Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ukash virus help [Solved]


  • This topic is locked This topic is locked

#16
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Roger that. Surf safely. :)
  • 0

Advertisements


#17
MyEndGame

MyEndGame

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi again, I installed update checker, and noscript, and just went on normal sites I always go on, but somehow got this "conduit search" thing installed as my homepage. I found the program and uninstalled it, but is there anything else I should look into to remove it?

I also noticed something called companionuser.exe running in my task manager, and my broswer freezes when Im on youtube or some other video site at time, saying shockwave flashplayer plugins is having problems and asking me if i should continue or turn it off.

I ran malwarebytes and removed what i found, here are the logs in case

Protection: Enabled

29/12/2013 4:25:46 PM
mbam-log-2013-12-29 (16-25-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219650
Time elapsed: 12 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> No action taken.

Files Detected: 14
C:\Users\Jag\AppData\Local\Temp\nsbC19C.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jag\AppData\Local\Temp\nseEEB0.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jag\AppData\Local\Temp\nsh9E12.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jag\AppData\Local\Temp\nshA083.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jag\AppData\Local\Temp\nshBCDA.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jag\AppData\Local\Temp\nsrBF3B.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jag\AppData\Local\Temp\nsw9BB0.exe (PUP.Optional.SearchProtect.A) -> No action taken.
C:\Users\Jag\AppData\Local\Temp\utt53C8.tmp.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jag\AppData\Local\Temp\utt5D27.tmp (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\Jag\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jag\Local Settings\Temporary Internet Files\Content.IE5\43DAVPJE\SPSetup[1].exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\Jag\Local Settings\Temporary Internet Files\Content.IE5\G8MB3RT1\spstub[1].exe (PUP.Optional.Conduit.A) -> No action taken.
c:\program files (x86)\searchprotect\searchprotect\bin\spvc32loader.dll (PUP.Optional.SearchProtect.A) -> No action taken.
c:\program files (x86)\searchprotect\searchprotect\bin\spvc64loader.dll (PUP.Optional.SearchProtect.A) -> No action taken.

(end)

Edited by MyEndGame, 29 December 2013 - 06:20 PM.

  • 0

#18
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Post fresh OTL logs. Did you download anything new?
  • 0

#19
MyEndGame

MyEndGame

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I didnt download anything other than the programs you recommended, but my kid was on the computer today for a little bit. Its some search engine called conduit.com, I ran malwarebytes in safe mode, and deleted whatever came up, I also ran ADWCleaner, I will post both those logs as well. But its somehow still the default search engine in chrome, and I dont know about internet explorer yet.

This is what I read on conduit - https://groups.google.com/forum/#!topic/chromebook-central/guGoXqgmhlQ


The flash issue has been resolved, I uninstalled all adobe products like acrobat reader and flash. Had some problems reinstalling it, but got it working again thanks to this - http://forums.adobe.com/thread/928315

For some reason, its acrobat reader that I am having problems installing now.

OTL LOG

OTL logfile created on: 12/30/2013 4:48:28 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jag\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.48 Gb Total Physical Memory | 5.32 Gb Available Physical Memory | 71.06% Memory free
14.97 Gb Paging File | 12.16 Gb Available in Paging File | 81.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1850.36 Gb Total Space | 523.89 Gb Free Space | 28.31% Space Free | Partition Type: NTFS
Drive D: | 12.55 Gb Total Space | 1.51 Gb Free Space | 12.03% Space Free | Partition Type: NTFS

Computer Name: JAG-HP | User Name: Jag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/30 04:47:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jag\Desktop\OTL.exe
PRC - [2013/12/30 03:07:17 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/12/20 06:48:37 | 000,612,696 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
PRC - [2013/12/20 06:21:00 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/10/01 07:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/12/06 14:48:42 | 003,256,408 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files (x86)\mIRC\mirc.exe
PRC - [2011/05/05 18:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/30 03:07:16 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/12/20 06:21:00 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/06/19 11:44:37 | 000,204,280 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/27 05:27:01 | 001,507,248 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender\vsserv.exe -- (VSSERV)
SRV:64bit: - [2013/11/27 05:24:55 | 000,077,632 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe -- (BdDesktopParental)
SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/07 11:33:30 | 000,067,320 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2013/07/08 14:59:09 | 000,094,624 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/24 19:38:30 | 000,318,464 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/10/24 05:16:42 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\sysnative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/12/30 03:07:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/20 06:21:00 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 14:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/01 07:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/05/05 18:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/13 22:34:34 | 000,082,824 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2013/08/23 12:48:49 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\sysnative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2013/08/20 06:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 06:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/08/07 12:46:28 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\sysnative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2013/07/19 17:08:08 | 000,601,360 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\sysnative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2013/07/19 17:04:54 | 000,727,592 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\sysnative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2013/07/02 13:04:11 | 000,121,928 | ---- | M] (Bitdefender SRL) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys -- (bdfwfpf_pc)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\sysnative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/31 17:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 17:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/02/22 18:46:52 | 000,093,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2012/12/06 08:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/11/02 13:17:46 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/27 20:43:11 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\sysnative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/04/24 19:38:30 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/04/17 13:34:26 | 000,076,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\sysnative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/14 19:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/10/24 05:56:54 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/24 04:40:08 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/10 23:17:15 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/10 23:17:15 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/16 13:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/17 20:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 20:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2010/12/15 22:36:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{E0595396-B38B-438D-A52C-40139E817958}: "URL" = http://www.amazon.ca...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.13
FF - prefs.js..extensions.enabledAddons: %7B54BB9F3F-07E5-486c-9B39-C7398B99391C%7D:4.1.2013040601
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Bitdefender.com/PasswordManager;version=17.8: C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxnp.dll (Bitdefender)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER\BDTBEXT [2013/10/17 14:03:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ [2013/10/17 14:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/24 00:40:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013/10/17 14:03:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/24 00:40:31 | 000,000,000 | ---D | M]

[2011/12/07 20:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jag\AppData\Roaming\Mozilla\Extensions
[2013/12/30 03:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jag\AppData\Roaming\Mozilla\Firefox\Profiles\7ctr9wal.default-1388383028785\extensions
[2013/12/30 03:47:29 | 000,307,011 | ---- | M] () (No name found) -- C:\Users\Jag\AppData\Roaming\Mozilla\Firefox\Profiles\7ctr9wal.default-1388383028785\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
[2013/12/30 03:46:24 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Jag\AppData\Roaming\Mozilla\Firefox\Profiles\7ctr9wal.default-1388383028785\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/12/30 03:39:51 | 000,287,503 | ---- | M] () (No name found) -- C:\Users\Jag\AppData\Roaming\Mozilla\Firefox\Profiles\7ctr9wal.default-1388383028785\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/11/15 22:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/15 22:19:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/15 22:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 22:19:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/20 06:21:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Slinky Elegant = C:\Users\Jag\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.6_0\
CHR - Extension: Bitdefender Wallet = C:\Users\Jag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl\17.24.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Jag\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Wallet = C:\Users\Jag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Jag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2013/12/25 23:22:23 | 000,000,098 | ---- | M]) - C:\Windows\sysnative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Bitdefender Wallet ) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Bitdefender Wallet) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\antispam32\pmbxie.dll (Bitdefender)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender)
O4 - HKCU..\Run: [Bitdefender Wallet Application Agent] C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (Bitdefender)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Jag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jag\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02962E9F-B799-4BDA-9BCB-C828E2F84A91}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F4E1C34-0556-489F-A6D2-6C8924CADE6C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\sysnative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/30 04:47:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jag\Desktop\OTL.exe
[2013/12/29 22:55:00 | 000,000,000 | ---D | C] -- C:\Users\Jag\Desktop\Old Firefox Data
[2013/12/29 18:13:19 | 000,000,000 | ---D | C] -- C:\Users\Jag\Desktop\New folder (2)
[2013/12/29 18:13:08 | 000,000,000 | ---D | C] -- C:\Users\Jag\Desktop\New folder
[2013/12/29 16:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/12/29 07:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/12/29 07:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2013/12/27 22:50:08 | 000,000,000 | ---D | C] -- C:\Users\Jag\Desktop\RNB 1
[2013/12/27 14:52:34 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/27 14:51:15 | 000,000,000 | ---D | C] -- C:\30ac2b9a7c3cc77337
[2013/12/27 14:23:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/27 14:16:15 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Jag\Desktop\JRT.exe
[2013/12/26 04:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013/12/26 04:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/12/26 04:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/12/21 06:40:39 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/12/20 22:36:11 | 000,000,000 | ---D | C] -- C:\Users\Jag\AppData\Roaming\Malwarebytes
[2013/12/20 22:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/20 22:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/20 22:35:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/20 22:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/20 05:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
[2013/12/20 05:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hearthstone
[2013/12/20 05:11:17 | 000,000,000 | ---D | C] -- C:\Users\Jag\AppData\Local\Blizzard Entertainment
[2013/12/20 05:11:15 | 000,000,000 | ---D | C] -- C:\Users\Jag\AppData\Roaming\Battle.net
[2013/12/20 05:11:15 | 000,000,000 | ---D | C] -- C:\Users\Jag\AppData\Local\Battle.net
[2013/12/20 05:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013/12/20 05:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013/12/20 05:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2013/12/20 05:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net
[2013/12/20 05:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013/12/11 03:59:54 | 000,000,000 | ---D | C] -- C:\Users\Jag\recruit script

========== Files - Modified Within 30 Days ==========

[2013/12/30 04:47:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jag\Desktop\OTL.exe
[2013/12/30 04:20:19 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/30 04:00:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/30 03:48:55 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/30 03:48:55 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/30 03:41:53 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/30 03:41:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/30 03:40:56 | 1732,714,495 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/29 07:04:48 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/12/29 04:56:20 | 000,224,768 | ---- | M] () -- C:\Users\Jag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/27 15:51:10 | 000,077,951 | ---- | M] () -- C:\Users\Jag\Desktop\1492301_10153688286710019_426143081_o.jpg
[2013/12/27 15:51:05 | 000,083,991 | ---- | M] () -- C:\Users\Jag\Desktop\1523818_10153716136900019_1684588496_o.jpg
[2013/12/27 15:49:14 | 014,941,309 | ---- | M] () -- C:\Users\Jag\Desktop\All Ice Is Home Ice - Nike Hockey.mp4
[2013/12/27 14:54:24 | 000,788,654 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/27 14:54:24 | 000,654,706 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/27 14:54:24 | 000,122,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/27 14:53:47 | 000,767,226 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/27 14:16:18 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Jag\Desktop\JRT.exe
[2013/12/27 14:01:02 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJag.job
[2013/12/27 14:00:16 | 004,839,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/25 23:22:23 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/12/25 19:13:25 | 000,001,049 | ---- | M] () -- C:\Users\Jag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/12/25 04:36:47 | 000,155,380 | ---- | M] () -- C:\Users\Jag\281549450.jpg
[2013/12/24 00:20:25 | 000,013,494 | ---- | M] () -- C:\Users\Jag\Order receipt from Humble Bundle.png
[2013/12/22 03:48:43 | 000,891,200 | ---- | M] () -- C:\Users\Jag\Desktop\SecurityCheck.exe
[2013/12/21 01:32:09 | 000,001,013 | ---- | M] () -- C:\Users\Jag\Desktop\Dropbox.lnk
[2013/12/20 22:35:57 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/19 02:13:39 | 002,520,896 | ---- | M] () -- C:\Users\Jag\dar.gif
[2013/12/12 19:08:05 | 000,012,960 | ---- | M] () -- C:\Users\Jag\Documents\cc_20131212_190801.reg
[2013/12/09 19:04:10 | 021,538,806 | ---- | M] () -- C:\Users\Jag\The Witcher 3_ Wild Hunt - VGX Gameplay Trailer.mp4
[2013/12/06 20:57:39 | 004,604,251 | ---- | M] () -- C:\Users\Jag\Thailand-2011-July-5-Reflective-Tile-at-Wat-Noen-Phra-Now.jpg

========== Files Created - No Company Name ==========

[2013/12/30 01:12:17 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/29 07:00:45 | 000,001,997 | ---- | C] () -- C:\Users\Jag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2013/12/27 23:23:55 | 000,039,470 | ---- | C] () -- C:\Users\Jag\Desktop\Nikita.S04E06.720p.HDTV.X264-DIMENSION.torrent
[2013/12/27 15:51:10 | 000,077,951 | ---- | C] () -- C:\Users\Jag\Desktop\1492301_10153688286710019_426143081_o.jpg
[2013/12/27 15:51:05 | 000,083,991 | ---- | C] () -- C:\Users\Jag\Desktop\1523818_10153716136900019_1684588496_o.jpg
[2013/12/27 15:48:48 | 014,941,309 | ---- | C] () -- C:\Users\Jag\Desktop\All Ice Is Home Ice - Nike Hockey.mp4
[2013/12/25 19:13:25 | 000,001,049 | ---- | C] () -- C:\Users\Jag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/12/25 04:36:46 | 000,155,380 | ---- | C] () -- C:\Users\Jag\281549450.jpg
[2013/12/24 00:20:25 | 000,013,494 | ---- | C] () -- C:\Users\Jag\Order receipt from Humble Bundle.png
[2013/12/22 03:48:41 | 000,891,200 | ---- | C] () -- C:\Users\Jag\Desktop\SecurityCheck.exe
[2013/12/20 22:35:57 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/19 02:13:31 | 002,520,896 | ---- | C] () -- C:\Users\Jag\dar.gif
[2013/12/12 19:08:03 | 000,012,960 | ---- | C] () -- C:\Users\Jag\Documents\cc_20131212_190801.reg
[2013/12/09 19:03:09 | 021,538,806 | ---- | C] () -- C:\Users\Jag\The Witcher 3_ Wild Hunt - VGX Gameplay Trailer.mp4
[2013/12/06 20:57:34 | 004,604,251 | ---- | C] () -- C:\Users\Jag\Thailand-2011-July-5-Reflective-Tile-at-Wat-Noen-Phra-Now.jpg
[2013/11/09 05:33:48 | 000,249,036 | ---- | C] () -- C:\Users\Jag\attack-on-titan.jpg
[2013/10/29 21:36:14 | 000,732,697 | ---- | C] () -- C:\ProgramData\1383099835.bdinstall.bin
[2013/10/29 21:20:55 | 000,218,768 | ---- | C] () -- C:\ProgramData\1383099509.bdinstall.bin
[2013/10/22 23:37:50 | 010,223,146 | ---- | C] () -- C:\Users\Jag\Catalogue2013-14.pdf
[2013/09/25 19:39:05 | 000,051,456 | ---- | C] () -- C:\Users\Jag\CV-English.rtf
[2013/09/08 03:19:50 | 028,266,146 | ---- | C] () -- C:\Users\Jag\jajajavi75 - Lightning Crashes.avi.mp4
[2013/09/04 18:16:48 | 096,859,788 | ---- | C] () -- C:\Users\Jag\WitcherGame - The Witcher 1 - Story.mp4
[2013/08/25 20:41:57 | 000,099,050 | ---- | C] () -- C:\Users\Jag\avatar30464_33.gif
[2013/08/17 05:23:56 | 000,039,460 | ---- | C] () -- C:\Users\Jag\m9bpo1_500.png
[2013/08/09 02:27:38 | 000,502,860 | ---- | C] () -- C:\Users\Jag\tumblr_inline_mfan72dOdz1qcyhh5.gif
[2013/07/11 01:42:37 | 000,058,168 | ---- | C] () -- C:\Users\Jag\alarm.wav
[2013/03/29 16:14:56 | 007,181,147 | ---- | C] () -- C:\Users\Jag\Scan bureau en gros.pdf
[2013/03/29 16:14:55 | 000,415,935 | ---- | C] () -- C:\Users\Jag\Scan.pdf
[2012/11/20 16:56:48 | 000,742,920 | ---- | C] () -- C:\ProgramData\1353448080.bdinstall.bin
[2012/11/02 04:48:11 | 000,468,451 | ---- | C] () -- C:\Users\Jag\16-17.png
[2012/05/15 17:56:02 | 000,000,132 | ---- | C] () -- C:\Users\Jag\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/05/01 18:12:24 | 000,001,456 | ---- | C] () -- C:\Users\Jag\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/08 03:06:50 | 000,224,768 | ---- | C] () -- C:\Users\Jag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/07 21:31:48 | 000,617,823 | ---- | C] () -- C:\ProgramData\1323309627.bdinstall.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\sysnative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\sysnative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\sysnative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/07 03:23:54 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\Awesomium
[2013/12/20 05:12:35 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\Battle.net
[2013/10/29 21:35:58 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\Bitdefender
[2012/06/27 22:33:41 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\DAEMON Tools Lite
[2013/12/30 03:42:19 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\Dropbox
[2013/09/16 16:53:56 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\Free Sound Recorder
[2012/01/16 22:10:38 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\Motorola
[2011/12/08 02:28:31 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\PFStaticIP
[2011/12/07 21:01:15 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\QuickScan
[2013/10/04 20:30:42 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\Riot Games
[2013/09/23 02:34:40 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\runic games
[2013/09/27 03:36:05 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\SoftGrid Client
[2013/11/19 04:32:51 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\TeamViewer
[2013/09/08 19:32:21 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\TP
[2013/01/07 03:42:02 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\TweakNow RegCleaner 2012
[2011/12/08 20:00:17 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >



OTL Extras

OTL Extras logfile created on: 12/30/2013 4:48:29 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jag\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.48 Gb Total Physical Memory | 5.32 Gb Available Physical Memory | 71.06% Memory free
14.97 Gb Paging File | 12.16 Gb Available in Paging File | 81.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1850.36 Gb Total Space | 523.89 Gb Free Space | 28.31% Space Free | Partition Type: NTFS
Drive D: | 12.55 Gb Total Space | 1.51 Gb Free Space | 12.03% Space Free | Partition Type: NTFS

Computer Name: JAG-HP | User Name: Jag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006B61B2-6FEC-45D7-9E2D-27587521343E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0ED59E45-FC13-4A6F-A7C3-EA18882C066F}" = lport=445 | protocol=6 | dir=in | app=system |
"{3EA78D2D-8006-48DD-B292-87D2505664EE}" = lport=137 | protocol=17 | dir=in | app=system |
"{436C950B-221E-464B-B973-62FA8C7A490E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4A0A1156-B7AD-4FD5-8C4A-AAF448847EFF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4D85E426-930D-43FB-B844-D976725F6270}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5F1B4BF3-6AFD-4C29-8DAD-A27CC2242AC4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{728387D2-A044-4C36-ACA3-9BAC1DF1F40D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75D17E9F-DE5B-48BF-A176-977CC60C435A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8122DBB5-8220-46C5-B826-749568F39606}" = rport=137 | protocol=17 | dir=out | app=system |
"{8802A8DA-0101-4971-959E-9AA57968FA80}" = rport=138 | protocol=17 | dir=out | app=system |
"{8C4B0844-F9DD-438F-9D88-5F088E110CC5}" = lport=139 | protocol=6 | dir=in | app=system |
"{91A0554B-6697-4228-8166-575AA65CA91B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9DF5A07A-CEA8-4535-92A6-77A860FCC2CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ADE7882D-7129-43E0-A83E-E66307743728}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B1C37388-C205-4A3B-9C12-F413F77F1C5A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{C6C4B538-ED0D-4F34-8E52-BB47CEFA326F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C95D6AC6-EB4E-4070-9E41-B42EE5FFF3B0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D398BC85-DD6F-40D8-889B-422A0EE49784}" = rport=139 | protocol=6 | dir=out | app=system |
"{E078C5E5-3851-4FA3-BF70-AF755BFEBD06}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4D29FCB-13CB-4F73-97A6-E6F0460A25C3}" = rport=445 | protocol=6 | dir=out | app=system |
"{F28A3125-4C6B-4801-8434-4DFCCAB438E3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F9D1B8DD-CE32-4C80-BFBC-CB45336D716C}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10A75D7E-1F6A-45E9-8758-AC1381AEF731}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{1C61D654-4A63-432E-AD65-65A373B4523A}" = protocol=1 | dir=out | [email protected],-28544 |
"{1F9D162F-0E52-4E02-B709-3A9D91423BD9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{316488A9-B89A-4D53-80BF-158B7AAF44D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3B9F0570-C434-494C-B243-399299302BB2}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3F6FFFFE-F8CB-4C33-90AF-D4AB5C146A8E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4137F4F2-C0A1-4DD6-8ABB-04EDF4CCA1E7}" = protocol=1 | dir=in | [email protected],-28543 |
"{4208742E-86F2-44AC-AB38-9960193B9DCF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46624565-6822-4B2A-B782-800A20AABE90}" = protocol=17 | dir=in | app=c:\users\jag\appdata\roaming\dropbox\bin\dropbox.exe |
"{4D1EAC82-D7A2-4E92-BE3C-BAD4F9627977}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{52BA84BE-4A1D-493C-A4DA-60CC25DCBD47}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{5459E425-A136-483C-867A-7A078D8BB06A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5F61C2D9-223C-4565-AC46-BD6BC5459EB4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5F923351-8663-4F3A-96AA-7C1CC04B1408}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5FD25CC9-0D22-4D7B-80F4-6DECE73D1568}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{692A32F4-52D3-4B3C-814F-2BCBEECC5816}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{6C120C25-0ACE-4697-A871-9BA09EEEFFA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{821119A3-8C9A-4286-B3FC-299E144340EE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8688EFB6-CDAC-4214-A66E-1645B017E8B7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{8E9A7105-9D77-4CF7-9F7C-449F4C4C73A6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9016681A-C98B-471F-A708-27FEDAB0BE9A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{943D3785-1A4B-4F30-AA65-2BD109D70CD2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{977B4317-30A8-4FE8-A5C5-FF79D328BF0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99632AC8-C25D-4ACE-B5CB-FE29FB02A83B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{99A549C0-9B44-4FDB-90EC-2D1915092E6B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A2430377-4854-4A46-83FD-EC8E7AB07BA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{A809E1DD-5CE5-4CB2-A992-F3303C9514C8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{A89F5462-F2D7-452C-829C-B92B80970FBD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A960A204-EFAE-4D32-AAA4-6BD8B216CE23}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AA08591B-B2F7-4078-89FC-41B590DAF24D}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{AA6867A7-067A-4354-89ED-40E7ED5B6517}" = protocol=6 | dir=out | app=system |
"{ADBB6E7F-9F47-4DA2-880F-3356CF805673}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE63E46B-27B0-4C41-8B95-E7D2CF1E2C6A}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{AEB1164B-B392-4822-A3F7-54FEEC68046C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C0ECEE08-8E42-4C7E-8A21-BA3DDA6ED739}" = protocol=58 | dir=out | [email protected],-28546 |
"{C21FE82D-32F4-44CB-BF0E-2D8F055EAB47}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{CA6FC562-1A4C-42E3-9D68-ADB0564D3F45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2F78352-3FB9-4403-B8C8-C51CD0D72D68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EB29AFF1-F3B1-48FA-8315-AE7903B7E870}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F12E216F-9FD5-415F-BEB5-BC18A5ABA7C1}" = protocol=58 | dir=in | [email protected],-28545 |
"{F6ACEDF6-B1DF-43A2-AAE7-C9E474949AD9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FE2637AB-8917-4175-B2E8-875DF4C84C88}" = protocol=6 | dir=in | app=c:\users\jag\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{746C93F2-0EA4-4F28-9A19-73F631DF856E}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{B6DD4C72-57E8-4003-AEB8-92FA809E287A}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{D9B8D5EF-6AFB-4928-9DE5-6054195C3248}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{2A41E867-A062-4303-87FE-5C37A4169078}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{97DCCBE2-E33A-4A3D-A6E3-F13985561776}C:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\the witcher 2\bin\witcher2.exe |
"UDP Query User{B6FC4DD5-623B-4072-B7DB-07D77456B726}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61F769F1-BAD0-45BF-5718-62259ACE24A6}" = ccc-utility64
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BFBE6E95-5724-47EC-85A0-74D436AD938F}" = Windows Live Family Safety
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F580D12E-01E5-31A6-A321-7C8E6D5361A5}" = ATI Catalyst Install Manager
"{FA8D4B26-17BE-B76F-B2F6-0FD7391EDF95}" = AMD Media Foundation Decoders
"Bitdefender" = Bitdefender Total Security
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.5.0 (64-bit)
"VLC media player" = VLC media player 2.1.2
"WinRAR archiver" = WinRAR 4.10 beta 5 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0522A804-7B80-CEBF-DE81-597E5BA14D2F}" = Catalyst Control Center Localization All
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A352E1C-7868-2D98-165C-FCBD37F1E4AF}" = CCC Help Chinese Traditional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13F59C8F-FC81-D786-77E7-CDFA6E2FE018}" = CCC Help Spanish
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A4DFE9C-F186-65E5-E2EE-2EA5B8FD2147}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25D47128-0A98-2F03-AFC7-F2F3963CFB3E}" = CCC Help French
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{330977BC-E980-4D58-DEE4-7E768CFC3EEF}" = CCC Help Japanese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{379FBC79-1693-C2C9-5F34-BB0FAFFF5394}" = AMD VISION Engine Control Center
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{50060B25-2B8B-D852-7303-B64D2F7CDD90}" = CCC Help Turkish
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59111E3F-59C0-A8A5-9B49-253D6625F194}" = Catalyst Control Center InstallProxy
"{5A513137-7B05-E84C-B679-747AD17034F1}" = CCC Help German
"{5AA9CA89-29E1-6216-05BC-7C479A0FCF80}" = CCC Help Czech
"{5CE60812-BE7F-391C-99BF-2E3A4AE0C3E2}" = CCC Help Hungarian
"{61B8A32E-C79E-27DE-41E2-45F378976B96}" = CCC Help Italian
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70658F33-BAB1-93B6-D365-8053A66762AC}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B20A36-5080-EA59-64CF-B276AD647724}" = CCC Help Polish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{85DFA50F-382E-6337-4B68-8454A29DFB50}" = CCC Help Danish
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = 802.11n Wireless LAN Card
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{952D0DBE-C9E2-2931-9F8F-C1230B6CAB4C}" = CCC Help Thai
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BE22D4-0F66-455E-9783-1D7113CC6F00}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93AC7AF-0247-E038-2B78-A327A3267D78}" = CCC Help Finnish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BCA47823-6ACE-9B28-B3ED-1D63E9B7794F}" = Catalyst Control Center Graphics Previews Common
"{BF3913A7-D083-F383-928F-BB93D48DB8F5}" = CCC Help Greek
"{C4C6C4A5-955C-C86D-E804-7325CE584F79}" = CCC Help Chinese Standard
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8DCD2DD-3999-C9CF-899C-F996D76CCD14}" = CCC Help Swedish
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE101785-F702-BCAD-F286-AF6D1FDD795B}" = CCC Help Russian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB3147AB-4024-4773-8EC0-A1FE5B44933D}" = HP LinkUp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F910001F-A592-34EE-39B6-9D75D55D2FE7}" = CCC Help English
"{FA6AF15B-5E4B-0A8A-7C5F-8F7FA2C0C85E}" = CCC Help Korean
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF7B20F0-9AF0-AE97-8111-60E63D0F3564}" = CCC Help Norwegian
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battle.net" = Battle.net
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX Setup
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"Hearthstone" = Hearthstone
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"League of Legends 3.0.0" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"mIRC" = mIRC
"Mozilla Firefox 26.0 (x86 en-GB)" = Mozilla Firefox 26.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PDF Complete" = PDF Complete Special Edition
"ScreenGrab_is1" = ScreenGrab 1.1
"Steam" = Steam
"Steam App 550" = Left 4 Dead 2
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.8
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2013 3:54:46 PM | Computer Name = Jag-HP | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 12/28/2013 5:41:51 PM | Computer Name = Jag-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Jag\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 12/28/2013 5:42:04 PM | Computer Name = Jag-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Jag\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 12/28/2013 5:42:04 PM | Computer Name = Jag-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Jag\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 12/28/2013 5:42:13 PM | Computer Name = Jag-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Jag\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 12/29/2013 7:50:37 AM | Computer Name = Jag-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Dropbox.exe, version: 2.4.10.0, time stamp:
0x527d8c24 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x1e1566df Faulting process id: 0x12e0 Faulting application
start time: 0x01cf048c1c64c1c2 Faulting application path: C:\Users\Jag\AppData\Roaming\Dropbox\bin\Dropbox.exe
Faulting
module path: unknown Report Id: 6e3b0d33-707f-11e3-b250-3860770f9e89

Error - 12/30/2013 12:31:12 AM | Computer Name = Jag-HP | Source = Application Hang | ID = 1002
Description = The program install_flashplayer11x32_mssd_aaa_aih_2.exe version 3.3.9.0
stopped interacting with Windows and was closed. To see if more information about
the problem is available, check the problem history in the Action Center control
panel. Process ID: 1118 Start Time: 01cf051652e46198 Termination Time: 0 Application
Path: C:\Users\Jag\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_2.exe

Report
Id: e235d01b-710a-11e3-a86e-3860770f9e89

Error - 12/30/2013 1:55:21 AM | Computer Name = Jag-HP | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 26.0.0.5087 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 16f8 Start
Time: 01cf0523a142102f Termination Time: 31 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: f422038d-7116-11e3-a86e-3860770f9e89

Error - 12/30/2013 1:57:56 AM | Computer Name = Jag-HP | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 26.0.0.5087 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e5c Start
Time: 01cf0523f996f3f4 Termination Time: 27 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 52643e93-7117-11e3-a86e-3860770f9e89

Error - 12/30/2013 2:13:59 AM | Computer Name = Jag-HP | Source = ESENT | ID = 455
Description = DllHost (1828) WebCacheLocal: Error -1811 occurred while opening logfile
C:\Users\Jag\AppData\Local\Microsoft\Windows\WebCache\V010010A.log.

[ Hewlett-Packard Events ]
Error - 5/24/2012 5:22:20 PM | Computer Name = Jag-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7664 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/29/2012 4:04:07 PM | Computer Name = Jag-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/29/2012 4:04:08 PM | Computer Name = Jag-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/29/2012 4:15:24 PM | Computer Name = Jag-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/29/2012 4:15:45 PM | Computer Name = Jag-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/29/2012 4:15:51 PM | Computer Name = Jag-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/29/2012 4:18:18 PM | Computer Name = Jag-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/29/2012 4:20:49 PM | Computer Name = Jag-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/29/2012 4:20:49 PM | Computer Name = Jag-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/31/2012 5:45:50 PM | Computer Name = Jag-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 7664 Ram Utilization: 30 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ System Events ]
Error - 12/30/2013 4:37:20 AM | Computer Name = Jag-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/30/2013 4:38:00 AM | Computer Name = Jag-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/30/2013 4:38:00 AM | Computer Name = Jag-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/30/2013 4:38:00 AM | Computer Name = Jag-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/30/2013 4:39:59 AM | Computer Name = Jag-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/30/2013 4:39:59 AM | Computer Name = Jag-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/30/2013 4:39:59 AM | Computer Name = Jag-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/30/2013 4:39:59 AM | Computer Name = Jag-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/30/2013 4:39:59 AM | Computer Name = Jag-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 12/30/2013 4:39:59 AM | Computer Name = Jag-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >


Looking at the OTL logs, I found this:

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)


Malwarebytes logs, after cleanup

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.30.01

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 11.0.9600.16476
Jag :: JAG-HP [administrator]

Protection: Disabled

30/12/2013 1:14:06 AM
mbam-log-2013-12-30 (01-14-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218245
Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

Files Detected: 10
C:\Users\Jag\AppData\Local\Temp\nsbC19C.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jag\AppData\Local\Temp\nseEEB0.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jag\AppData\Local\Temp\nsh9E12.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jag\AppData\Local\Temp\nshA083.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jag\AppData\Local\Temp\nshBCDA.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jag\AppData\Local\Temp\nsrBF3B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jag\AppData\Local\Temp\nsw9BB0.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\Jag\AppData\Local\Temp\utt53C8.tmp.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.

(end)


ADW R0 Logs

# AdwCleaner v3.016 - Report created 30/12/2013 at 05:20:08
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jag - JAG-HP
# Running from : C:\Users\Jag\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\Program Files (x86)\Searchprotect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-GB)

[ File : C:\Users\Jag\AppData\Roaming\Mozilla\Firefox\Profiles\7ctr9wal.default-1388383028785\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Jag\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1028 octets] - [30/12/2013 05:20:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1088 octets] ##########



ADW S0 Logs

# AdwCleaner v3.016 - Report created 30/12/2013 at 05:21:32
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jag - JAG-HP
# Running from : C:\Users\Jag\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Searchprotect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-GB)

[ File : C:\Users\Jag\AppData\Roaming\Mozilla\Firefox\Profiles\7ctr9wal.default-1388383028785\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Jag\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1172 octets] - [30/12/2013 05:20:08]
AdwCleaner[S0].txt - [986 octets] - [30/12/2013 05:21:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1045 octets] ##########

Edited by MyEndGame, 30 December 2013 - 04:27 AM.

  • 0

#20
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Hi MyEndGame, :)

I didnt download anything other than the programs you recommended, but my kid was on the computer today for a little bit.

Please monitor your kid's activity and advise him about malwares and internet safety procedure.

[2013/12/29 16:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect

Most of the time they are installed via P2P programs. I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.

[2013/12/27 23:23:55 | 000,039,470 | ---- | C] () -- C:\Users\Jag\Desktop\Nikita.S04E06.720p.HDTV.X264-DIMENSION.torrent

This is a pirated torrent link which is illegal. We do not condone piracy and help will be discontinued if we see future traces.

[2013/01/07 03:42:02 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\TweakNow RegCleaner 2012

Registry cleaner do more harm than good and do not know the difference between good and bad lines. They remove the idle lines which in some cases may be needed by other programs. I recommend you read this article.

 

Please uninstall Search Protected by conduit from the uninstall list.

 

  • Step # Fix with OTL
  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

    :Commands
    [createrestorepoint]

    :OTL
    [2013/12/29 16:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
    [2013/12/27 23:23:55 | 000,039,470 | ---- | C] () -- C:\Users\Jag\Desktop\Nikita.S04E06.720p.HDTV.X264-DIMENSION.torrent
    [2013/01/07 03:42:02 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\TweakNow RegCleaner 2012

    :Commands
    [emptytemp]

  • Click on "Run Fix" and let the program run unhindered;
  • Your PC will reboot automatically and a log will be opened;
  • Please post it in your next reply.
  • Re-run OTL and click Quick Scan and post the log after the scan.

 

  • Required Log(s):
  • OTL Fix Log;
  • OTL.txt

Regards,
Valinorum
  • 0

#21
MyEndGame

MyEndGame

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ill have a talk with my kids about that, and put in some more parental controls.

About the searchprotect, I have no idea what that is. I uninstalled utorrent about a week ago because you suggested it, and told my kids about it. The torrent file must have been my son, but utorrent was already uninstalled, ill have to talk to him again.

I thought I had gotten rid of tweaknow a long time ago, I dont see it in the uninstall programs at all. How can I remove it?

My other problem is that I do not see Search Protected by conduit in the uninstall list as well. I removed something similar to that when I first got the toolbar installed, but I don't see it now. Is there anywhere else I should be looking?

OTL Fix Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Folder C:\Program Files (x86)\SearchProtect\ not found.
File C:\Users\Jag\Desktop\Nikita.S04E06.720p.HDTV.X264-DIMENSION.torrent not found.
C:\Users\Jag\AppData\Roaming\TweakNow RegCleaner 2012\Backup folder moved successfully.
C:\Users\Jag\AppData\Roaming\TweakNow RegCleaner 2012 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jag
->Temp folder emptied: 1234576 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17884555 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12956352 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01032014_005606

Files\Folders moved on Reboot...
C:\Users\Jag\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\temp\ACLM\HP.ActiveCheckLocalMode.UpdateEngine.UpdateManager_db42ad5a-f8df-4dcc-aa5d-0adec47bb733\HP.ActiveCheckLocalMode.Ccl.dll moved successfully.
C:\Windows\temp\ACLM\HP.ActiveCheckLocalMode.UpdateEngine.UpdateManager_db42ad5a-f8df-4dcc-aa5d-0adec47bb733\HP.ActiveCheckLocalMode.SharedObjects.dll moved successfully.
C:\Windows\temp\ACLM\HP.ActiveCheckLocalMode.UpdateEngine.UpdateManager_db42ad5a-f8df-4dcc-aa5d-0adec47bb733\HP.ActiveCheckLocalMode.UpdateEngine.dll moved successfully.
C:\Windows\temp\ACLM\HP.ActiveCheckLocalMode.UpdateEngine.UpdateManager_db42ad5a-f8df-4dcc-aa5d-0adec47bb733\lock.sem moved successfully.
File\Folder C:\Windows\temp\~bdFA87.tmp not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



OTL

OTL logfile created on: 1/3/2014 1:01:08 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jag\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

7.48 Gb Total Physical Memory | 5.40 Gb Available Physical Memory | 72.16% Memory free
14.97 Gb Paging File | 12.66 Gb Available in Paging File | 84.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1850.36 Gb Total Space | 521.88 Gb Free Space | 28.20% Space Free | Partition Type: NTFS
Drive D: | 12.55 Gb Total Space | 1.51 Gb Free Space | 12.03% Space Free | Partition Type: NTFS

Computer Name: JAG-HP | User Name: Jag | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/30 04:47:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jag\Desktop\OTL.exe
PRC - [2013/12/20 06:48:37 | 000,612,696 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
PRC - [2013/12/20 06:21:00 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/17 20:02:36 | 030,714,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jag\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/10/01 07:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/10/01 07:14:39 | 012,631,904 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/10/01 07:05:43 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/05/05 18:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/20 06:21:00 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/12/17 20:01:12 | 003,558,400 | ---- | M] () -- C:\Users\Jag\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/08/23 14:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Jag\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/06/19 11:44:37 | 000,204,280 | ---- | M] () -- C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/27 05:27:01 | 001,507,248 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender\vsserv.exe -- (VSSERV)
SRV:64bit: - [2013/11/27 05:24:55 | 000,077,632 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe -- (BdDesktopParental)
SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/07 11:33:30 | 000,067,320 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2013/07/08 14:59:09 | 000,094,624 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe -- (SafeBox)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/24 19:38:30 | 000,318,464 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/10/24 05:16:42 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\sysnative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/02 17:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/12/30 03:07:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/20 06:21:00 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 14:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/01 07:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/05/05 18:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/13 22:34:34 | 000,082,824 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2013/08/23 12:48:49 | 000,150,256 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\sysnative\drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2013/08/20 06:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 06:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/08/07 12:46:28 | 000,389,240 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\sysnative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2013/07/19 17:08:08 | 000,601,360 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\sysnative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2013/07/19 17:04:54 | 000,727,592 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\sysnative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2013/07/02 13:04:11 | 000,121,928 | ---- | M] (Bitdefender SRL) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys -- (bdfwfpf_pc)
DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\sysnative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/31 17:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 17:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/02/22 18:46:52 | 000,093,600 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- c:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
DRV:64bit: - [2012/12/06 08:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/11/02 13:17:46 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/27 20:43:11 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\sysnative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/04/24 19:38:30 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/04/17 13:34:26 | 000,076,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\sysnative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/14 19:16:37 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2011/10/24 05:56:54 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/24 04:40:08 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/10 23:17:15 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/10 23:17:15 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/16 13:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/17 20:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/17 20:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2010/12/15 22:36:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\sysnative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\sysnative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\sysnative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{E0595396-B38B-438D-A52C-40139E817958}: "URL" = http://www.amazon.ca...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.13
FF - prefs.js..extensions.enabledAddons: %7B35106bca-6c78-48c7-ac28-56df30b51d2a%7D:1.3.8
FF - prefs.js..extensions.enabledAddons: %7B54BB9F3F-07E5-486c-9B39-C7398B99391C%7D:4.1.2013040601
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: clearfields%40alex.alexander.googlepages.com:4.1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Bitdefender.com/PasswordManager;version=17.8: C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxnp.dll (Bitdefender)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER\BDTBEXT [2013/10/17 14:03:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ [2013/10/17 14:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/24 00:40:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013/10/17 14:03:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/24 00:40:31 | 000,000,000 | ---D | M]

[2011/12/07 20:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jag\AppData\Roaming\Mozilla\Extensions
[2014/01/02 17:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jag\AppData\Roaming\Mozilla\Firefox\Profiles\7ctr9wal.default-1388383028785\extensions
[2013/12/30 17:09:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jag\AppData\Roaming\Mozilla\Firefox\Profiles\7ctr9wal.default-1388383028785\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/01/02 17:18:31 | 000,035,901 | ---- | M] () (No name found) -- C:\Users\Jag\AppData\Roaming\Mozilla\Firefox\Profiles\7ctr9wal.default-1388383028785\extensions\[email protected]
[2014/01/01 19:44:09 | 000,025,633 | ---- | M] () (No name found) -- C:\Users\Jag\AppData\Roaming\Mozilla\Firefox\Profiles\7ctr9wal.default-1388383028785\extensions\[email protected]
[2013/12/30 17:06:53 | 000,067,812 | ---- | M] () (No name found) -- C:\Users\Jag\AppData\Roaming\Mozilla\Firefox\Profiles\7ctr9wal.default-1388383028785\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}.xpi
[2013/12/30 17:07:45 | 000,307,011 | ---- | M] () (No name found) -- C:\Users\Jag\AppData\Roaming\Mozilla\Firefox\Profiles\7ctr9wal.default-1388383028785\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
[2013/12/30 03:46:24 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Jag\AppData\Roaming\Mozilla\Firefox\Profiles\7ctr9wal.default-1388383028785\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/12/30 03:39:51 | 000,287,503 | ---- | M] () (No name found) -- C:\Users\Jag\AppData\Roaming\Mozilla\Firefox\Profiles\7ctr9wal.default-1388383028785\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/11/15 22:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/15 22:19:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/15 22:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 22:19:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/20 06:21:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Silverlight (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Slinky Elegant = C:\Users\Jag\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.6_0\
CHR - Extension: Bitdefender Wallet = C:\Users\Jag\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl\17.24.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Jag\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Wallet = C:\Users\Jag\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2013/12/25 23:22:23 | 000,000,098 | ---- | M]) - C:\Windows\sysnative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Bitdefender Wallet ) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Bitdefender Wallet) - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\antispam32\pmbxie.dll (Bitdefender)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Bitdefender Wallet Agent] C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe (Bitdefender)
O4 - HKCU..\Run: [Bitdefender Wallet Application Agent] C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe (Bitdefender)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Jag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jag\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02962E9F-B799-4BDA-9BCB-C828E2F84A91}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F4E1C34-0556-489F-A6D2-6C8924CADE6C}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\sysnative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/03 00:56:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/03 00:54:49 | 000,000,000 | ---D | C] -- C:\Users\Jag\Desktop\New folder
[2014/01/01 04:03:52 | 000,000,000 | ---D | C] -- C:\Users\Jag\dwhelper
[2013/12/30 05:20:02 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/30 04:47:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jag\Desktop\OTL.exe
[2013/12/29 22:55:00 | 000,000,000 | ---D | C] -- C:\Users\Jag\Desktop\Old Firefox Data
[2013/12/29 07:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/12/29 07:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2013/12/27 22:50:08 | 000,000,000 | ---D | C] -- C:\Users\Jag\Desktop\RNB 1
[2013/12/27 14:52:34 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/27 14:51:15 | 000,000,000 | ---D | C] -- C:\30ac2b9a7c3cc77337
[2013/12/27 14:23:34 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/27 14:16:15 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Jag\Desktop\JRT.exe
[2013/12/26 04:45:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013/12/26 04:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/12/26 04:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/12/21 06:40:39 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/12/20 22:36:11 | 000,000,000 | ---D | C] -- C:\Users\Jag\AppData\Roaming\Malwarebytes
[2013/12/20 22:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/20 22:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/20 22:35:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/20 22:35:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/20 05:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
[2013/12/20 05:13:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hearthstone
[2013/12/20 05:11:17 | 000,000,000 | ---D | C] -- C:\Users\Jag\AppData\Local\Blizzard Entertainment
[2013/12/20 05:11:15 | 000,000,000 | ---D | C] -- C:\Users\Jag\AppData\Roaming\Battle.net
[2013/12/20 05:11:15 | 000,000,000 | ---D | C] -- C:\Users\Jag\AppData\Local\Battle.net
[2013/12/20 05:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013/12/20 05:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013/12/20 05:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[2013/12/20 05:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battle.net
[2013/12/20 05:08:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013/12/11 03:59:54 | 000,000,000 | ---D | C] -- C:\Users\Jag\recruit script

========== Files - Modified Within 30 Days ==========

[2014/01/03 01:05:52 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/03 01:05:52 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/03 01:00:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/03 00:58:42 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/03 00:57:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/03 00:57:46 | 1732,714,495 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/03 00:50:19 | 000,783,360 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/03 00:50:19 | 000,667,088 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/03 00:50:19 | 000,126,506 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/03 00:20:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/01 04:22:35 | 000,189,925 | ---- | M] () -- C:\Users\Jag\Desktop\dark-souls-game-hd-wallpaper-1920x1200-6176.jpg
[2014/01/01 04:21:09 | 000,601,214 | ---- | M] () -- C:\Users\Jag\Desktop\Dark-Souls-Wide.jpg
[2014/01/01 04:20:59 | 000,937,454 | ---- | M] () -- C:\Users\Jag\Desktop\dark-souls-prepare-to-die-edition-dark-souls-pc.jpg
[2014/01/01 04:12:25 | 110,439,309 | ---- | M] () -- C:\Users\Jag\Desktop\Dark Soulsong_ _Lordvessel_ by Tanooki Suit.mp4
[2013/12/31 22:47:25 | 000,225,792 | ---- | M] () -- C:\Users\Jag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/31 04:22:21 | 000,152,210 | ---- | M] () -- C:\Users\Jag\1388467122_1_01.xml
[2013/12/30 17:32:04 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJag.job
[2013/12/30 05:38:25 | 000,290,267 | ---- | M] () -- C:\Users\Jag\Desktop\973867.jpg
[2013/12/30 05:19:36 | 001,233,962 | ---- | M] () -- C:\Users\Jag\Desktop\AdwCleaner.exe
[2013/12/30 04:47:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jag\Desktop\OTL.exe
[2013/12/29 07:04:48 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/12/27 15:51:10 | 000,077,951 | ---- | M] () -- C:\Users\Jag\Desktop\1492301_10153688286710019_426143081_o.jpg
[2013/12/27 15:51:05 | 000,083,991 | ---- | M] () -- C:\Users\Jag\Desktop\1523818_10153716136900019_1684588496_o.jpg
[2013/12/27 15:49:14 | 014,941,309 | ---- | M] () -- C:\Users\Jag\Desktop\All Ice Is Home Ice - Nike Hockey.mp4
[2013/12/27 14:53:47 | 000,767,226 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/27 14:16:18 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Jag\Desktop\JRT.exe
[2013/12/27 14:00:16 | 004,839,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/25 23:22:23 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/12/25 19:13:25 | 000,001,049 | ---- | M] () -- C:\Users\Jag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/12/25 04:36:47 | 000,155,380 | ---- | M] () -- C:\Users\Jag\281549450.jpg
[2013/12/24 00:20:25 | 000,013,494 | ---- | M] () -- C:\Users\Jag\Order receipt from Humble Bundle.png
[2013/12/22 03:48:43 | 000,891,200 | ---- | M] () -- C:\Users\Jag\Desktop\SecurityCheck.exe
[2013/12/21 01:32:09 | 000,001,013 | ---- | M] () -- C:\Users\Jag\Desktop\Dropbox.lnk
[2013/12/19 02:13:39 | 002,520,896 | ---- | M] () -- C:\Users\Jag\dar.gif
[2013/12/12 19:08:05 | 000,012,960 | ---- | M] () -- C:\Users\Jag\Documents\cc_20131212_190801.reg
[2013/12/09 19:04:10 | 021,538,806 | ---- | M] () -- C:\Users\Jag\The Witcher 3_ Wild Hunt - VGX Gameplay Trailer.mp4
[2013/12/06 20:57:39 | 004,604,251 | ---- | M] () -- C:\Users\Jag\Thailand-2011-July-5-Reflective-Tile-at-Wat-Noen-Phra-Now.jpg

========== Files Created - No Company Name ==========

[2014/01/01 04:22:35 | 000,189,925 | ---- | C] () -- C:\Users\Jag\Desktop\dark-souls-game-hd-wallpaper-1920x1200-6176.jpg
[2014/01/01 04:21:09 | 000,601,214 | ---- | C] () -- C:\Users\Jag\Desktop\Dark-Souls-Wide.jpg
[2014/01/01 04:20:59 | 000,937,454 | ---- | C] () -- C:\Users\Jag\Desktop\dark-souls-prepare-to-die-edition-dark-souls-pc.jpg
[2014/01/01 04:09:21 | 110,439,309 | ---- | C] () -- C:\Users\Jag\Desktop\Dark Soulsong_ _Lordvessel_ by Tanooki Suit.mp4
[2013/12/31 04:22:34 | 000,152,210 | ---- | C] () -- C:\Users\Jag\1388467122_1_01.xml
[2013/12/30 05:38:25 | 000,290,267 | ---- | C] () -- C:\Users\Jag\Desktop\973867.jpg
[2013/12/30 05:19:33 | 001,233,962 | ---- | C] () -- C:\Users\Jag\Desktop\AdwCleaner.exe
[2013/12/30 01:12:17 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/29 07:00:45 | 000,001,997 | ---- | C] () -- C:\Users\Jag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2013/12/27 15:51:10 | 000,077,951 | ---- | C] () -- C:\Users\Jag\Desktop\1492301_10153688286710019_426143081_o.jpg
[2013/12/27 15:51:05 | 000,083,991 | ---- | C] () -- C:\Users\Jag\Desktop\1523818_10153716136900019_1684588496_o.jpg
[2013/12/27 15:48:48 | 014,941,309 | ---- | C] () -- C:\Users\Jag\Desktop\All Ice Is Home Ice - Nike Hockey.mp4
[2013/12/25 19:13:25 | 000,001,049 | ---- | C] () -- C:\Users\Jag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/12/25 04:36:46 | 000,155,380 | ---- | C] () -- C:\Users\Jag\281549450.jpg
[2013/12/24 00:20:25 | 000,013,494 | ---- | C] () -- C:\Users\Jag\Order receipt from Humble Bundle.png
[2013/12/22 03:48:41 | 000,891,200 | ---- | C] () -- C:\Users\Jag\Desktop\SecurityCheck.exe
[2013/12/19 02:13:31 | 002,520,896 | ---- | C] () -- C:\Users\Jag\dar.gif
[2013/12/12 19:08:03 | 000,012,960 | ---- | C] () -- C:\Users\Jag\Documents\cc_20131212_190801.reg
[2013/12/09 19:03:09 | 021,538,806 | ---- | C] () -- C:\Users\Jag\The Witcher 3_ Wild Hunt - VGX Gameplay Trailer.mp4
[2013/12/06 20:57:34 | 004,604,251 | ---- | C] () -- C:\Users\Jag\Thailand-2011-July-5-Reflective-Tile-at-Wat-Noen-Phra-Now.jpg
[2013/11/09 05:33:48 | 000,249,036 | ---- | C] () -- C:\Users\Jag\attack-on-titan.jpg
[2013/10/29 21:36:14 | 000,732,697 | ---- | C] () -- C:\ProgramData\1383099835.bdinstall.bin
[2013/10/29 21:20:55 | 000,218,768 | ---- | C] () -- C:\ProgramData\1383099509.bdinstall.bin
[2013/10/22 23:37:50 | 010,223,146 | ---- | C] () -- C:\Users\Jag\Catalogue2013-14.pdf
[2013/09/25 19:39:05 | 000,051,456 | ---- | C] () -- C:\Users\Jag\CV-English.rtf
[2013/09/08 03:19:50 | 028,266,146 | ---- | C] () -- C:\Users\Jag\jajajavi75 - Lightning Crashes.avi.mp4
[2013/09/04 18:16:48 | 096,859,788 | ---- | C] () -- C:\Users\Jag\WitcherGame - The Witcher 1 - Story.mp4
[2013/08/25 20:41:57 | 000,099,050 | ---- | C] () -- C:\Users\Jag\avatar30464_33.gif
[2013/08/17 05:23:56 | 000,039,460 | ---- | C] () -- C:\Users\Jag\m9bpo1_500.png
[2013/08/09 02:27:38 | 000,502,860 | ---- | C] () -- C:\Users\Jag\tumblr_inline_mfan72dOdz1qcyhh5.gif
[2013/07/11 01:42:37 | 000,058,168 | ---- | C] () -- C:\Users\Jag\alarm.wav
[2013/03/29 16:14:56 | 007,181,147 | ---- | C] () -- C:\Users\Jag\Scan bureau en gros.pdf
[2013/03/29 16:14:55 | 000,415,935 | ---- | C] () -- C:\Users\Jag\Scan.pdf
[2012/11/20 16:56:48 | 000,742,920 | ---- | C] () -- C:\ProgramData\1353448080.bdinstall.bin
[2012/11/02 04:48:11 | 000,468,451 | ---- | C] () -- C:\Users\Jag\16-17.png
[2012/05/15 17:56:02 | 000,000,132 | ---- | C] () -- C:\Users\Jag\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/05/01 18:12:24 | 000,001,456 | ---- | C] () -- C:\Users\Jag\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/08 03:06:50 | 000,225,792 | ---- | C] () -- C:\Users\Jag\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/07 21:31:48 | 000,617,823 | ---- | C] () -- C:\ProgramData\1323309627.bdinstall.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\sysnative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\sysnative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\sysnative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/07 03:23:54 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\Awesomium
[2013/12/20 05:12:35 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\Battle.net
[2013/10/29 21:35:58 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\Bitdefender
[2012/06/27 22:33:41 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\DAEMON Tools Lite
[2014/01/03 00:59:24 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\Dropbox
[2013/09/16 16:53:56 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\Free Sound Recorder
[2012/01/16 22:10:38 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\Motorola
[2011/12/08 02:28:31 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\PFStaticIP
[2011/12/07 21:01:15 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\QuickScan
[2013/10/04 20:30:42 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\Riot Games
[2013/09/23 02:34:40 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\runic games
[2013/09/27 03:36:05 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\SoftGrid Client
[2013/11/19 04:32:51 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\TeamViewer
[2013/09/08 19:32:21 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\TP
[2011/12/08 20:00:17 | 000,000,000 | ---D | M] -- C:\Users\Jag\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >

Edited by MyEndGame, 03 January 2014 - 04:01 AM.

  • 0

#22
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
For safer downloads, I recommend you and your kid read this

Please follow Post #14 for clean-up.
  • 0

#23
MyEndGame

MyEndGame

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I did as asked, removed ADV, and OTL.

Once again, thank you for helping :)
  • 0

#24
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Surf safely in the future. :)
  • 0

#25
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP