- C:\Users\Jon Lowry\ntuser.pol
[2012/05/19 08:48:52 | 000,870,128 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\mcs.rma
[2012/03/31 03:08:06 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2012/03/31 02:32:14 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/03/18 16:06:46 | 000,000,132 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/02 22:10:42 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/07 01:22:56 | 000,000,032 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE.dat
[2011/12/23 16:12:26 | 000,000,097 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Local\fusioncache.dat
[2011/06/03 15:10:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/16 20:50:25 | 000,001,854 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\GhostObjGAFix.xml
[2011/02/06 01:26:14 | 000,000,117 | ---- | C] () -- C:\Users\Jon Lowry\jagex_runescape_preferences2.dat
[2011/02/06 01:24:11 | 000,000,034 | ---- | C] () -- C:\Users\Jon Lowry\jagex_runescape_preferences.dat
[2011/01/29 11:50:13 | 000,000,124 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:BF3D62E7
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >


OTL Extras log:

OTL Extras logfile created on: 8/23/2013 9:26:49 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jon Lowry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 60.61% Memory free
7.60 Gb Paging File | 5.89 Gb Available in Paging File | 77.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 92.06 Gb Free Space | 20.53% Space Free | Partition Type: NTFS
Drive D: | 17.02 Gb Total Space | 2.45 Gb Free Space | 14.41% Space Free | Partition Type: NTFS

Computer Name: WOLFLING | User Name: Jon Lowry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0476D2FE-6E66-4C03-AA81-046D8CD858CA}" = lport=138 | protocol=17 | dir=in | app=system |
"{165D5528-2C3E-4725-9704-F68B57706BB3}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{17BF4FBC-7C34-4D8F-A5E2-72DFC8E66EDB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1BCB86E3-51BB-4BAC-8973-9F2987EEA1AD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{28D61982-7CCE-4AA5-A0AA-9A6CEDDE2446}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3921227A-63CC-4834-ACBE-29B618DC79FD}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3F1B8405-7C8B-4F50-977F-B09B4914F735}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40EE730A-0A3D-4BF2-8316-222D8032B664}" = lport=10244 | protocol=6 | dir=in | app=system |
"{41032C77-A627-4C30-8974-5EC38EAD0F39}" = lport=2869 | protocol=6 | dir=in | app=system |
"{432350B7-7905-43A3-BC03-9C6086D09D43}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{44D47A6E-178B-4377-B40F-AC88727A4E1D}" = rport=138 | protocol=17 | dir=out | app=system |
"{48766FCA-8604-46ED-BBA8-5BFF5ABB0AAE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{594831E8-A868-47D9-9204-FE73B94ACD63}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C83818D-EB0D-4DC5-9FBC-1D59A17901D3}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5E6C7592-5DAD-46E5-A403-EA3B28EE8728}" = lport=54603 | protocol=6 | dir=in | name=akamai netsession interface |
"{6ADDB0F6-A316-453F-83AA-3EB795DD6F64}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E4AB674-D41E-4024-940C-ACD708F2CDDE}" = lport=54797 | protocol=6 | dir=in | name=akamai netsession interface |
"{71E494C0-E57D-4ECF-AF27-B5836B586B0B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{76518933-8CA1-4123-A9CF-DF0FCD3AF6F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{768E9893-1DBD-4B42-A971-DE7EF415662E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{76DE7703-B5FA-49AA-85E0-AA38C3D26D5B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{77C4AE3A-E5B6-4DFC-B6E0-DC7E85C0CA07}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{7F8456BF-CD7B-45B9-B87E-5E81A013777B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{80F9E119-D44A-48C7-AD99-BAABCBB0EAA2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82C0144E-77B2-4D05-8983-75E6A6AB252F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8483F1E2-B250-4D07-B81E-AA4D6A10EA95}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{851F27E0-6FE9-4D14-B56B-B927AF4353B3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85CE626D-3065-4BB9-BE74-5C9AD54BDF37}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8637B547-3FB1-4091-8638-93832CBB9506}" = lport=2869 | protocol=6 | dir=in | app=system |
"{91DE7B8F-9D47-4303-827D-A2CE122B0994}" = lport=10243 | protocol=6 | dir=in | app=system |
"{94034794-6651-4544-BCB7-66C055ECF250}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A6341978-EF18-45AE-8514-A6BD11D7F862}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{A6882CA1-233D-4FA9-9FA9-B976243D7110}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A6EE04D5-45E6-447B-B836-F000F1A53C13}" = lport=3390 | protocol=6 | dir=in | app=system |
"{A82285B4-C92E-4889-A511-C5FAC8C7EFCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A83E544D-3D7F-4599-9564-EC03B5C365AB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AEC791C3-4AD6-492D-BFC5-B0E2438FC26F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B07617D5-27A9-4D61-9F03-67D86C57A686}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B523351A-EF56-4F3C-A63E-0B2DE43A4774}" = lport=139 | protocol=6 | dir=in | app=system |
"{B8185816-715F-4640-B890-4B26D022BFCD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B93ED9ED-FC10-4F80-BE9B-C7F97B9D7F00}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDBB2EC1-D1DB-4106-A65B-8FEBD5768C3D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6F5108A-4CD5-4557-806E-A5D043EAAFF7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C956B9AC-52F3-4B3F-999B-AAF9E72092DE}" = rport=139 | protocol=6 | dir=out | app=system |
"{CF2BDB97-94BB-4466-88A1-E6FCB4430D61}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0022FE9-BA81-4822-87A0-82959500B88D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC84F36B-BB29-43B1-8C48-E25A3BA4C026}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DE515FCA-200C-4D83-947F-ED57318EB519}" = lport=10244 | protocol=6 | dir=in | app=system |
"{EBA2F9C6-2B85-439D-AE38-EF9BCFB7BDE9}" = lport=137 | protocol=17 | dir=in | app=system |
"{F3DA900D-8722-4B3C-A965-0050708C39C8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F814E4EC-1CA9-4112-A86C-2B780704B1F0}" = rport=445 | protocol=6 | dir=out | app=system |
"{F9616CC9-E48A-4C5C-8A09-43252004D6C0}" = lport=3390 | protocol=6 | dir=in | app=system |
"{FC15963D-783B-4227-A9DA-1287A9033A06}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FCA9A2E0-EA67-4AEB-851C-BB8B7E82E14B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FDEE494D-15DC-4D76-9A9D-D00011DFD5B1}" = lport=445 | protocol=6 | dir=in | app=system |
"{FF1DA213-E17F-4469-A202-9727175C5A40}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF8C66F2-42C2-45A2-8799-9A0D68871799}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C7FC3B-65D2-4D90-BFC0-D5013AA3971C}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{0A6EBDB9-D3BA-4804-B64A-69FF5240FFE4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0E647CC3-EBDD-42A7-A2F9-7A7DF0D52DC9}" = protocol=58 | dir=out | [email protected]l,-28546 |
"{0FA381E2-F01B-40E6-8302-D21B893B266B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{10CF1C9F-A272-47B3-BFA5-D59908DDB6EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{111AA9FA-3B2B-45F3-8DFA-BACFCE54F790}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{1415E56B-5FC9-456B-B6A7-F1885D14565A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{149F915E-3184-4806-86C3-58DD7E465F84}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{15C266F3-0F4F-49BF-AD3E-B1C3B4E32369}" = dir=in | app=c:\users\jon lowry\appdata\local\torch\plugins\torrent\torchtorrent.exe |
"{19E070B6-A32B-4790-BEA3-2FE833953C9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1A6C7B57-C26A-4143-83C8-352061C1EFBB}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{1B60B249-C6AB-4907-B9F6-EAF875003755}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{1B709ECC-75C1-410E-9F24-B8EA195B02C4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1CA544BE-869B-4844-BCF6-057F876FB5A4}" = protocol=6 | dir=in | app=c:\users\jon lowry\appdata\local\akamai\netsession_win.exe |
"{1FA41332-826D-4A33-8D1D-4ED68FCD02BD}" = protocol=6 | dir=in | app=c:\program files\bitcasa\bitcasa.exe |
"{24C13C70-5AA3-422D-A54F-D77A8555991A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{25B738CD-D16E-4659-B29D-B381B8DA0068}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{25D6E51E-958D-4821-8E6B-FE18DEB94340}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{29111EC6-12B9-4FBF-8EB9-450B98B6446C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{29369E79-C8D9-4BF2-97F0-26090C54B834}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{32263925-F1E8-4272-9C8D-376A9C59141F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{3481025B-4509-4EA2-8705-275577277095}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{3619F3BF-A951-4526-A67E-E48EB45E1ABB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3652783F-98A7-442F-B067-B451133B26E0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{3797BB87-F864-45AB-80D8-6BA8A1390E54}" = dir=in | app=c:\users\jon lowry\appdata\local\temp\7zs579e\setup\hpznui40.exe |
"{39B88EE4-F90F-4FEA-A23D-3F0BDAD63781}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3A0CD762-6545-4440-9D86-0A7464E23CCE}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{3C1A0FB6-7CE1-4A2D-8FD4-6F6A313206F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{3D1F32B7-6FC9-4260-A2CB-7DAA7331283B}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3F950793-2C18-4D93-97A3-76698BB0246E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{41FA0DF0-F66D-4C2F-A0A9-0050EDB79965}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{44A11C78-3E1F-4F44-B59B-234B00F7EE7E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{45E81CC9-E5DE-460F-8DA6-280BA28F99CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{482E3F87-665F-4FDF-811C-44970417C7D6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4DFCE65F-9B61-4F3D-BA4F-F05743AA42E4}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4E536163-32CE-4DF6-8F13-F454515BEABD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F8C8074-A764-4273-90AA-421FF9D299CA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{509B7A7A-8D56-4BBE-893E-83A1F01C99AA}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{51314F49-9D94-4804-8952-895C60A316BD}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{5271F6AC-6DDB-4B6B-A31C-7ED3EC3E22F1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{568AE034-B162-4406-88B9-BFDC4932B2D5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{59468A0A-7A19-4712-835B-48A45F2C5092}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5A5BD745-3937-4BDB-93B5-4A7D0D64CE5F}" = protocol=6 | dir=in | app=c:\users\jon lowry\appdata\local\akamai\netsession_win.exe |
"{5C272223-8ED0-4B39-B851-C8CA65295A81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5C64EA07-F541-4BED-8E5D-5E2DF953215E}" = protocol=1 | dir=in | [email protected],-28543 |
"{60339760-92F7-464E-8E26-3B7BBA26BB0E}" = dir=in | app=c:\users\jon lowry\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{6654AF83-FDC4-4BD5-A032-D9D0345CA4BA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{67320C24-F628-43FA-8BF8-D5DFD5170978}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{6956A258-45A4-47D9-B87B-1B334F81CAC9}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6A3F3160-30B3-41B9-B26B-890BD3EA1400}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{6A7B61F6-C83B-4A6E-BF07-CF058AD385E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6CDC13AA-FE5A-4227-B732-0FC851611B02}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71FBEC6A-31F3-4F19-A53C-EADF49891EA3}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{72ED42C9-6615-4B46-A3B5-F74E6EC2E768}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{77A74BAD-7522-40BB-947F-AF7C7B531CD9}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{7FD2FEB7-0E9B-4E95-BB74-A1EF947A727B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{8091681B-BFE7-4DDA-A96B-AF803343CBA6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{8303A9F0-21EC-4658-B420-7945D0AFFEA4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8B23016D-7F79-4044-A65C-7DD705C01D0F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{8EFC17FA-88AC-4EBF-BC71-1E829AA14B12}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{90786D78-1C38-49AB-832F-9D18A46F0DF7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{91628E2B-9B02-41A3-A75D-3C88631C3B1F}" = protocol=17 | dir=in | app=c:\users\jon lowry\appdata\local\akamai\netsession_win.exe |
"{9280A4CE-3283-4FD0-83AF-980F9265579D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{93D4E12F-D248-482A-8233-5251ADE3CD5D}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{94AEDEBF-4596-47C5-97AD-1D002B741084}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{96D66C6E-210A-4211-8DC9-34427D7340C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{99B600D1-8862-442D-B7FB-6CC85ED5F74D}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{9E002998-AC57-4325-98E8-9D27968A3633}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{9FEB7078-4B35-4479-9050-4471B7CD05EB}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |
"{A0F0353C-65C1-4587-8A96-EAB87E18D035}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A5DEAF09-94B4-47F1-A2D4-67B07C1AE633}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{A6DB01FB-CF6F-4AF3-8FB6-58F05F4611A2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AC4ECDBE-E3D6-48AE-B401-739A0D938BA0}" = protocol=17 | dir=in | app=c:\program files\bitcasa\bitcasa.exe |
"{ADD014DB-F1F7-4A4B-96D1-59C328A6B777}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{B123BA31-41EF-4276-A157-23C0E02B361E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B23CA47D-F2CF-4343-A872-BF375F2A46D0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{B92FE1DF-7B03-451A-8294-19F1653588C5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{BAAC941E-A9B9-463E-A2C0-EC101247A4E4}" = protocol=1 | dir=out | [email protected],-28544 |
"{BB9D9B61-E987-48E0-A4D9-1F3C83A231CE}" = dir=in | app=c:\program files (x86)\winzip driver updater\winzipdu.exe |
"{BD6F4C88-7472-43DA-BCDC-955DE88B84AA}" = protocol=6 | dir=out | app=system |
"{BE2F9BE0-367B-457F-AA85-14920960FEE1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{BF4F9948-BD15-44BB-80EB-0B5320E824AB}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{BF95D6D1-760A-4C72-9D15-822D49F5E581}" = protocol=6 | dir=in | app=c:\program files (x86)\family tree maker 2012\ftm.exe |
"{C0A1FBF2-0433-48AC-92D6-2E420D965E49}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{C2E1B698-90A0-4DD6-A9A6-3AF65941B1C8}" = protocol=17 | dir=in | app=c:\program files (x86)\family tree maker 2012\ftm.exe |
"{C99D9D3D-02AF-44E5-A6D5-2D476FB8B737}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{CA4550A1-CF96-4E23-988A-58BF84D2CD41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CFA7629D-FDD6-4991-BE62-E801E3FF53D0}" = protocol=17 | dir=in | app=c:\users\jon lowry\appdata\local\akamai\netsession_win.exe |
"{D186E492-A877-4A49-BE81-CC89FC05BBBB}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D2C4D61F-695F-4A1B-8F84-5C193C231135}" = protocol=58 | dir=in | [email protected],-28545 |
"{E0991196-1A48-48F0-844E-D6B2D1FF9B41}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{E4EF51D5-DD4C-4EC6-B90C-FD6646E33471}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{E6D3FC17-3A0C-41EB-9A94-6E980BA25563}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{E7BC5CB4-7D77-4F1F-BC8D-D624236B3A23}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{EB4FCC68-10B8-4CEA-AD34-9ED27E3C23B7}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{ED063E40-613A-4CEC-A60D-077372837B07}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{F09A5889-C222-4391-9F40-7C3908496022}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{F1E27F33-C4FB-46AC-B8D7-7E1AE768D289}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{F20E4DCA-8FAD-4E52-BE5D-D3DEC59B2880}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{F24137E2-046C-48A0-8064-593949EC95A3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{F8112C75-BE16-4D87-9BFE-E61A1F4EBE72}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F8849C03-BC71-4806-ADEA-F3F08F97AE95}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{F99EF207-E1BD-4D6C-BAE3-A4A3670EEC1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FA01D70A-5A4C-4919-8C6C-FDB7E2DAF48B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{FAB17402-D08C-498C-B13F-84A23521ED28}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{FB8D2828-0B36-40DF-A27D-8D37669E1B9A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{FBC6CCA3-85B5-4EFE-8468-561E608DEE1A}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{FD5F081A-FEB4-416D-9CAF-4351EDAB9C84}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"TCP Query User{08D241E0-DCCA-4CB2-B291-785B751C0ACC}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{0955D08A-AB01-48D0-A0E5-D05E17924D41}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{39EA341E-9433-4548-9F77-D2F084E4612D}C:\users\jon lowry\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jon lowry\appdata\roaming\spotify\spotify.exe |
"TCP Query User{3FBEC35D-A35B-46F4-A61D-2CF928AC6D25}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe |
"TCP Query User{532F0E23-7E84-4109-ACDE-E574F07E9890}C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=6 | dir=in | app=c:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"TCP Query User{59DEE9AC-CE75-44F4-9998-370020115004}C:\program files (x86)\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"TCP Query User{62F3A90C-C64D-4E0C-9B34-CCCBD51B0E80}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{A27452AF-F887-460F-BC90-B6A8F0195FF9}C:\program files\bitcasa\bitcasa.exe" = protocol=6 | dir=in | app=c:\program files\bitcasa\bitcasa.exe |
"TCP Query User{C85A2D2E-DAF1-4DA5-95D8-C86E2D995722}C:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe |
"TCP Query User{E46E1F33-2976-4F32-B282-B640C58A30CC}C:\users\jon lowry\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jon lowry\appdata\roaming\spotify\spotify.exe |
"TCP Query User{E7ED10B0-4871-4D6E-BD5C-C017140C867D}C:\program files (x86)\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"UDP Query User{2DB5AE07-219A-4EAF-9EA4-58D2DF921923}C:\users\jon lowry\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jon lowry\appdata\roaming\spotify\spotify.exe |
"UDP Query User{3700DD79-36AA-443E-9433-E4480AEEA82F}C:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe" = protocol=17 | dir=in | app=c:\program files (x86)\meteorentertainment\hawken\installedhawkenfiles\binaries\win32\hawkengame-win32-shipping.exe |
"UDP Query User{416E8319-D986-4D30-9194-FE8E96E94114}C:\program files (x86)\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"UDP Query User{644B1F59-B5B9-412D-A246-15940CE92DFA}C:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe |
"UDP Query User{66D6DD50-DC72-433E-86C8-A6747CB448A0}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{6D4C6535-D63B-4DD0-8220-D21A04FD54AB}C:\program files (x86)\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"UDP Query User{C15F8737-3A30-4167-BEE2-D70475802811}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe |
"UDP Query User{C7AC04DD-CFC4-47B6-B6FD-893518184925}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{E23C63CD-7D29-47B9-B0F7-AD06F31A99B2}C:\users\jon lowry\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jon lowry\appdata\roaming\spotify\spotify.exe |
"UDP Query User{E61BD37E-A0EA-41B8-8BC2-A18CAF11059A}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{F7EE0368-D427-4965-B824-F20B49BA0CB3}C:\program files\bitcasa\bitcasa.exe" = protocol=17 | dir=in | app=c:\program files\bitcasa\bitcasa.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{B9D80BD8-C6F4-467C-9717-0ABA9684DA29}" = AVG 2013
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C338ACAC-7162-42E3-8B8C-85E5746F4A2E}" = Aventail Connect
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = Web-Cake 3.00
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}" = WinZip 17.0
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DAD98ADA-0824-4946-98BB-0BDD03233398}" = AVG 2013
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PCSU-SL_is1" = PC Speed Up - Complete uninstall
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}" = Quicken 2012
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}" = iSEEK AnswerWorks English Runtime
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1CB0993B-1CD4-4A18-9C85-9732AFD9843F}" = Family Tree Maker 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2376AAB2-F4D9-48D7-A42B-4E80B8967A8B}" = F4500
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B3D2CFD-3C21-4AA0-94DE-45577B5BAB16}" = Family Tree Maker 2011
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{48912234-1590-43F1-B8CF-ECF6788C3240}" = Vuze Remote Toolbar v6.6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69ABD67D-5C2E-4724-B519-695DEF3EC23B}" = HP Documentation
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{7619F973-52CC-433F-BB71-48E034099BFB}" = calibre
"{77BFC300-FFBB-4841-8A55-CAB7BAC68422}" = Elcomsoft Wireless Security Auditor
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}" = 3D Home Architect Home Design Deluxe 6
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"5513-1208-7298-9440" = JDownloader 0.9
"8461-7759-5462-8226" = Vuze
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aimersoft DRM Media Converter_is1" = Aimersoft DRM Media Converter(Build 1.4.7.2)
"Akamai" = Akamai NetSession Interface Service
"AnyDVD" = AnyDVD
"BasicServe" = BasicServe 1.0 build 111
"BN_DesktopReader" = NOOK for PC
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"d4cfeebc-b821-40b7-9f81-d366b1466f03_is1" = Horizon v2.7.1.4
"Desk 365" = Desk 365
"DivX Setup.divx.com" = DivX Setup
"ERUNT_is1" = ERUNT 1.1j
"Family Tree Maker 2011" = Family Tree Maker 2011
"Family Tree Maker 2012" = Family Tree Maker 2012
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstaCodecs_is1" = InstaCodecs
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}" = 3D Home Architect Home Design Deluxe 6
"KeyBar_1.14 Toolbar" = KeyBar 1.14 Toolbar
"[email protected]" = LyricsSing
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mplayer" = Mplayer 0.6.9
"My HP Game Console" = HP Game Console
"Nidesoft DVD to AVI Converter Platinum_is1" = Nidesoft DVD to AVI Converter Platinum v5.0
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PC Health Kit_is1" = PC Health Kit v3.2
"Picasa 3" = Picasa 3
"QuickTime" = QuickTime
"RealAlt_is1" = Real Alternative 2.0.2
"Rhapsody" = Rhapsody
"WildTangent hp Master Uninstall" = HP Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinImage" = WinImage
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinToFlash Suggestor" = WinToFlash Suggestor
"Wondershare DVD Creator_is1" = Wondershare DVD Creator(Build 2.6.5)
"WsysControl" = Wsys Control 10.2.1.2609
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087373" = Jewel Quest 3
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"Yahoo Browser Settings" = Yahoo Browser Settings

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"Akamai" = Akamai NetSession Interface
"Jenkat Games Arcade" = Jenkat Games Arcade
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/21/2013 4:30:17 AM | Computer Name = Wolfling | Source = Google Update | ID = 20
Description =

Error - 8/21/2013 5:33:28 PM | Computer Name = Wolfling | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.

Error - 8/21/2013 5:35:52 PM | Computer Name = Wolfling | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/22/2013 4:36:14 PM | Computer Name = Wolfling | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on
line 2. The manifest file root element must be assembly.

Error - 8/22/2013 4:38:52 PM | Computer Name = Wolfling | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/22/2013 4:25:47 PM | Computer Name = Wolfling | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 8/22/2013 4:25:47 PM | Computer Name = Wolfling | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 8/23/2013 7:47:32 PM | Computer Name = Wolfling | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1618 Start Time:
01cea038170096ab Termination Time: 16 Application Path: C:\Users\Jon Lowry\Desktop\OTL.exe

Report
Id: fe15397e-0c2b-11e3-afd7-415645000030

Error - 8/23/2013 7:46:25 PM | Computer Name = Wolfling | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1720 Start Time:
01cea05dce345ae0 Termination Time: 5 Application Path: C:\Users\Jon Lowry\Desktop\OTL.exe

Report
Id: 2f99044d-0c4e-11e3-afd8-415645000030

Error - 8/24/2013 1:12:29 AM | Computer Name = Wolfling | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

[ Hewlett-Packard Events ]
Error - 9/6/2012 10:59:11 PM | Computer Name = JonLowry-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 9/14/2012 5:02:10 AM | Computer Name = JonLowry-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261 at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3893 Ram
Utilization: 40 TargetSite: Void SetWMISysInformation()

Error - 9/14/2012 5:03:10 AM | Computer Name = JonLowry-HP | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467261HPSFMsgr.exe at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Message:
Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
Source:
HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3893 Ram
Utilization: 40 TargetSite: Void SetWMISysInformation()

Error - 9/25/2012 8:08:21 AM | Computer Name = JonLowry-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/31/2012 11:06:56 AM | Computer Name = JonLowry-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/20/2012 9:24:08 PM | Computer Name = JonLowry-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/20/2012 9:24:08 PM | Computer Name = JonLowry-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/20/2012 9:24:10 PM | Computer Name = JonLowry-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/18/2012 3:36:14 PM | Computer Name = JonLowry-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/0f8dc3cc_c5cc_40b9_a39c_10de9bcd31b7/6wsedofdqgw_kmeh1w0nld7t_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3893 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String)

Error - 1/7/2013 3:19:17 PM | Computer Name = Wolfling | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 8/25/2012 2:14:14 PM | Computer Name = JonLowry-HP | Source = CaslWmi | ID = 5
Description = 2012/08/25 11:14:14.617|000010B4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 8/25/2012 2:16:14 PM | Computer Name = JonLowry-HP | Source = CaslWmi | ID = 5
Description = 2012/08/25 11:16:14.715|00001724|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 8/25/2012 2:54:44 PM | Computer Name = JonLowry-HP | Source = CaslWmi | ID = 5
Description = 2012/08/25 11:54:44.538|00001DB0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

Error - 8/25/2012 2:54:44 PM | Computer Name = JonLowry-HP | Source = CaslWmi | ID = 5
Description = 2012/08/25 11:54:44.998|00001DB0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 8/30/2012 5:46:37 PM | Computer Name = JonLowry-HP | Source = CaslWmi | ID = 5
Description = 2012/08/30 14:46:37.447|00000880|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 9/6/2012 10:52:18 PM | Computer Name = JonLowry-HP | Source = CaslWmi | ID = 5
Description = 2012/09/06 19:52:18.767|00001ABC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 9/6/2012 10:58:14 PM | Computer Name = JonLowry-HP | Source = CaslWmi | ID = 5
Description = 2012/09/06 19:58:14.407|00000B54|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 9/13/2012 3:36:49 AM | Computer Name = JonLowry-HP | Source = CaslWmi | ID = 5
Description = 2012/09/13 00:36:49.511|00001C88|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 9/25/2012 8:08:01 AM | Computer Name = JonLowry-HP | Source = CaslWmi | ID = 5
Description = 2012/09/25 05:08:01.021|0000021C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 10/13/2012 10:27:37 AM | Computer Name = JonLowry-HP | Source = CaslWmi | ID = 5
Description = 2012/10/13 07:27:37.564|000013D4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ HP Wireless Assistant Events ]
Error - 4/20/2011 11:49:49 PM | Computer Name = JonLowry-HP | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 6/10/2011 9:23:05 PM | Computer Name = JonLowry-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.ApplyDeviceManagerState(List`1
radios) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 6/17/2011 12:51:16 PM | Computer Name = JonLowry-HP | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 1/11/2012 1:27:37 AM | Computer Name = JonLowry-HP | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 7/11/2012 12:25:25 AM | Computer Name = JonLowry-HP | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

Error - 7/27/2012 1:27:19 PM | Computer Name = JonLowry-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 7/27/2012 1:27:22 PM | Computer Name = JonLowry-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 9/14/2012 5:06:09 AM | Computer Name = JonLowry-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
sender, StartupEventArgs args)

Error - 9/14/2012 5:06:10 AM | Computer Name = JonLowry-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...

Error - 11/3/2012 7:24:57 PM | Computer Name = JonLowry-HP | Source = HP WA Application | ID = 0
Description = System.Exception HardwareAccess hasn't been instantiated properly.
at PAProgramAccess.Impl.UpdatePowerSchemeInformation(PowerScheme powerScheme)

[ Media Center Events ]
Error - 2/23/2013 5:39:30 AM | Computer Name = Wolfling | Source = Microsoft-Windows-Media Center Extender | ID = 116
Description =

Error - 3/11/2013 5:44:47 PM | Computer Name = Wolfling | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

Error - 5/19/2013 1:08:29 AM | Computer Name = Wolfling | Source = Microsoft-Windows-Media Center Extender | ID = 112
Description =

Error - 5/19/2013 1:09:55 AM | Computer Name = Wolfling | Source = Microsoft-Windows-Media Center Extender | ID = 112
Description =

Error - 5/19/2013 1:10:35 AM | Computer Name = Wolfling | Source = Microsoft-Windows-Media Center Extender | ID = 112
Description =

Error - 5/19/2013 1:11:17 AM | Computer Name = Wolfling | Source = Microsoft-Windows-Media Center Extender | ID = 112
Description =

Error - 5/19/2013 1:12:24 AM | Computer Name = Wolfling | Source = Microsoft-Windows-Media Center Extender | ID = 112
Description =

Error - 5/19/2013 1:13:30 AM | Computer Name = Wolfling | Source = Microsoft-Windows-Media Center Extender | ID = 112
Description =

Error - 5/19/2013 1:14:34 AM | Computer Name = Wolfling | Source = Microsoft-Windows-Media Center Extender | ID = 112
Description =

Error - 5/19/2013 1:15:42 AM | Computer Name = Wolfling | Source = Microsoft-Windows-Media Center Extender | ID = 112
Description =

[ System Events ]
Error - 8/24/2013 12:21:33 AM | Computer Name = Wolfling | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error %%-536805315.

Error - 8/24/2013 12:21:34 AM | Computer Name = Wolfling | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 8/24/2013 12:21:44 AM | Computer Name = Wolfling | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32 Avgldx64

Error - 8/24/2013 12:25:37 AM | Computer Name = Wolfling | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/24/2013 12:21:10 AM | Computer Name = Wolfling | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/24/2013 12:22:57 AM | Computer Name = Wolfling | Source = Service Control Manager | ID = 7022
Description = The Wsys Service service hung on starting.

Error - 8/24/2013 12:22:57 AM | Computer Name = Wolfling | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753637.

Error - 8/24/2013 12:22:59 AM | Computer Name = Wolfling | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error %%-536805315.

Error - 8/24/2013 12:23:00 AM | Computer Name = Wolfling | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 8/24/2013 12:23:09 AM | Computer Name = Wolfling | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ASPI32 Avgldx64


< End of report >


Mbam log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Jon Lowry :: WOLFLING [administrator]

8/23/2013 9:50:24 PM
mbam-log-2013-08-23 (21-50-24).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 306790
Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Detected: 12
C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe (PUP.Optional.WebCake.A) -> 2224 -> No action taken.
C:\Program Files (x86)\BasicServe\basicserve.exe (PUP.Zwangi) -> 2112 -> No action taken.
C:\Program Files (x86)\BasicServe\basicserve.exe (PUP.Zwangi) -> 2276 -> No action taken.
C:\Program Files (x86)\Desk 365\desk365.exe (PUP.Optional.Desk365.A) -> 2008 -> No action taken.
C:\Program Files (x86)\Desk 365\deskSvc.exe (PUP.Optional.Desk365.A) -> 1272 -> No action taken.
C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> 1480 -> No action taken.
C:\Program Files (x86)\PC Speed Up\PCSUService.exe (PUP.Optional.PCSpeedUp.A) -> 764 -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Tepfel\WebCakeDesktop.exe (PUP.WebCake) -> 4788 -> No action taken.
C:\ProgramData\eSafe\eGdpSvc.exe (Trojan.Staser) -> 1480 -> Delete on reboot.
C:\Program Files (x86)\BasicServe\basicserve.exe (Adware.OneStep) -> 2112 -> Delete on reboot.
C:\Program Files (x86)\BasicServe\basicserve.exe (Adware.OneStep) -> 2276 -> Delete on reboot.
C:\Users\Jon Lowry\AppData\Roaming\Tepfel\WebCakeDesktop.exe (Adware.WebCake) -> 4788 -> Delete on reboot.

Memory Modules Detected: 11
C:\Program Files (x86)\Desk 365\ebase.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\edeskcmn.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\ElexDbg.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\enotify.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\libpng.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\libpopdlg.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\mbdet.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\ouilibnl.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\sqlite3.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\Sqlite3.dll (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\BasicServe\basicserve.dll (Adware.OneStep) -> Delete on reboot.

Registry Keys Detected: 47
HKLM\SYSTEM\CurrentControlSet\Services\WebCakeUpdater (PUP.Optional.WebCake.A) -> No action taken.
HKCR\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} (PUP.Optional.WebCake.A) -> No action taken.
HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> No action taken.
HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} (PUP.WebCake) -> No action taken.
HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} (PUP.WebCake) -> No action taken.
HKCR\WebCakeIEClient.Layers.1 (PUP.WebCake) -> No action taken.
HKCR\WebCakeIEClient.Layers (PUP.WebCake) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> No action taken.
HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> No action taken.
HKCR\WebCakeIEClient.Api.1 (PUP.Optional.WebCake.A) -> No action taken.
HKCR\WebCakeIEClient.Api (PUP.Optional.WebCake.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> No action taken.
HKCR\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3} (PUP.Optional.WebCake.A) -> No action taken.
HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> No action taken.
HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47AE1BA9-0BD1-44F4-88AE-45F8F7B605EF} (PUP.Zwangi) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\BasicServe Service (PUP.Zwangi) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\desksvc (PUP.Optional.Desk365.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365 (PUP.Optional.Desk365.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc (PUP.Optional.Esafe.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl (PUP.Optional.Esafe.A) -> No action taken.
HKCR\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C} (PUP.Optional.PCSpeedUp.A) -> No action taken.
HKCR\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B} (PUP.Optional.PCSpeedUp.A) -> No action taken.
HKCR\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D} (PUP.Optional.PCSpeedUp.A) -> No action taken.
HKCR\PCSU.SysUtils.1 (PUP.Optional.PCSpeedUp.A) -> No action taken.
HKCR\PCSU.SysUtils (PUP.Optional.PCSpeedUp.A) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\PCSUService (PUP.Optional.PCSpeedUp.A) -> No action taken.
HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> No action taken.
HKLM\SOFTWARE\BASICSERVE (PUP.Zwangi) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> No action taken.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BASICSERVE (PUP.Zwangi) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{145ae49d-519a-4796-bbd0-bc58fe3363bc} (PUP.Optional.LyricsAd.Gen) -> No action taken.
HKCR\CLSID\{145ae49d-519a-4796-bbd0-bc58fe3363bc} (PUP.Optional.LyricsAd.Gen) -> No action taken.
HKCR\TypeLib\{7425BBB3-CEF9-43A2-8C4A-AA94EF77A415} (PUP.Optional.LyricsAd.Gen) -> No action taken.
HKCR\Interface\{77805AF5-653B-4CFA-BE22-5267562D8C7A} (PUP.Optional.LyricsAd.Gen) -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc (Trojan.Staser) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl (Trojan.Staser) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\BasicServe Service (Adware.OneStep) -> Quarantined and deleted successfully.
HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (Adware.WebCake) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EFDF368C-8DD9-4E05-87CD-16AA5CB03CB8} (Adware.WebCake) -> Quarantined and deleted successfully.
HKCR\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} (Adware.WebCake) -> Quarantined and deleted successfully.
HKCR\WebCakeIEClient.Layers.1 (Adware.WebCake) -> Quarantined and deleted successfully.
HKCR\WebCakeIEClient.Layers (Adware.WebCake) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (Adware.WebCake) -> Quarantined and deleted successfully.
HKCU\Software\PC Health Kit (Rogue.PCHealthKit) -> Quarantined and deleted successfully.

Registry Values Detected: 9
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Desk 365 (PUP.Optional.Desk365.A) -> Data: "C:\Program Files (x86)\Desk 365\desk365.exe" /autorun -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PCSpeedUp (PUP.Optional.PCSpeedUp.A) -> Data: C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WebCake Desktop (PUP.WebCake) -> Data: "C:\Users\Jon Lowry\AppData\Roaming\Tepfel\WebCakeDesktop.exe" -> No action taken.
HKLM\SOFTWARE\BasicServe|DllPath (PUP.Zwangi) -> Data: C:\Program Files (x86)\BasicServe\basicserve.dll -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BasicServe|DisplayName (PUP.Zwangi) -> Data: BasicServe 1.0 build 111 -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\PCSUService|ImagePath (PUP.Optional.PCSpeedUp.A) -> Data: C:\Program Files (x86)\PC Speed Up\PCSUService.exe -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc|ImagePath (PUP.Optional.Esafe.A) -> Data: C:\ProgramData\eSafe\eGdpSvc.exe -> No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\desksvc|ImagePath (PUP.Optional.Desk365.A) -> Data: C:\Program Files (x86)\Desk 365\deskSvc.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WebCake Desktop (Adware.WebCake) -> Data: "C:\Users\Jon Lowry\AppData\Roaming\Tepfel\WebCakeDesktop.exe" -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.condui...&ctid=CT3291327) Good: (http://www.google.com) -> No action taken.

Folders Detected: 50
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> No action taken.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.WebCake) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365 (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\1 (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\3 (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\35 (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\36 (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\39 (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\4 (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\41 (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\42 (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\components (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_bkg (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\sysicons (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365 (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\desk_bkg (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\awp (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cmn (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\notify (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\upgrade (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\en_us (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\es_es (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\pt_br (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\tr_tr (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\zh_cn (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\zh_tw (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\style (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\uninstaller (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\update (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\Tepfel (PUP.Optional.WebCake.A) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365 (PUP.Optional.Desk365.A) -> No action taken.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> No action taken.

Files Detected: 440
C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe (PUP.Optional.WebCake.A) -> No action taken.
C:\Program Files (x86)\Tepfel\WebCakeIEClient.dll (PUP.WebCake) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\components\component_libcef_1.1364.1123.exe (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\Downloads\Setup.exe (PUP.Optional.MSILLauncher.A) -> No action taken.
C:\ProgramData\BasicServe\basicserve111.exe (PUP.Zwangi) -> No action taken.
C:\Program Files (x86)\BasicServe\basicserve.exe (PUP.Zwangi) -> No action taken.
C:\Program Files (x86)\BasicServe\basicserve.dll (PUP.Zwangi) -> No action taken.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> No action taken.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> No action taken.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> No action taken.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll (PUP.WebCake) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\accelerate (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_bkg_list.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_list.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_settings.ini (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\firstrun (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\process_mgr.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\1\angrybirds.db (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\1\angrybirds.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\3\BigFarm.db (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\3\BigFarm.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\35\Gmail.db (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\35\Gmail.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\36\Outlook.db (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\36\Outlook.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\39\ESPN.db (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\39\ESPN.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\4\Empire.db (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\4\Empire.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\41\gcalendar.db (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\41\gcalendar.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\42\pulse.db (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\42\pulse.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_1.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_2.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_3.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_4.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_5.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_default.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\337_7c9140b13c049fd26989f7fa25b77cb1_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\angrybirds_00ff92c12703baaf0130d6aec427d047_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Barbie_00a67ff4ef657679a6c88553135d62ad_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\BigFarm_de933b0e5218a4db24bebe3d55ed3558_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\chrome_b7bb09c3903b6ff6028c866874bf640f.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\chrome_b7bb09c3903b6ff6028c866874bf640f_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Empire_22b42f57d1c467841280810e218d5510_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\ESPN_a7b078f5f5f5b87efcef66ab5783cf9d_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Facebook_aab07bc79cf599b25c0110f32d46a3ef_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\firefox_b414165d9cd1076677f9afafe1c8f6f0.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\firefox_b414165d9cd1076677f9afafe1c8f6f0_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\gcalendar_50b3e3c5fc202f0cfcae8032b2465c1b_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Gmail_731b6d011bd9f67463a916a496775935_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Google_60d75cb277f0c452fa60dba8350caf65_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\iexplore_f4c15fc16ef88bbbc521e1d4cef6f739.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\iexplore_f4c15fc16ef88bbbc521e1d4cef6f739_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Mario_52934d81761dc31187a93a3a0be7fecc_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\mbam_207f9b943b91f0a949b31360e6bb92e4.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\mbam_207f9b943b91f0a949b31360e6bb92e4_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Outlook_6f817b67fa6af1a9c8abfa3813a8595c_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\PCSULauncher_0b92478ba12195d5d99ca532cf6419c3.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\PCSULauncher_0b92478ba12195d5d99ca532cf6419c3_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\pulse_b5a242da04cc06eacd02b1ca41e3583c_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\sys_computer_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\sys_control_panel_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Twitter_ebddd85ec04b7b94a2b2e97b73a90a4a_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Youtube_bf18fdfc4aefd6417a8bacae4be5b415_48_48.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\337.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\337_7c9140b13c049fd26989f7fa25b77cb1.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\barbie.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\Barbie_00a67ff4ef657679a6c88553135d62ad.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\facebook.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\Facebook_aab07bc79cf599b25c0110f32d46a3ef.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\GameCenter.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\google.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\Google_60d75cb277f0c452fa60dba8350caf65.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\mario.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\Mario_52934d81761dc31187a93a3a0be7fecc.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\twitter.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\Twitter_ebddd85ec04b7b94a2b2e97b73a90a4a.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\v9.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\youtube.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\Youtube_bf18fdfc4aefd6417a8bacae4be5b415.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\sysicons\0737cc0646562366bf607aa1fa2a03bd_21.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\sysicons\07584c03a5dd11a6104e45e8ad03b3fe_104.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r0.jpg (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r1.jpg (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r2.jpg (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r3.jpg (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r4.jpg (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r5.jpg (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r6.jpg (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r7.jpg (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r8.jpg (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r9.jpg (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\promote.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\desk365.exe (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\DeskExternal.exe (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\deskplusdl.exe (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\deskSvc.exe (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\desk_bkg_list.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\desk_list.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\desk_settings.ini (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\ebase.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\edeskcmn.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\eDhelper.exe (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\eDhelper64.exe (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\edis.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\edis64.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\ElexDbg.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\enotify.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\eUninstall.exe (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\libpng.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\libpopdlg.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\main (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\mbdet.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\ouilibnl.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\process_mgr.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\recent.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\segoeui.ttf (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\segoeuib.ttf (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\sqlite3.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\svc.conf (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\TrayDownloader.exe (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\WinZipperdl.exe (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\zlib1.dll (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\desk_bkg\desk_bkg_1.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\desk_bkg\desk_bkg_2.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\desk_bkg\desk_bkg_3.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\desk_bkg\desk_bkg_4.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\desk_bkg\desk_bkg_5.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\desk_bkg\desk_bkg_default.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\337.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\accelerate_button_bkg.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\add_button.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\add_flash.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\add_shortcut.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\add_shortcut_mouseover.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\angrybirds.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\app_icon.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\app_screen.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\arrow_left.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\arrow_right.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\bg_hover.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\bg_pushed.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\bug.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\button_delete.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\button_selected.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\button_skin.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\change_skin.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\check_checked.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\check_intermediate.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\check_uncheck.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cloud_flash.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\collectlnkdlg.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\combo_skin.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\combo_skin_op.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\customize.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\customize_bk.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\custom_screen.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\delete_button.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\DeskBkgnd.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\deskbtnbk.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\desktopmasks_bk.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\desk_about_bg.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\desk_close.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\desk_cmd_list.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\desk_default_bk.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\desk_edit.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\desk_fbar.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\desk_menu.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\desk_more.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\desk_skin.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\DlgBkgnd.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\edesk_hover.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\edesk_hover_small.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\edesk_normal.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\edit_skin.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\edit_skin_op.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\finding.gif (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\gl_res.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\horizontal_line.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\hscroll.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\icon_Tip.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\improve_arrow.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\indicator.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\installing1.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\installing2.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\installing_bg.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\install_back.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\install_button_skin.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\install_check_checked.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\install_check_intermediate.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\install_check_uncheck.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\install_hover.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\install_logo.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\install_normal.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\install_resource.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\large-arrow.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\large_add_icon.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\line-foot.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\line-top.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\line_ver.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\loading.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\menuitem_selbk.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\menu_bk.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\msg_btn_close.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\msg_center.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\new_icon.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\new_icon_xp.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\nextpage.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\nothing.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\num.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\number.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\PageBtnBkg.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\PageNavigate.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\patch_file_icon.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\percent_sign.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\pic-error.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\pic-info.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\pic-question.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\pic-warning.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\popup_dialog_bk.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\pop_msg_bk.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\prepage.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\previewdialog.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\progressbar_bk.bmp (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\progressbar_bk.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\progressbar_image.bmp (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\progressbar_image.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\progress_bk.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\progress_meter.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\radio_normal.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\radio_selected.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\resclear_best_tip_bkg.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\resclear_footer_bkg.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\resclear_green_check.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\resclear_main_bkg.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\resclear_tip_bkg.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\resource.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\resource_usage_progress_bkg.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\resource_usage_progress_green.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\resource_usage_progress_red.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\resource_usage_progress_yellow.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\return_bk.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\rocket_ship.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\sc_button.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\sc_line.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\selected.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\SettingBk.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\shortcut_Tip.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\shutdown_button_bkg.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\shutdown_more_button_bkg.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\SkinMgr_bg.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\soft_desk.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\spliter_bar_bk_left.bmp (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\spliter_bar_bk_right.bmp (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\spliter_skin.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\start_menu_bk.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\switch_screen.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\sys_close.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\sys_imglist.bmp (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\sys_max.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\sys_min.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\sys_restore.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\sys_setting.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\title_bar.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\toolbar_tips_bottom.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\toolbar_tips_left.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\toolbar_tips_right.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\toolbar_tips_top.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\v9.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\vertical_border.bmp (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\vertical_line.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\vscroll.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\wallpaper.ico (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\web_screen.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\WIN7_bjSmall_X.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\WIN7_bjSmall_Y.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\WIN7_bj_X.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\WIN7_bj_Y.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\wp_bk.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\wp_meter.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\XP_bj_hover.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\XP_bj_normal.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\awp\1.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\awp\2.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\awp\3.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cmn\game_bk_wnd.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cmn\game_close.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cmn\game_hide.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cmn\game_max.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cmn\game_min.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cmn\game_restore.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cmn\game_system.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cmn\menu_bg.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cmn\menu_item_over.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cmn\pic-error.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cmn\pic-info.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cmn\pic-question.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cmn\pic-warning.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cmn\popup_dialog_bk.bmp (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\cmn\prepare.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\notify\notify_bg.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\notify\notify_close.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\play.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us\desk_tip1.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us\desk_tip2.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us\desk_tip3.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us\help1.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us\help2.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us\help3.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us\start.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us\tips_click_here.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es\desk_tip1.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es\desk_tip2.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es\desk_tip3.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es\help1.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es\help2.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es\help3.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es\start.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es\tips_click_here.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br\desk_tip1.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br\desk_tip2.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br\desk_tip3.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br\help1.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br\help2.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br\help3.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br\start.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br\tips_click_here.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr\desk_tip1.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr\desk_tip2.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr\desk_tip3.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr\help1.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr\help2.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr\help3.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr\start.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr\tips_click_here.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\image\default\upgrade\start.png (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\protocol.txt (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\en_us\edesk.ini (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\en_us\game_login.ini (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\en_us\install_lang.ini (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\es_es\edesk.ini (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\es_es\game_login.ini (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\es_es\install_lang.ini (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\pt_br\edesk.ini (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\pt_br\game_login.ini (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\pt_br\install_lang.ini (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\tr_tr\edesk.ini (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\tr_tr\game_login.ini (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\tr_tr\install_lang.ini (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\language\zh_tw\game_login.ini (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\add_shortcut.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\add_shortcut_tip.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\auto_start.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\bug_report.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\delete_tip.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\desk.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\desk_about.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\desk_bkg.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\desk_collect_lnk.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\desk_help.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\desk_helptip.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\desk_hover_dlg.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\desk_mgr.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\desk_msgbox.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\desk_rename.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\desk_resclear_besttip.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\desk_resclear_main.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\desk_resclear_tip.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\desk_settings.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\desk_set_url.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\gamelogin.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\gl_game.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\gl_newwindow.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\import_shortcut.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\install_msgbox.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\languageSelect.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\msgbox.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\msg_center.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\popMsgBox.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\pop_context.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\pop_message.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\pop_standard.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\set_res_used_percent.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\shutdown_tip.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\uninsteDesk.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\uninstgl.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\update.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\layout\default\upgrade_guide.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\style\gl_style.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\style\install_style.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\style\style.xml (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\uninstaller\eDesk.inst (PUP.Optional.Desk365.A) -> No action taken.
C:\Program Files (x86)\Desk 365\uninstaller\gamelogin.inst (PUP.Optional.Desk365.A) -> No action taken.
C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\PCSUService.conf (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\App.config (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\Icon.ico (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\PCSpeedUp.s3db (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\PCSpeedUp.sys (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\PCSUBootTimes.log (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\PCSUHelper.dll (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\PCSULauncher.exe (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\PCSUSD.exe (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\PCSUService-Timer.log (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\PCSUService.exe (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\PCSUService.log (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\PCSUUCC.exe (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\PCSUUCC.log (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\PopupNotification.dll (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\Sqlite3.dll (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\unins000.dat (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\unins000.exe (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Program Files (x86)\PC Speed Up\unins000.msg (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Windows\Tasks\PC SpeedUp Service Deactivator.job (PUP.Optional.PCSpeedUp.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\SearchProtect\Res\SPSetup.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.InstallState (PUP.Optional.WebCake.A) -> No action taken.
C:\Program Files (x86)\Tepfel\OptChrome.exe (PUP.Optional.WebCake.A) -> No action taken.
C:\Program Files (x86)\Tepfel\optimizer.exe (PUP.Optional.WebCake.A) -> No action taken.
C:\Program Files (x86)\Tepfel\sqlite3.exe (PUP.Optional.WebCake.A) -> No action taken.
C:\Program Files (x86)\Tepfel\WebCakeLayers.crx (PUP.Optional.WebCake.A) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365\eUninstall.lnk (PUP.Optional.Desk365.A) -> No action taken.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365\Desk 365.lnk (PUP.Optional.Desk365.A) -> No action taken.
C:\Users\Jon Lowry\AppData\Roaming\Tepfel\WebCakeDesktop.exe (PUP.WebCake) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Program Files (x86)\LyricSing\128.dll (PUP.Optional.LyricsAd.Gen) -> No action taken.
C:\Program Files (x86)\BasicServe\basicserve.dll (Adware.OneStep) -> Delete on reboot.
C:\ProgramData\eSafe\eGdpSvc.exe (Trojan.Staser) -> Delete on reboot.
C:\Program Files (x86)\BasicServe\basicserve.exe (Adware.OneStep) -> Delete on reboot.
C:\Users\Jon Lowry\AppData\Roaming\Tepfel\WebCakeDesktop.exe (Adware.WebCake) -> Delete on reboot.
C:\Program Files (x86)\Tepfel\WebCakeIEClient.dll (Adware.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\BasicServe\basicserve111.exe (Adware.OneStep) -> Quarantined and deleted successfully.

(end)

security Log:

Results of screen317's Security Check version 0.99.72
Windows 7 Service Pack 1 x64
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
AVG PC Tuneup
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Adobe Reader 10.1.2 Adobe Reader out of Date!
Mozilla Firefox 22.0 Firefox out of Date!
Google Chrome 28.0.1500.95
````````Process Check: objlist.exe by Laurent````````
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0

#9
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi bigredyeeha,

Until we get your computer clean, please be refrain from downloading any files.

Step One: Combofix

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.

    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions


Step Two: Malwarebytes' Anti-Malware

  • Run Malwarebytes' Anti-Malware.
  • Select the Update tab.
  • Select the Check for Updates button.
  • Select the Scanner tab.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Step Three: OTL Scan

Run OTL
  • Please select the Scan All Users checkbox.
  • Then click the Run Scan button at the top
  • Let the program run unhindered, until it is done
  • Post the log it produces in your next reply.

Step Four: Reset Chrome's Default Search

You will have to reset Chrome's search engine manually. Instructions can be found here.

What I need in your next post:
1. The combofix log, "C:\ComboFix.txt" .
2. The MBAM report.
3. The OTL report, OTL.txt.
  • 0

#10
bigredyeeha

bigredyeeha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
combo fix:

ComboFix 13-08-25.01 - Jon Lowry 08/26/2013 1:12.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1563 [GMT -7:00]
Running from: c:\users\Jon Lowry\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BasicServe
c:\program files (x86)\BasicServe\uninstall.exe
c:\program files (x86)\Common Files\337
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\icudt.dll
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\libcef.dll
c:\program files (x86)\Common Files\337\libcef\1.1364.1123\locales\en-US.pak
c:\program files (x86)\LyricSing
c:\program files (x86)\LyricSing\00.crx
c:\program files (x86)\LyricSing\00.xpi
c:\program files (x86)\LyricSing\01.crx
c:\program files (x86)\LyricSing\01.xpi
c:\program files (x86)\LyricSing\02.crx
c:\program files (x86)\LyricSing\02.xpi
c:\program files (x86)\LyricSing\130.crx
c:\program files (x86)\LyricSing\130.dat
c:\program files (x86)\LyricSing\130.dll
c:\program files (x86)\LyricSing\130.xpi
c:\program files (x86)\LyricSing\chrome.manifest
c:\program files (x86)\LyricSing\crx.dat
c:\program files (x86)\LyricSing\crx.db
c:\program files (x86)\LyricSing\lSing.exe
c:\program files (x86)\LyricSing\sqlite3.dll
c:\program files (x86)\LyricSing\Uninstall.exe
c:\program files (x86)\LyricSing\xpi.dat
c:\program files (x86)\LyricSing\xpi.db
c:\programdata\3f263f32233b372f_c
c:\programdata\BasicServe
c:\users\Jon Lowry\AppData\Roaming\chrtmp
c:\users\Jon Lowry\AppData\Roaming\inst.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PCSUService
.
.
((((((((((((((((((((((((( Files Created from 2013-07-26 to 2013-08-26 )))))))))))))))))))))))))))))))
.
.
2013-08-26 07:26 . 2013-08-26 07:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-08-26 07:26 . 2013-08-26 07:26 -------- d-----w- c:\users\Mcx1-WOLFLING\AppData\Local\temp
2013-08-26 07:26 . 2013-08-26 07:26 -------- d-----w- c:\users\Mcx1-WOLFLING.WOLFLING\AppData\Local\temp
2013-08-26 07:26 . 2013-08-26 07:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-26 07:26 . 2013-08-26 07:26 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-08-26 07:26 . 2013-08-26 07:26 -------- d-----w- c:\users\Administrator.WOLFLING\AppData\Local\temp
2013-08-24 04:49 . 2013-08-24 04:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-24 04:49 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-24 04:36 . 2013-08-26 07:28 -------- d-----w- c:\program files (x86)\PC Speed Up
2013-08-24 04:36 . 2013-08-26 07:26 -------- d-----w- c:\program files (x86)\Desk 365
2013-08-24 04:36 . 2013-08-24 04:36 -------- d-----w- c:\users\Jon Lowry\AppData\Roaming\Desk 365
2013-08-24 04:36 . 2013-08-24 04:21 -------- d-----w- c:\programdata\eSafe
2013-08-24 04:35 . 2013-08-24 04:21 -------- d-----w- c:\users\Jon Lowry\AppData\Roaming\Tepfel
2013-08-24 04:35 . 2013-08-24 04:36 -------- d-----w- c:\program files (x86)\Tepfel
2013-08-24 04:35 . 2013-08-24 04:35 -------- d-----w- c:\programdata\Tarma Installer
2013-08-24 04:35 . 2013-08-24 04:35 -------- d-----w- c:\program files (x86)\KeyBar_1.14
2013-08-24 04:35 . 2013-08-24 04:35 -------- d-----w- c:\users\Jon Lowry\AppData\Local\Conduit
2013-08-24 04:35 . 2013-08-24 04:35 -------- d-----w- c:\program files (x86)\Conduit
2013-08-24 04:35 . 2013-08-24 04:35 -------- d-----w- c:\users\Jon Lowry\AppData\Roaming\SearchProtect
2013-08-21 20:56 . 2013-08-21 21:03 -------- d-----w- C:\AdwCleaner
2013-08-21 08:13 . 2013-08-21 08:13 17737608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-19 09:12 . 2013-08-19 09:12 -------- d-----w- C:\_OTL
2013-08-19 09:10 . 2013-08-19 09:10 -------- d-----w- c:\program files (x86)\ERUNT
2013-08-19 01:42 . 2013-08-19 01:42 -------- d-----w- c:\users\Jon Lowry\AppData\Local\calibre-cache
2013-08-18 04:44 . 2013-08-20 06:28 -------- d-----w- c:\users\Jon Lowry\AppData\Roaming\Media Player Classic
2013-08-18 03:34 . 2013-08-18 03:34 -------- d-----w- c:\users\Jon Lowry\AppData\Local\avgchrome
2013-08-18 03:33 . 2013-08-18 03:41 -------- d-----w- c:\users\Jon Lowry\AppData\Local\WebPlayer
2013-08-14 07:57 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-14 07:57 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-14 07:57 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-14 07:57 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-14 07:57 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-14 07:57 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-14 07:57 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-14 07:57 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-14 07:57 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-14 07:55 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-14 07:55 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-14 07:55 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-14 07:55 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-14 07:55 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-11 08:24 . 2013-08-11 08:24 -------- d-----w- c:\users\Jon Lowry\AppData\Roaming\Jenkat
2013-08-11 08:24 . 2013-08-11 08:24 -------- d-----w- c:\program files (x86)\Yahoo Browser Settings
2013-07-29 07:03 . 2013-08-24 04:24 -------- d-----w- c:\program files (x86)\JDownloader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-24 04:36 . 2011-06-11 09:58 773712 ----a-w- c:\windows\SysWow64\msvcr100.dll
2013-08-24 04:36 . 2011-06-11 09:58 420944 ----a-w- c:\windows\SysWow64\msvcp100.dll
2013-08-21 08:13 . 2013-01-15 13:19 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-21 08:13 . 2011-05-18 12:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-14 07:58 . 2011-02-02 19:59 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-13 07:19 . 2012-12-23 03:20 82816 ----a-w- c:\users\Jon Lowry\AppData\Roaming\pcouffin.sys
2013-07-09 04:45 . 2013-08-14 07:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-06 06:01 . 2013-07-06 06:01 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-06 06:01 . 2012-06-01 03:39 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-06 06:01 . 2010-07-15 21:33 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-26 07:12 . 2013-06-26 07:12 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-26 07:12 . 2013-06-26 07:12 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-26 07:12 . 2013-06-26 07:12 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-26 07:12 . 2013-06-26 07:12 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-26 07:12 . 2013-06-26 07:12 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-26 07:12 . 2013-06-26 07:12 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-26 07:12 . 2013-06-26 07:12 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-26 07:12 . 2013-06-26 07:12 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-26 07:12 . 2013-06-26 07:12 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-26 07:12 . 2013-06-26 07:12 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-26 07:12 . 2013-06-26 07:12 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-26 07:12 . 2013-06-26 07:12 441856 ----a-w- c:\windows\system32\html.iec
2013-06-26 07:12 . 2013-06-26 07:12 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-26 07:12 . 2013-06-26 07:12 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-26 07:12 . 2013-06-26 07:12 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-26 07:12 . 2013-06-26 07:12 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-26 07:12 . 2013-06-26 07:12 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-26 07:12 . 2013-06-26 07:12 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-26 07:12 . 2013-06-26 07:12 235008 ----a-w- c:\windows\system32\url.dll
2013-06-26 07:12 . 2013-06-26 07:12 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-26 07:12 . 2013-06-26 07:12 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-26 07:12 . 2013-06-26 07:12 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-26 07:12 . 2013-06-26 07:12 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-26 07:12 . 2013-06-26 07:12 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-26 07:12 . 2013-06-26 07:12 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-26 07:12 . 2013-06-26 07:12 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-26 07:12 . 2013-06-26 07:12 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-26 07:12 . 2013-06-26 07:12 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-26 07:12 . 2013-06-26 07:12 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-26 07:12 . 2013-06-26 07:12 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-26 07:12 . 2013-06-26 07:12 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-26 07:12 . 2013-06-26 07:12 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-26 07:12 . 2013-06-26 07:12 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-26 07:12 . 2013-06-26 07:12 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-26 07:12 . 2013-06-26 07:12 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-26 07:12 . 2013-06-26 07:12 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-26 07:12 . 2013-06-26 07:12 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-26 07:12 . 2013-06-26 07:12 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-26 07:12 . 2013-06-26 07:12 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-26 07:12 . 2013-06-26 07:12 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-26 07:12 . 2013-06-26 07:12 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-26 07:12 . 2013-06-26 07:12 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-26 07:12 . 2013-06-26 07:12 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-26 07:12 . 2013-06-26 07:12 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-26 07:12 . 2013-06-26 07:12 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-26 07:12 . 2013-06-26 07:12 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-26 07:12 . 2013-06-26 07:12 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-26 07:12 . 2013-06-26 07:12 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-26 07:12 . 2013-06-26 07:12 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-25 11:28 . 2013-06-25 11:28 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 11:28 . 2013-06-25 11:28 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 11:28 . 2013-06-25 11:28 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 11:28 . 2013-06-25 11:28 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 11:28 . 2013-06-25 11:28 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 11:28 . 2013-06-25 11:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 11:28 . 2013-06-25 11:28 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 11:28 . 2013-06-25 11:28 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 11:28 . 2013-06-25 11:28 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-25 11:28 . 2013-06-25 11:28 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-25 11:28 . 2013-06-25 11:28 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 11:28 . 2013-06-25 11:28 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 11:28 . 2013-06-25 11:28 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 11:28 . 2013-06-25 11:28 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-25 11:28 . 2013-06-25 11:28 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-25 11:28 . 2013-06-25 11:28 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-25 11:28 . 2013-06-25 11:28 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-25 11:28 . 2013-06-25 11:28 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-25 11:28 . 2013-06-25 11:28 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-25 11:28 . 2013-06-25 11:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 11:28 . 2013-06-25 11:28 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 11:28 . 2013-06-25 11:28 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-06-25 11:28 . 2013-06-25 11:28 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-25 11:28 . 2013-06-25 11:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 11:28 . 2013-06-25 11:28 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-25 11:28 . 2013-06-25 11:28 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-06-25 11:28 . 2013-06-25 11:28 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-25 11:28 . 2013-06-25 11:28 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-25 11:28 . 2013-06-25 11:28 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 11:28 . 2013-06-25 11:28 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 11:28 . 2013-06-25 11:28 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-06-25 11:28 . 2013-06-25 11:28 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-25 11:28 . 2013-06-25 11:28 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-06-25 11:28 . 2013-06-25 11:28 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-25 11:28 . 2013-06-25 11:28 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-06-25 11:28 . 2013-06-25 11:28 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-06-25 11:28 . 2013-06-25 11:28 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-06-25 11:28 . 2013-06-25 11:28 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-25 11:28 . 2013-06-25 11:28 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-06-25 11:28 . 2013-06-25 11:28 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-25 11:28 . 2013-06-25 11:28 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da51d4f6-3e7e-4ef8-b400-9198e0874606}"= "c:\program files (x86)\KeyBar_1.14\prxtbKeyB.dll" [2013-07-17 226592]
.
[HKEY_CLASSES_ROOT\clsid\{da51d4f6-3e7e-4ef8-b400-9198e0874606}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{da51d4f6-3e7e-4ef8-b400-9198e0874606}]
2013-07-17 08:53 226592 ----a-w- c:\program files (x86)\KeyBar_1.14\prxtbKeyB.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{da51d4f6-3e7e-4ef8-b400-9198e0874606}"= "c:\program files (x86)\KeyBar_1.14\prxtbKeyB.dll" [2013-07-17 226592]
.
[HKEY_CLASSES_ROOT\clsid\{da51d4f6-3e7e-4ef8-b400-9198e0874606}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Jon Lowry\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-10 138096]
"Jenkat Games Arcade"="c:\users\Jon Lowry\AppData\Roaming\Jenkat\Jenkat Games Arcade\JenkatGA.exe" [2012-12-12 4475392]
"ConduitFloatingPlugin_dnmlhhbehhdmajijfenoldcajelckpmn"="c:\program files (x86)\Conduit\CT3291327\plugins\TBVerifier.dll" [1623-04-06 287008]
"Desk 365"="c:\program files (x86)\Desk 365\desk365.exe" [2013-08-24 979024]
"PCSpeedUp"="c:\program files (x86)\PC Speed Up\PCSUNotifier.exe" [2012-12-14 256448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...&ver=10.0.1427" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ ?)\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0sible.~nFor your convenience, a zipped file has be
.
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys;c:\windows\SYSNATIVE\drivers\anvsnddrv.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EWSASERV;EWSA Control Service;c:\program files (x86)\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv64.exe;c:\program files (x86)\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv64.exe [x]
R3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\DRIVERS\CT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_U_USBSER.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ngfilter.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 desksvc;Desk 365 service;c:\program files (x86)\Desk 365\deskSvc.exe;c:\program files (x86)\Desk 365\deskSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 NgVpnMgr;Aventail VPN Client;c:\windows\system32\ngvpnmgr.exe;c:\windows\SYSNATIVE\ngvpnmgr.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WebCakeUpdater;WebCakeUpdater;c:\program files (x86)\Tepfel\WebCakeDesktop.Updater.exe;c:\program files (x86)\Tepfel\WebCakeDesktop.Updater.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys;c:\windows\SYSNATIVE\DRIVERS\nglog.sys [x]
S3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys;c:\windows\SYSNATIVE\DRIVERS\ngvpn.sys [x]
S3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys;c:\windows\SYSNATIVE\DRIVERS\ngwfp.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-14 07:23 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-15 08:13]
.
2013-08-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000Core.job
- c:\users\Jon Lowry\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-10 21:22]
.
2013-08-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000UA.job
- c:\users\Jon Lowry\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-10 21:22]
.
2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11 01:33]
.
2013-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-11 01:33]
.
2013-08-26 c:\windows\Tasks\HPCeeScheduleForJon Lowry.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2013-08-26 c:\windows\Tasks\PC SpeedUp Service Deactivator.job
- c:\program files (x86)\PC Speed Up\PCSUSD.exe [2013-08-24 21:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-22 6486120]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&CUI=UN41382046832811610&UM=2&ctid=CT3291327
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: MasterCook: Select Image - c:\program files (x86)\MasterCook 9\Web\MCIEContext.hta
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
FF - ProfilePath - c:\users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291327&CUI=UN24295512825661793&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - KeyBar 1.14 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3291327&CUI=UN24295512825661793&UM=2&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291327&SearchSource=2&CUI=UN24295512825661793&UM=2&q=
FF - ExtSQL: 2013-06-30 01:44; [email protected]; c:\users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\[email protected]
FF - ExtSQL: 2013-08-23 21:36; {740B3FD5-4483-469D-BE7F-8555B153BD04}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
FF - ExtSQL: !HIDDEN! 2013-06-07 12:46; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extentions.webcake.installId - fc8476ad-4ab9-4794-b4e9-3b7cc9a078f6
FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{b2903142-1501-4023-a5c8-2be115f1bc09} - c:\program files (x86)\LyricSing\130.dll
Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
AddRemove-BasicServe - c:\program files (x86)\BasicServe\uninstall.exe
AddRemove-PC Health Kit_is1 - c:\program files (x86)\PC Health Kit\unins000.exe
AddRemove-WinToFlash Suggestor - c:\program files (x86)\WinToFlash Suggestor\Uninstall.exe
AddRemove-Wondershare DVD Creator_is1 - c:\program files (x86)\Wondershare\DVD Creator\unins000.exe
AddRemove-{91694001-b8ff-49d9-a43e-f79818f0fbe0} - c:\program files (x86)\LyricSing\Uninstall.exe
AddRemove-{D1E572F6-0890-C47B-72D1-D29620DA6C6B} - c:\progra~3\INSTAL~1\{19532~1\Setup.exe
AddRemove-{EAA60DBC-9BFD-30AF-E518-47FD2BABC68A} - c:\progra~3\INSTAL~1\{4E45C~1\Setup.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0b\06\0c\09\02%?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2013-08-26 00:33:50 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-26 07:33
ComboFix2.txt 2013-08-18 03:56
ComboFix3.txt 2013-03-29 03:35
ComboFix4.txt 2013-02-07 08:34
.
Pre-Run: 97,142,587,392 bytes free
Post-Run: 96,562,720,768 bytes free
.
- - End Of File - - 49D2D7048A2F35BD7794DFC6DF0D5EF3

Mbam log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Jon Lowry :: WOLFLING [administrator]

8/26/2013 12:36:12 AM
mbam-log-2013-08-26 (00-36-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 305626
Time elapsed: 6 minute(s), 3 second(s)

Memory Processes Detected: 2
C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe (PUP.Optional.WebCake.A) -> 2536 -> Delete on reboot.
C:\Program Files (x86)\Desk 365\deskSvc.exe (PUP.Optional.Desk365.A) -> 1364 -> Delete on reboot.

Memory Modules Detected: 2
C:\Program Files (x86)\Desk 365\ebase.dll (PUP.Optional.Desk365.A) -> Delete on reboot.
C:\Program Files (x86)\Desk 365\sqlite3.dll (PUP.Optional.Desk365.A) -> Delete on reboot.

Registry Keys Detected: 24
HKLM\SYSTEM\CurrentControlSet\Services\WebCakeUpdater (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKCR\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKCR\WebCakeIEClient.Api.1 (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKCR\WebCakeIEClient.Api (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKCR\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\desksvc (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Desk 365 (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{B89F5C49-51DB-4974-AB5A-E25901AA339C} (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B} (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
HKCR\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D} (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
HKCR\PCSU.SysUtils.1 (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
HKCR\PCSU.SysUtils (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BASICSERVE (PUP.Zwangi) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BASICSERVE (PUP.Zwangi) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2903142-1501-4023-a5c8-2be115f1bc09} (PUP.Optional.LyricsAd.Gen) -> Quarantined and deleted successfully.
HKCR\CLSID\{b2903142-1501-4023-a5c8-2be115f1bc09} (PUP.Optional.LyricsAd.Gen) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Desk 365 (PUP.Optional.Desk365.A) -> Data: "C:\Program Files (x86)\Desk 365\desk365.exe" /autorun -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|PCSpeedUp (PUP.Optional.PCSpeedUp.A) -> Data: C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\BasicServe|DllPath (PUP.Zwangi) -> Data: C:\Program Files (x86)\BasicServe\basicserve.dll -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BasicServe|DisplayName (PUP.Zwangi) -> Data: BasicServe 1.0 build 111 -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\desksvc|ImagePath (PUP.Optional.Desk365.A) -> Data: C:\Program Files (x86)\Desk 365\deskSvc.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.condui...&ctid=CT3291327) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 50
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365 (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\1 (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\3 (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\35 (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\36 (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\39 (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\4 (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\41 (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\42 (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\components (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_bkg (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\sysicons (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365 (PUP.Optional.Desk365.A) -> Delete on reboot.
C:\Program Files (x86)\Desk 365\desk_bkg (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\awp (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cmn (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\notify (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\upgrade (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\en_us (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\es_es (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\pt_br (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\tr_tr (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\zh_cn (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\zh_tw (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\style (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\uninstaller (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\update (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Tepfel (PUP.Optional.WebCake.A) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365 (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

Files Detected: 430
C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe (PUP.Optional.WebCake.A) -> Delete on reboot.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\components\component_libcef_1.1364.1123.exe (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\Downloads\Setup.exe (PUP.Optional.MSILLauncher.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\Local Settings\Temporary Internet Files\Content.IE5\PNJT469V\LyricsSing_1060-3050_v122[1] (PUP.Optional.LyricsAd) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll (PUP.WebCake) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\accelerate (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_bkg_list.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_list.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_settings.ini (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\firstrun (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\process_mgr.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\1\angrybirds.db (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\1\angrybirds.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\3\BigFarm.db (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\3\BigFarm.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\35\Gmail.db (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\35\Gmail.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\36\Outlook.db (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\36\Outlook.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\39\ESPN.db (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\39\ESPN.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\4\Empire.db (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\4\Empire.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\41\gcalendar.db (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\41\gcalendar.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\42\pulse.db (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\app\config\42\pulse.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_1.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_2.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_3.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_4.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_5.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_default.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\337_7c9140b13c049fd26989f7fa25b77cb1_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\angrybirds_00ff92c12703baaf0130d6aec427d047_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Barbie_00a67ff4ef657679a6c88553135d62ad_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\BigFarm_de933b0e5218a4db24bebe3d55ed3558_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\chrome_b7bb09c3903b6ff6028c866874bf640f.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\chrome_b7bb09c3903b6ff6028c866874bf640f_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\ComboFix_48ec9c9e28b6f3083b11777752de715a.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\ComboFix_48ec9c9e28b6f3083b11777752de715a_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Empire_22b42f57d1c467841280810e218d5510_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\ESPN_a7b078f5f5f5b87efcef66ab5783cf9d_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Facebook_aab07bc79cf599b25c0110f32d46a3ef_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\firefox_b414165d9cd1076677f9afafe1c8f6f0.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\firefox_b414165d9cd1076677f9afafe1c8f6f0_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\gcalendar_50b3e3c5fc202f0cfcae8032b2465c1b_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Gmail_731b6d011bd9f67463a916a496775935_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Google_60d75cb277f0c452fa60dba8350caf65_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\iexplore_f4c15fc16ef88bbbc521e1d4cef6f739.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\iexplore_f4c15fc16ef88bbbc521e1d4cef6f739_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Mario_52934d81761dc31187a93a3a0be7fecc_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\mbam_207f9b943b91f0a949b31360e6bb92e4.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\mbam_207f9b943b91f0a949b31360e6bb92e4_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Outlook_6f817b67fa6af1a9c8abfa3813a8595c_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\PCSULauncher_0b92478ba12195d5d99ca532cf6419c3.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\PCSULauncher_0b92478ba12195d5d99ca532cf6419c3_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\pulse_b5a242da04cc06eacd02b1ca41e3583c_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\sys_computer_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\sys_control_panel_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Twitter_ebddd85ec04b7b94a2b2e97b73a90a4a_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\icons\Youtube_bf18fdfc4aefd6417a8bacae4be5b415_48_48.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\337.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\337_7c9140b13c049fd26989f7fa25b77cb1.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\barbie.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\Barbie_00a67ff4ef657679a6c88553135d62ad.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\facebook.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\Facebook_aab07bc79cf599b25c0110f32d46a3ef.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\GameCenter.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\google.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\Google_60d75cb277f0c452fa60dba8350caf65.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\mario.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\Mario_52934d81761dc31187a93a3a0be7fecc.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\twitter.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\Twitter_ebddd85ec04b7b94a2b2e97b73a90a4a.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\v9.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\youtube.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\promote\Youtube_bf18fdfc4aefd6417a8bacae4be5b415.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\sysicons\0737cc0646562366bf607aa1fa2a03bd_21.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\sysicons\07584c03a5dd11a6104e45e8ad03b3fe_104.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r0.jpg (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r1.jpg (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r2.jpg (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r3.jpg (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r4.jpg (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r5.jpg (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r6.jpg (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r7.jpg (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r8.jpg (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\Desk 365\wp\r9.jpg (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\promote.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\desk365.exe (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\DeskExternal.exe (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\deskplusdl.exe (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\deskSvc.exe (PUP.Optional.Desk365.A) -> Delete on reboot.
C:\Program Files (x86)\Desk 365\desk_bkg_list.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\desk_list.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\desk_settings.ini (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\ebase.dll (PUP.Optional.Desk365.A) -> Delete on reboot.
C:\Program Files (x86)\Desk 365\edeskcmn.dll (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\eDhelper.exe (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\eDhelper64.exe (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\edis.dll (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\edis64.dll (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\ElexDbg.dll (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\enotify.dll (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\eUninstall.exe (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\libpng.dll (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\libpopdlg.dll (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\main (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\mbdet.dll (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\ouilibnl.dll (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\process_mgr.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\recent.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\segoeui.ttf (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\segoeuib.ttf (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\sqlite3.dll (PUP.Optional.Desk365.A) -> Delete on reboot.
C:\Program Files (x86)\Desk 365\svc.conf (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\TrayDownloader.exe (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\WinZipperdl.exe (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\zlib1.dll (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\desk_bkg\desk_bkg_1.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\desk_bkg\desk_bkg_2.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\desk_bkg\desk_bkg_3.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\desk_bkg\desk_bkg_4.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\desk_bkg\desk_bkg_5.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\desk_bkg\desk_bkg_default.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\337.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\accelerate_button_bkg.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\add_button.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\add_flash.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\add_shortcut.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\add_shortcut_mouseover.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\angrybirds.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\app_icon.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\app_screen.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\arrow_left.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\arrow_right.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\bg_hover.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\bg_pushed.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\bug.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\button_delete.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\button_selected.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\button_skin.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\change_skin.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\check_checked.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\check_intermediate.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\check_uncheck.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cloud_flash.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\collectlnkdlg.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\combo_skin.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\combo_skin_op.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\customize.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\customize_bk.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\custom_screen.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\delete_button.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\DeskBkgnd.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\deskbtnbk.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\desktopmasks_bk.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\desk_about_bg.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\desk_close.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\desk_cmd_list.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\desk_default_bk.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\desk_edit.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\desk_fbar.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\desk_menu.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\desk_more.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\desk_skin.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\DlgBkgnd.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\edesk_hover.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\edesk_hover_small.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\edesk_normal.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\edit_skin.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\edit_skin_op.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\finding.gif (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\gl_res.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\horizontal_line.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\hscroll.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\icon_Tip.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\improve_arrow.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\indicator.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\installing1.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\installing2.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\installing_bg.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\install_back.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\install_button_skin.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\install_check_checked.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\install_check_intermediate.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\install_check_uncheck.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\install_hover.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\install_logo.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\install_normal.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\install_resource.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\large-arrow.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\large_add_icon.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\line-foot.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\line-top.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\line_ver.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\loading.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\menuitem_selbk.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\menu_bk.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\msg_btn_close.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\msg_center.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\new_icon.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\new_icon_xp.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\nextpage.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\nothing.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\num.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\number.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\PageBtnBkg.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\PageNavigate.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\patch_file_icon.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\percent_sign.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\pic-error.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\pic-info.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\pic-question.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\pic-warning.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\popup_dialog_bk.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\pop_msg_bk.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\prepage.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\previewdialog.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\progressbar_bk.bmp (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\progressbar_bk.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\progressbar_image.bmp (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\progressbar_image.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\progress_bk.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\progress_meter.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\radio_normal.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\radio_selected.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\resclear_best_tip_bkg.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\resclear_footer_bkg.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\resclear_green_check.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\resclear_main_bkg.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\resclear_tip_bkg.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\resource.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\resource_usage_progress_bkg.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\resource_usage_progress_green.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\resource_usage_progress_red.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\resource_usage_progress_yellow.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\return_bk.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\rocket_ship.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\sc_button.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\sc_line.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\selected.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\SettingBk.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\shortcut_Tip.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\shutdown_button_bkg.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\shutdown_more_button_bkg.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\SkinMgr_bg.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\soft_desk.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\spliter_bar_bk_left.bmp (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\spliter_bar_bk_right.bmp (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\spliter_skin.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\start_menu_bk.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\switch_screen.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\sys_close.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\sys_imglist.bmp (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\sys_max.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\sys_min.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\sys_restore.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\sys_setting.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\title_bar.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\toolbar_tips_bottom.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\toolbar_tips_left.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\toolbar_tips_right.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\toolbar_tips_top.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\v9.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\vertical_border.bmp (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\vertical_line.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\vscroll.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\wallpaper.ico (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\web_screen.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\WIN7_bjSmall_X.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\WIN7_bjSmall_Y.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\WIN7_bj_X.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\WIN7_bj_Y.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\wp_bk.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\wp_meter.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\XP_bj_hover.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\XP_bj_normal.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\awp\1.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\awp\2.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\awp\3.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cmn\game_bk_wnd.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cmn\game_close.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cmn\game_hide.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cmn\game_max.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cmn\game_min.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cmn\game_restore.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cmn\game_system.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cmn\menu_bg.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cmn\menu_item_over.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cmn\pic-error.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cmn\pic-info.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cmn\pic-question.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cmn\pic-warning.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cmn\popup_dialog_bk.bmp (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\cmn\prepare.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\notify\notify_bg.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\notify\notify_close.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\play.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us\desk_tip1.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us\desk_tip2.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us\desk_tip3.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us\help1.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us\help2.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us\help3.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us\start.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\en_us\tips_click_here.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es\desk_tip1.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es\desk_tip2.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es\desk_tip3.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es\help1.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es\help2.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es\help3.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es\start.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\es_es\tips_click_here.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br\desk_tip1.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br\desk_tip2.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br\desk_tip3.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br\help1.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br\help2.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br\help3.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br\start.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\pt_br\tips_click_here.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr\desk_tip1.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr\desk_tip2.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr\desk_tip3.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr\help1.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr\help2.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr\help3.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr\start.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\tips\tr_tr\tips_click_here.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\image\default\upgrade\start.png (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\protocol.txt (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\en_us\edesk.ini (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\en_us\game_login.ini (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\en_us\install_lang.ini (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\es_es\edesk.ini (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\es_es\game_login.ini (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\es_es\install_lang.ini (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\pt_br\edesk.ini (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\pt_br\game_login.ini (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\pt_br\install_lang.ini (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\tr_tr\edesk.ini (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\tr_tr\game_login.ini (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\tr_tr\install_lang.ini (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\language\zh_tw\game_login.ini (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\add_shortcut.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\add_shortcut_tip.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\auto_start.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\bug_report.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\delete_tip.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\desk.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\desk_about.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\desk_bkg.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\desk_collect_lnk.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\desk_help.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\desk_helptip.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\desk_hover_dlg.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\desk_mgr.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\desk_msgbox.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\desk_rename.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\desk_resclear_besttip.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\desk_resclear_main.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\desk_resclear_tip.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\desk_settings.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\desk_set_url.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\gamelogin.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\gl_game.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\gl_newwindow.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\import_shortcut.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\install_msgbox.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\languageSelect.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\msgbox.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\msg_center.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\popMsgBox.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\pop_context.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\pop_message.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\pop_standard.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\set_res_used_percent.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\shutdown_tip.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\uninsteDesk.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\uninstgl.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\update.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\layout\default\upgrade_guide.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\style\gl_style.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\style\install_style.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\style\style.xml (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\uninstaller\eDesk.inst (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Desk 365\uninstaller\gamelogin.inst (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\PCSUService.conf (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\App.config (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\Icon.ico (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\PCSpeedUp.s3db (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\PCSpeedUp.sys (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\PCSUBootTimes.log (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\PCSUHelper.dll (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\PCSULauncher.exe (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\PCSUSD.exe (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\PCSUService-Timer.log (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\PCSUService.exe (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\PCSUService.log (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\PCSUUCC.exe (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\PCSUUCC.log (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\PopupNotification.dll (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\Sqlite3.dll (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\unins000.dat (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\unins000.exe (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PC Speed Up\unins000.msg (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\PC SpeedUp Service Deactivator.job (PUP.Optional.PCSpeedUp.A) -> Quarantined and deleted successfully.
C:\Users\Jon Lowry\AppData\Roaming\SearchProtect\Res\SPSetup.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.InstallState (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Tepfel\OptChrome.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Tepfel\optimizer.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Tepfel\sqlite3.exe (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Tepfel\WebCakeLayers.crx (PUP.Optional.WebCake.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365\eUninstall.lnk (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desk 365\Desk 365.lnk (PUP.Optional.Desk365.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

(end)


otl log:

OTL logfile created on: 8/26/2013 12:38:43 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jon Lowry\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 60.59% Memory free
7.60 Gb Paging File | 5.90 Gb Available in Paging File | 77.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 90.03 Gb Free Space | 20.08% Space Free | Partition Type: NTFS
Drive D: | 17.02 Gb Total Space | 2.45 Gb Free Space | 14.41% Space Free | Partition Type: NTFS

Computer Name: WOLFLING | User Name: Jon Lowry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/17 21:11:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
PRC - [2013/07/24 17:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/02/15 13:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/21 11:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/02 12:14:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 09:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/15 01:45:27 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\a65a89dc687715adf46de23e717b842b\IAStorUtil.ni.dll
MOD - [2013/08/15 01:24:12 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8dc1c182cd1f10cd2abcfecd01fe9eeb\System.Web.ni.dll
MOD - [2013/08/15 01:24:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 01:23:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/15 01:23:16 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 01:22:59 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/08/15 01:22:53 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 01:22:49 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/15 01:22:41 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/24 17:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 17:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 17:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/24 17:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/24 17:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2013/07/09 23:26:12 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2011/03/21 11:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 11:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/04/12 11:29:36 | 000,534,824 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\Windows\SysNative\ngvpnmgr.exe -- (NgVpnMgr)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/08/21 01:13:12 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/25 01:17:16 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/01 18:13:30 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2012/11/06 20:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/04/16 13:49:30 | 000,082,224 | ---- | M] (ElcomSoft Co. Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Elcomsoft Password Recovery\Elcomsoft Wireless Security Auditor\ewsaserv64.exe -- (EWSASERV)
SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/04/12 06:38:40 | 000,103,496 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngvpn.sys -- (NgVpn)
DRV:64bit: - [2013/04/12 06:38:40 | 000,031,304 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nglog.sys -- (NgLog)
DRV:64bit: - [2013/04/12 06:38:40 | 000,028,744 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ngwfp.sys -- (NgWfp)
DRV:64bit: - [2013/04/12 06:38:40 | 000,026,184 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ngfilter.sys -- (NgFilter)
DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/10/22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 04:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 04:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 04:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 04:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 04:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/20 16:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012/08/20 16:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2011/12/19 16:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2011/11/28 15:51:44 | 000,033,872 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\anvsnddrv.sys -- (anvsnddrv)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/10/01 02:16:50 | 000,393,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/05 21:04:00 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/05/09 18:09:00 | 000,122,368 | ---- | M] (Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_U_USBSER.sys -- (Generalusbserialser20675)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/01 12:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/02 00:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/08/02 12:14:48 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/07/28 21:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/31 12:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 07:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2010/12/01 12:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010/01/28 14:46:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/28 14:46:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/22 18:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{4C6AB4BD-96D7-4335-97AB-C4588C2427C2}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{4FDD993D-F656-4134-8E18-AFCCC84F8912}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{CB469F30-480D-4846-B7EB-63F186F828BD}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {da51d4f6-3e7e-4ef8-b400-9198e0874606} - C:\Program Files (x86)\KeyBar_1.14\prxtbKeyB.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {D7F076EF-8D8C-4DBC-A8B8-B7DF004B5C6F}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..\URLSearchHook: {da51d4f6-3e7e-4ef8-b400-9198e0874606} - C:\Program Files (x86)\KeyBar_1.14\prxtbKeyB.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..\SearchScopes,DefaultScope = {D7F076EF-8D8C-4DBC-A8B8-B7DF004B5C6F}
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..\SearchScopes\{5FB49AFC-8016-4EB2-A383-78E96790C85E}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searc}
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..\SearchScopes\{D7F076EF-8D8C-4DBC-A8B8-B7DF004B5C6F}: "URL" = http://search.condui...6832811610&UM=2
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..CT3291327.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "KeyBar 1.14 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "KeyBar 1.14 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "KeyBar 1.14 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://search.condui...661793&UM=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jon Lowry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Jon Lowry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/26 15:53:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/06/04 06:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/06/04 06:43:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/06/07 12:46:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/25 01:17:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/06/07 12:46:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\{f4099a62-c535-4dd5-9e82-7d8407522387}: C:\Program Files (x86)\LyricSing\130.xpi

[2012/03/27 19:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Extensions
[2012/03/27 19:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/08/23 21:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions
[2013/08/23 21:35:22 | 000,000,000 | ---D | M] (KeyBar 1.14) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\{da51d4f6-3e7e-4ef8-b400-9198e0874606}
[2013/08/23 21:35:58 | 000,000,000 | ---D | M] (WebCake) -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\[email protected]
[2013/08/23 21:35:23 | 000,000,999 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\searchplugins\conduit.xml
[2013/08/19 02:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013/08/23 21:39:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/23 21:39:08 | 000,000,000 | ---D | M] (BasicServe) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
[2013/07/25 01:17:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/03/10 09:58:36 | 000,002,201 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\scenicreflectionstb.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...=CT3291327&UM=2
CHR - default_search_provider: suggest_url = http://suggest.searc...4002980619&UM=2
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\Jon Lowry\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Jon Lowry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jon Lowry\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Google Drive = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Jon Lowry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/26 00:26:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (KeyBar 1.14 Toolbar) - {da51d4f6-3e7e-4ef8-b400-9198e0874606} - C:\Program Files (x86)\KeyBar_1.14\prxtbKeyB.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (KeyBar 1.14 Toolbar) - {da51d4f6-3e7e-4ef8-b400-9198e0874606} - C:\Program Files (x86)\KeyBar_1.14\prxtbKeyB.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000..\Run: [ConduitFloatingPlugin_dnmlhhbehhdmajijfenoldcajelckpmn] C:\Program Files (x86)\Conduit\CT3291327\plugins\TBVerifier.dll (Conduit Ltd.)
O4 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000..\Run: [Facebook Update] C:\Users\Jon Lowry\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000..\Run: [Jenkat Games Arcade] C:\Users\Jon Lowry\AppData\Roaming\Jenkat\Jenkat Games Arcade\JenkatGA.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2ECEE45-E66C-43D0-BF61-9B61E89D0E19}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E73B43AB-B625-4EF7-932A-B128EF0F8391}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/02/07 01:44:47 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{807ce86d-271c-11e0-aa54-806e6f6e6963}\Shell)
O34 - HKLM BootExecute: (Corporation))
O34 - HKLM BootExecute: (nologies))
O34 - HKLM BootExecute: ()
O34 - HKLM BootExecute: (rporation))
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/26 00:26:39 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/08/25 00:08:08 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\8 DIY Bird Baths Spoonful_files
[2013/08/25 00:03:20 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\27 Ways To Make Your Groceries Last As Long As Possible_files
[2013/08/23 21:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/23 21:49:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/23 21:49:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/23 21:37:17 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\PCSpeedUp
[2013/08/23 21:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
[2013/08/23 21:36:14 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013/08/23 21:35:53 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Tepfel
[2013/08/23 21:35:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyBar_1.14
[2013/08/23 21:35:38 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\Conduit
[2013/08/23 21:35:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/08/23 21:35:23 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\SearchProtect
[2013/08/22 12:57:24 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\sugar-free-gummy-worms-75525_files
[2013/08/21 13:56:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/21 01:13:05 | 017,737,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/08/20 20:08:46 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\Allrecipes - Austrian_files
[2013/08/20 20:08:02 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\Allrecipes - German_files
[2013/08/19 02:12:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/19 02:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/08/19 02:10:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/08/18 18:42:29 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\calibre-cache
[2013/08/17 21:44:55 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Media Player Classic
[2013/08/17 21:11:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
[2013/08/17 20:34:18 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\avgchrome
[2013/08/17 20:33:38 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Local\WebPlayer
[2013/08/15 01:10:39 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/15 01:10:38 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/15 01:10:37 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/15 01:10:37 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/15 01:10:37 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/15 01:10:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/15 01:10:37 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/15 01:10:37 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/15 01:10:37 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/15 01:10:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/15 01:10:37 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/15 01:10:35 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/15 01:10:35 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/15 01:10:35 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/15 01:10:34 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/14 00:57:03 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 00:57:03 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 00:57:02 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 00:56:30 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/14 00:56:30 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/14 00:56:29 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/14 00:56:28 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/14 00:56:27 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/14 00:56:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/14 00:56:27 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/14 00:56:27 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/14 00:56:27 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/14 00:56:26 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/14 00:55:54 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/14 00:55:52 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 00:55:52 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/14 00:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/08/11 01:25:01 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jenkat Games Arcade
[2013/08/11 01:24:53 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\AppData\Roaming\Jenkat
[2013/08/11 01:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo Browser Settings
[2013/08/10 01:30:09 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Desktop\ACN
[2013/08/07 22:02:00 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Jared
[2013/08/07 22:01:53 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Carla
[2013/08/07 22:01:45 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Jon
[2013/08/01 06:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/31 23:59:17 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\Taxes
[2013/07/29 00:03:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2012/12/22 20:20:34 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/08/26 01:13:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/26 01:09:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/26 01:08:58 | 000,001,174 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\ComboFix - Shortcut.lnk
[2013/08/26 00:33:35 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/26 00:33:35 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/26 00:26:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/26 00:26:11 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/26 00:26:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/26 00:25:55 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/26 00:05:53 | 003,145,014 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/26 00:05:53 | 000,988,686 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/26 00:05:53 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/25 23:27:01 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000UA.job
[2013/08/25 19:34:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJon Lowry.job
[2013/08/25 14:27:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-538650268-2924358156-1730836174-1000Core.job
[2013/08/25 00:08:08 | 000,127,186 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\8 DIY Bird Baths Spoonful.htm
[2013/08/25 00:03:20 | 000,613,451 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\27 Ways To Make Your Groceries Last As Long As Possible.htm
[2013/08/23 21:55:04 | 000,025,083 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Teddy Graham Race cars.jpg
[2013/08/23 21:52:46 | 000,089,314 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\1236877_510148929075732_679244080_n.jpg
[2013/08/23 21:49:33 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/23 21:36:55 | 000,001,048 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\PC Speed Up.lnk
[2013/08/23 21:36:16 | 000,773,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2013/08/23 21:36:16 | 000,420,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2013/08/23 21:35:54 | 000,000,009 | ---- | M] () -- C:\END
[2013/08/23 21:28:23 | 000,891,115 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\SecurityCheck.exe
[2013/08/23 16:55:25 | 000,029,668 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\game of thrones drinking game.jpg
[2013/08/22 13:33:17 | 000,043,686 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\SIP THE SHRINKER.jpg
[2013/08/22 12:57:24 | 000,247,552 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\sugar-free-gummy-worms-75525.htm
[2013/08/21 01:13:12 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/08/21 01:13:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/21 01:13:05 | 017,737,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/08/20 20:08:46 | 000,181,269 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Allrecipes - Austrian.htm
[2013/08/20 20:08:02 | 000,193,573 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Allrecipes - German.htm
[2013/08/19 23:25:44 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/08/19 23:25:44 | 000,001,848 | ---- | M] () -- C:\Users\Jon Lowry\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/08/19 22:32:57 | 000,086,595 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\Detox Water.jpg
[2013/08/19 02:10:47 | 000,000,924 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\NTREGOPT.lnk
[2013/08/18 18:41:11 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/08/17 21:11:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jon Lowry\Desktop\OTL.exe
[2013/08/15 01:15:56 | 000,002,279 | ---- | M] () -- C:\Users\Jon Lowry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/14 00:23:19 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/09 16:36:12 | 000,000,258 | RHS- | M] () -- C:\Users\Jon Lowry\ntuser.pol
[2013/08/07 03:07:42 | 000,006,144 | ---- | M] () -- C:\Users\Jon Lowry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/01 06:10:27 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/31 05:12:28 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/07/29 22:09:42 | 000,000,124 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013/07/29 22:07:13 | 004,997,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/08/26 01:08:58 | 000,001,174 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\ComboFix - Shortcut.lnk
[2013/08/25 00:08:07 | 000,127,186 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\8 DIY Bird Baths Spoonful.htm
[2013/08/25 00:03:19 | 000,613,451 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\27 Ways To Make Your Groceries Last As Long As Possible.htm
[2013/08/23 21:55:04 | 000,025,083 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Teddy Graham Race cars.jpg
[2013/08/23 21:52:46 | 000,089,314 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\1236877_510148929075732_679244080_n.jpg
[2013/08/23 21:49:33 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/23 21:36:55 | 000,001,048 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\PC Speed Up.lnk
[2013/08/23 21:35:05 | 000,000,009 | ---- | C] () -- C:\END
[2013/08/23 21:28:21 | 000,891,115 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\SecurityCheck.exe
[2013/08/23 16:55:24 | 000,029,668 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\game of thrones drinking game.jpg
[2013/08/22 13:33:16 | 000,043,686 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\SIP THE SHRINKER.jpg
[2013/08/22 12:57:22 | 000,247,552 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\sugar-free-gummy-worms-75525.htm
[2013/08/20 20:08:46 | 000,181,269 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Allrecipes - Austrian.htm
[2013/08/20 20:08:01 | 000,193,573 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Allrecipes - German.htm
[2013/08/19 22:32:57 | 000,086,595 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\Detox Water.jpg
[2013/08/19 02:10:47 | 000,000,924 | ---- | C] () -- C:\Users\Jon Lowry\Desktop\NTREGOPT.lnk
[2013/08/14 00:23:19 | 000,002,279 | ---- | C] () -- C:\Users\Jon Lowry\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/14 00:23:19 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/01 06:10:27 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/04/12 11:31:30 | 000,234,280 | ---- | C] () -- C:\Windows\ngmsi.dll
[2013/04/12 11:30:42 | 000,020,776 | ---- | C] () -- C:\Windows\ngutil.exe
[2013/02/07 01:20:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/07 01:20:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/07 01:20:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/07 01:20:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/07 01:20:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/11 15:12:08 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013/01/04 21:12:28 | 000,006,144 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/28 17:23:06 | 000,000,049 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE2.dat
[2012/12/28 17:21:45 | 000,000,050 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_loginapplet_LIVE.dat
[2012/12/28 17:21:45 | 000,000,024 | ---- | C] () -- C:\Users\Jon Lowry\random.dat
[2012/12/28 17:20:04 | 000,000,049 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE1.dat
[2012/12/22 20:20:34 | 000,007,859 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.cat
[2012/12/22 20:20:33 | 000,001,167 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\pcouffin.inf
[2012/11/20 18:36:30 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/08/25 12:42:13 | 000,000,258 | RHS- | C] () -- C:\Users\Jon Lowry\ntuser.pol
[2012/05/19 08:48:52 | 000,870,128 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\mcs.rma
[2012/03/31 03:08:06 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ATLMovie.dll
[2012/03/31 02:32:14 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2012/03/18 16:06:46 | 000,000,132 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/02 22:10:42 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/07 01:22:56 | 000,000,032 | ---- | C] () -- C:\Users\Jon Lowry\jagex_cl_runescape_LIVE.dat
[2011/12/23 16:12:26 | 000,000,097 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Local\fusioncache.dat
[2011/06/03 15:10:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/16 20:50:25 | 000,001,854 | ---- | C] () -- C:\Users\Jon Lowry\AppData\Roaming\GhostObjGAFix.xml
[2011/02/06 01:26:14 | 000,000,117 | ---- | C] () -- C:\Users\Jon Lowry\jagex_runescape_preferences2.dat
[2011/02/06 01:24:11 | 000,000,034 | ---- | C] () -- C:\Users\Jon Lowry\jagex_runescape_preferences.dat
[2011/01/29 11:50:13 | 000,000,124 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 178 bytes -> C:\ProgramData\Temp:BF3D62E7
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
  • 0

#11
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi bigredyeeha,

Step One: CF Script

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the code box below into it:

KillAll::

File::
c:\windows\Tasks\PC SpeedUp Service Deactivator.job

Folder::
c:\program files (x86)\PC Speed Up
c:\program files (x86)\Desk 365
c:\users\Jon Lowry\AppData\Roaming\Desk 365
c:\programdata\eSafe
c:\users\Jon Lowry\AppData\Roaming\Tepfel
c:\program files (x86)\Tepfel
c:\programdata\Tarma Installer
c:\program files (x86)\KeyBar_1.14
c:\users\Jon Lowry\AppData\Local\Conduit
c:\program files (x86)\Conduit
c:\users\Jon Lowry\AppData\Roaming\SearchProtect

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{da51d4f6-3e7e-4ef8-b400-9198e0874606}"=-

[-HKEY_CLASSES_ROOT\clsid\{da51d4f6-3e7e-4ef8-b400-9198e0874606}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\]
"{da51d4f6-3e7e-4ef8-b400-9198e0874606}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{da51d4f6-3e7e-4ef8-b400-9198e0874606}"=-

[-HKEY_CLASSES_ROOT\clsid\{da51d4f6-3e7e-4ef8-b400-9198e0874606}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ConduitFloatingPlugin_dnmlhhbehhdmajijfenoldcajelckpmn"=-
"Desk 365"=-
"PCSpeedUp"=-

Driver::
desksvc
WebCakeUpdater

FireFox::
FF - ProfilePath - c:\users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\
FF - prefs.js: browser.search.defaulturl
FF - prefs.js: browser.startup.homepage
FF - prefs.js: keyword.URL
FF - prefs.js: browser.search.selectedEngine - KeyBar 1.14 Customized Web Search
FF - ExtSQL: 2013-06-30 01:44; [email protected]; c:\users\Jon Lowry\AppData\Roaming\Mozilla\Firefox\Profiles\8mzbhq3r.default\extensions\[email protected]
FF - ExtSQL: 2013-08-23 21:36; {740B3FD5-4483-469D-BE7F-8555B153BD04}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{740B3FD5-4483-469D-BE7F-8555B153BD04}
FF - user.js: extentions.webcake.installId - fc8476ad-4ab9-4794-b4e9-3b7cc9a078f6
FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step Two: OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot


Note: If you are using the pro version or trial version of Malwarebytes 1.6 or higher please disable it for the duration of this fix as it may interfere with the successful execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.



Run OTL
Posted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following (do not copy the word "quote")

    :Commands
    [createrestorepoint]

    :OTL
    IE - HKU\S-1-5-21-538650268-2924358156-1730836174-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
    FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\{f4099a62-c535-4dd5-9e82-7d8407522387}: C:\Program Files (x86)\LyricSing\130.xpi
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O34 - HKLM BootExecute: (HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{807ce86d-271c-11e0-aa54-806e6f6e6963}\Shell)
    O34 - HKLM BootExecute: (Corporation))
    O34 - HKLM BootExecute: (nologies))
    O34 - HKLM BootExecute: ()
    O34 - HKLM BootExecute: (rporation))
    [2013/08/23 21:37:17 | 000,000,000 | ---D | C] -- C:\Users\Jon Lowry\Documents\PCSpeedUp
    [2013/08/23 21:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
    [2013/08/23 21:36:55 | 000,001,048 | ---- | M] () -- C:\Users\Jon Lowry\Desktop\PC Speed Up.lnk
    [2013/08/23 21:35:54 | 000,000,009 | ---- | M] () -- C:\END

    :Files
    ipconfig /flushdns /c

    :Commands
    [resethosts]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the log it produces in your next reply.



Step Three: Junkware Removal Tool

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step Four: OTL Scan

Run OTL
Posted Image
  • Click the Quick Scan button. Post the log it produces in your next reply.
Step Five: How is your computer running?

Please let me know how your computer is running and what specific problems remain.

What I need in your next post:
1. The log from the combofix script, CFScript.txt.
2. The log from the OTL fix.
3. The log from the Junkware Removal Tool, JRT.txt.
4. The log from the OTL scan, OTL.txt.
5. Please let me know what the remaining issues are.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP