Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

multiple browser highjackers [Solved]

Started by devasativa , Oct 12 2014 06:21 AM
many malware probs beginning 6 months ago windows services disabled group policy disabled Start 123 highjacker on chrom gorilla Just starting your process so gratefully! Win 7 home premium Maxathon only clean browser

  • This topic is locked This topic is locked

#1
devasativa
Posted 12 October 2014 - 06:21 AM

devasativa

    Member

  • Member
  • PipPip
  • 56 posts
 
OTL Extras logfile created on: 10/12/2014 4:44:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner-1\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.48 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 36.98% Memory free
6.95 Gb Paging File | 4.90 Gb Available in Paging File | 70.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.65 Gb Total Space | 76.53 Gb Free Space | 17.33% Space Free | Partition Type: NTFS
Drive D: | 19.95 Gb Total Space | 16.00 Gb Free Space | 80.21% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 3.96 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
 
Computer Name: DPLACE | User Name: Owner-1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Max3.Association.HTML] -- C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe (Maxthon International ltd.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc64.enqueue] -- "C:\Program Files\MPC-HC\mpc-hc64.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc64.play] -- "C:\Program Files\MPC-HC\mpc-hc64.exe" "%1" (MPC-HC Team)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Hewlett-Packard\HP Application Assistant\HPAA.exe %1 (Hewlett Packard Company)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc64.enqueue] -- "C:\Program Files\MPC-HC\mpc-hc64.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc64.play] -- "C:\Program Files\MPC-HC\mpc-hc64.exe" "%1" (MPC-HC Team)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19404334-F849-4B80-9782-EC61C884231F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4517ED73-DDD4-4297-A8BF-AEA73353C238}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{80B86D1E-F3EB-43A2-9A9F-F7A1320CC10C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8B161FEF-B01B-4C93-9FB6-335F9AC328FE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8CC3BAF0-0422-4731-B492-F015DEC4410D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8D8E2514-C8AB-4787-8270-713854DB409F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{920C0579-DCF0-45F2-B889-ABB4A4432751}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9317166B-8193-43FB-A2B8-6884BD9A9F7A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{96BEE9DF-AD65-4850-BD24-B426BDCF390E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9C152CDE-5413-4B4C-B8EE-ECB3A0656758}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{B137F3C7-1F3D-4729-83DB-869AACE1A3FA}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BD181986-A030-4F68-B551-9A660E10B794}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E8C00954-57FC-4950-B0F3-AA1AFC08C0F6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F27D0077-8843-42D3-8DFF-E7550F372114}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{F77CFD0A-A9B6-4448-B8A1-7FA5479E4D7B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FAB3612-A471-4AAA-A424-2E31DAEBD173}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{189E731B-AB37-490E-AA68-37EFD4BD0756}" = protocol=1 | dir=in | [email protected],-28543 | 
"{1F527094-DC23-4167-A7CA-9B1BB33E6166}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{210FF61A-A75E-4DB1-934D-55693010B417}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{25034A28-E34D-4121-811D-1C30FB0F8588}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe | 
"{2D043D00-0C68-48AD-AE62-912A4194BA7E}" = protocol=1 | dir=out | [email protected],-28544 | 
"{2D6C5D07-5673-4CB8-9C95-28AE33588474}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{307E7DC6-3FE4-4787-884E-55A29CBF151F}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe | 
"{3317ABC1-4F42-4868-93F0-461B2E4E7A0E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3A5D11D4-5BA4-4451-8307-45F544104B3D}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe | 
"{40CB1BD6-0351-44A9-BED2-688FDF6F9230}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe | 
"{52A2C0F0-2D1B-4486-9FC1-C12ADA1D63C6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{55589F8E-697F-4208-9E8C-1CDCAE84B936}" = protocol=58 | dir=in | [email protected],-28545 | 
"{5B9F3F73-C9BA-4838-A9ED-F271AD1D49D7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{72D11655-39F0-4D69-A19D-54B0DDF75587}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe | 
"{7E0CACA1-C492-4574-9E60-EC53120531CC}" = dir=in | app=c:\users\owner-1\appdata\local\microsoft\skydrive\skydrive.exe | 
"{85190B5D-4AEC-4D08-A1D5-63F2CECEF73E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{87ACB255-BCE6-48AE-9E43-9E323DDC233C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{91827D23-CCE6-4185-A8DD-1B581E2EC13B}" = protocol=17 | dir=in | app=c:\users\owner-1\appdata\roaming\dropbox\bin\dropbox.exe | 
"{95ECD88E-B387-44D5-B6DB-1DE7C5FCFD76}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{966E5531-2C91-484A-BAEB-1FD1E51FBBCD}" = protocol=6 | dir=in | app=c:\users\owner-1\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A67D2189-54F5-4FF5-AB49-E52061E320B3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AFCF30E8-D5FF-496F-AB0C-26406B97DE7A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{B386A94E-D139-4567-9875-34D38142CE43}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{B75820AA-CA41-4C7D-B35C-C6A8FB4CCCF3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{BC61C4E5-1FDE-4137-9C1E-90DAA7506CA1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{BD83C5C4-2487-421D-903F-21D081C7F789}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{BE5ADF89-F8FA-44A1-BDFD-7FD28D54D9E3}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\bin\maxthon.exe | 
"{C29860B2-D9B5-4278-974D-EDABCADE9C81}" = dir=in | app=c:\users\owner-1\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{C38D8C86-91A9-4E1C-BF0C-102CE3C54931}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\bin\mxup.exe | 
"{CD27A74E-321D-4D16-97AA-69655CC93E4A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{D33CFE09-D8C5-4667-987C-42EDA04ED50A}" = protocol=6 | dir=in | app=c:\users\new deva\appdata\roaming\bittorrent\bittorrent.exe | 
"{D37322CE-74DD-46D2-A71E-782F2C83E146}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{D889E74D-039E-4D32-B3E6-8A78A0BDD891}" = protocol=17 | dir=in | app=c:\users\new deva\appdata\roaming\bittorrent\bittorrent.exe | 
"{D8BEB4ED-4F20-447D-BAF1-767AA9420CF0}" = protocol=58 | dir=out | [email protected],-28546 | 
"{D99ED690-6ABF-4E89-B444-4A21EC44955A}" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe | 
"{DACC1FA4-DFFB-433A-97D0-91506C2CC0E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EEB35DCF-F8EC-4ADF-AC93-6DF48813EFA5}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 
"{F299502B-B547-4F00-9616-411C0FDF288A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{F463F9A5-14B5-4963-AD62-E106671621B5}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 
"TCP Query User{1171E416-96A7-4E5E-BF02-B72929CA79B7}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"TCP Query User{204B6FAC-8BF4-4D7A-B083-84C49D359F2D}C:\users\owner-1\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\owner-1\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{C66390BD-43B5-4FA9-93C5-F80E1F2ED4EC}C:\users\owner-1\appdata\roaming\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\owner-1\appdata\roaming\bittorrent\bittorrent.exe | 
"TCP Query User{E225791E-1331-4D32-B72F-4CBF847A687F}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{379D97D7-E792-4B35-A0C8-3A6A8B83A583}C:\users\owner-1\appdata\roaming\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\owner-1\appdata\roaming\bittorrent\bittorrent.exe | 
"UDP Query User{77A94DA9-CB82-4A70-9CFE-EED00B7F77FE}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"UDP Query User{9DDD83E0-9EDC-4CB6-92A6-8510BA3F2C65}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{F30A52A6-A5DE-4359-A2C7-1C639BA03C65}C:\users\owner-1\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\owner-1\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CE7EBAF-157D-4111-9146-057CB2A4023E}" = HP Application Assistant
"{115FB0FD-1A0A-4C26-82A7-A6689A799BB9}" = Boost
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21E47F47-C9A7-4454-BA48-388327B0EA00}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.7.6 (64-bit)
"{2C637DB1-3E0A-4089-8366-C6C0B01E5C2B}" = AMD Steady Video Plug-In 
"{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}" = AMD Catalyst Install Manager
"{41F22D89-7F71-E83A-08E7-7E7473F4A55D}" = AMD Accelerated Video Transcoding
"{45726347-6D97-4613-9F89-A9635ACBD34D}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{69F860CB-69A0-991D-C0A7-2967286A8DDC}" = ccc-utility64
"{6ECDAC2F-12C1-E49B-448E-6002368967E0}" = AMD Steady Video Plug-In 
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{7EE0022B-77A5-4008-BA8E-69C26F5C9955}" = AMD Fuel
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{977EBBDB-BA86-4975-803C-A7FDDF92A10C}" = AVG 2014
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A4DA1935-2F04-4AFF-BE48-085CCC7BD0CB}" = Microsoft Research Cliplets
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{B42D82E8-FF97-48BB-91AA-86717B2B6B16}" = AVG 2014
"{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}" = Microsoft Image Composite Editor
"{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}" = HP Launch Box
"{C3ECDE27-BD89-71E3-254D-DF32AF7C389D}" = AMD Wireless Display v3.0
"{CB8EC858-84C9-5A45-F786-86929EE4298B}" = AMD Drag and Drop Transcoding
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}" = HP Security Assistant
"A3870D6BEDDC4A8FF6622FE720C457528EFAA4F3" = Windows Driver Package - Microcomputer Applications, Inc. (usbkey) USB  (06/10/2010 32.0.0.0)
"AVG" = AVG 2014
"B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0" = Windows Driver Package - KEYLOK (usbkey) USB  (06/10/2010 64.0.0.0)
"D8A96622E135715AED5E5B6001904E8687BD9996" = Windows Driver Package - %HP% 
"PotPlayer64" = Potplayer-64 Bits
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001296EA-6321-1D93-6D07-C56469336B6F}" = CCC Help Chinese Traditional
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0361F83A-9DFC-483F-BC9E-7A73170612EA}" = Blio
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08BF5606-B92B-91D9-550E-45C40EF82146}" = CCC Help Swedish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B8F985B-260F-465A-B4C7-2C68F1DED218}_is1" = Mystic Palace Slots HD
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{11960C5F-F2A2-1A1C-F884-2579A22E70BA}" = CCC Help Finnish
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D968C74-5200-4331-F74D-83E30797B736}" = CCC Help Italian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2B6EDD-9374-B327-8F8E-E31AF6A805B0}" = CCC Help German
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521
"{20C2051A-1ACA-48B4-9BA5-24625DCBD880}" = RealDownloader
"{25F3B08A-F579-40E8-A8D8-42D7AFD93F18}_is1" = WMS Slots – Jungle Wild
"{285722F0-59D5-9468-BA6F-72985A2CE931}" = CCC Help Czech
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B68CAC1-5B99-3465-8982-E4FAB2AE036A}" = CCC Help Russian
"{31AC9515-5F70-41D1-F740-B1978B8D48EA}" = CCC Help Greek
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3AE82D96-752D-1505-8F07-FF9504D6D0E5}" = Catalyst Control Center Localization All
"{3D2E0EFF-7E27-ED90-809A-7E59FB05AE63}" = CCC Help Portuguese
"{481C8C2A-D764-E7B9-8155-316540E71082}" = Catalyst Control Center InstallProxy
"{4B61EB17-1D01-49CA-A802-7DDB8E8C2960}_is1" = Jewel Quest Mysteries 4 – The Oracle of Ur Collector’s Edition
"{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{565B9F3F-3617-6859-B821-6F103537489D}" = CCC Help Danish
"{574BF026-4487-4051-BCE5-83C4E40AAF6D}" = SlimComputer
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F0E916-7B87-4F09-888B-850F3F0700B5}" = Catalyst Control Center - Branding
"{5B7F33B3-C72C-4408-8AF9-B855775F51DB}" = Picasa Web Albums Live Publisher
"{5BFED7F5-6423-49AC-82C4-A4648347AC0B}" = Scanner Mouse
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}" = SlimCleaner
"{6EB5B377-BD22-2E2E-772F-4A993EAC38FD}" = Catalyst Control Center Graphics Previews Common
"{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}" = AMD System Monitor
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BAD284-3559-25EE-AB8C-FBAA8042B24B}" = CCC Help English
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777C7020-402D-4F73-D4C8-B375AFB5CFF7}" = CCC Help Polish
"{7799F944-C219-4F7B-8A41-8B8F38DA4D69}" = Photosynth 2.0114.0807.1507
"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{7E090AA3-1AA3-749F-4C2F-16CDB816651F}" = CCC Help Turkish
"{8162B13E-896E-40DF-EB30-5252BF25CC03}" = CCC Help Norwegian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89CE7F9B-B4DF-8585-638B-6BD807ADE9C7}" = HydraVision
"{8A17260E-6572-1DE2-6E73-C297A31093C1}" = CCC Help Chinese Standard
"{8CD86D42-C4DD-4E40-9211-164DFFBCA4DB}" = AVG PC TuneUp 2014 (en-US)
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E0AFE95-5099-1CB1-A3D1-1BFB2546F1F1}" = CCC Help Thai
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A5457401-D56A-43F2-9524-78E54A7FC07A}" = SlimDrivers
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83F6EE0-A42E-66D8-88B6-90A475602565}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{AD30EBFD-3F8A-491F-8C42-90BD51D7A2B9}" = Publish to Photo Frame
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B0547B43-3AEE-453C-9945-8009CF92052D}" = Autodesk Pixlr
"{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb
"{BC6CB499-9F29-4B41-8B8B-FA7248525256}" = HP Documentation
"{C086E8FA-7445-4E07-1310-4616EC120EE7}" = CCC Help Dutch
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2F88EE6-D343-F986-E8F1-F012B294CEA7}" = CCC Help Korean
"{C6640705-7479-4EE5-BC86-879F05F65E74}" = Google Drive
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6B7023C-2EE6-45A4-9670-4549D9829DD0}_is1" = Unfolding Tale 1.0
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D37C1AFD-4B44-12B5-B833-1AA7725C32A4}" = AMD Catalyst Control Center
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8735515-0DB5-DCBD-C303-37D32DE4363F}" = CCC Help Japanese
"{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4F406B9-319B-2C33-54CE-84A46DA47BFB}" = CCC Help French
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EC58A9C9-22D8-FA14-785E-37B8C290AA8D}" = CCC Help Spanish
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}" = Google Talk Plugin
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"Any Video Converter_is1" = Any Video Converter 5.6.4
"Ares" = Ares 2.2.7
"Autodesk Pixlr" = Autodesk Pixlr
"AVG Web TuneUp" = AVG Web TuneUp
"Bejeweled 3" = Bejeweled 3
"Broken Age_R.G. Mechanics_is1" = Broken Age
"Dragonboard_is1" = Dragonboard 0.9
"DVDFab 9 US_is1" = DVDFab 9.1.5.9 (25/07/2014)
"Google Chrome" = Google Chrome
"grillaprice" = grillaprice
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Kabloom_is1" = Kabloom
"LastFM_is1" = Last.fm Scrobbler 2.1.36
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Maxthon3" = Maxthon Cloud Browser
"Mozilla Firefox 32.0.3 (x86 en-US)" = Mozilla Firefox 32.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"RealPlayer 17.0" = RealPlayer Cloud
"Runeshift_is1" = Runeshift
"Unity" = Unity
"Video Screensaver" = Video Screensaver 1.0
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"BitTorrent" = BitTorrent
"Boost 1.0.2" = Boost
"Dropbox" = Dropbox
"Should I Remove It 1.0.4" = Should I Remove It
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ AND Performance Monitor Events ]
Error - 3/14/2014 6:24:54 PM | Computer Name = DPLACE | Source = AMD Performance Monitor | ID = 0
Description = Failed to access to log file. System.IO.IOException: The process cannot
 access the file 'C:\Users\Owner-1\Documents\Logs\Log.txt' because it is being used
 by another process.     at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
 
   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath,
 Boolean checkHost)     at System.IO.FileStream..ctor(String path, FileMode mode, 
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)     at System.IO.StreamWriter.CreateFile(String
 path, Boolean append, Boolean checkHost)     at System.IO.StreamWriter..ctor(String
 path, Boolean append, Encoding encoding, Int32 bufferSize, Boolean checkHost)    
 at System.IO.StreamWriter..ctor(String path, Boolean append)     at System.IO.File.AppendText(String
 path)     at AMD.PerformanceMonitor.Common.FileLogger.Log(Stream stream, String message)
 
[ Application Events ]
Error - 6/12/2014 2:31:38 PM | Computer Name = DPLACE | Source = Sound Recorder | ID = 65535
Description = 
 
Error - 6/12/2014 2:31:38 PM | Computer Name = DPLACE | Source = Sound Recorder | ID = 65535
Description = 
 
Error - 6/12/2014 2:31:38 PM | Computer Name = DPLACE | Source = Sound Recorder | ID = 65535
Description = 
 
Error - 6/12/2014 2:31:38 PM | Computer Name = DPLACE | Source = Sound Recorder | ID = 65535
Description = 
 
Error - 6/12/2014 2:31:38 PM | Computer Name = DPLACE | Source = Sound Recorder | ID = 65535
Description = 
 
Error - 6/12/2014 2:31:39 PM | Computer Name = DPLACE | Source = Sound Recorder | ID = 65535
Description = 
 
Error - 6/12/2014 2:31:39 PM | Computer Name = DPLACE | Source = Sound Recorder | ID = 65535
Description = 
 
Error - 6/12/2014 2:31:39 PM | Computer Name = DPLACE | Source = Sound Recorder | ID = 65535
Description = 
 
Error - 6/12/2014 2:31:39 PM | Computer Name = DPLACE | Source = Sound Recorder | ID = 65535
Description = 
 
Error - 6/12/2014 2:31:39 PM | Computer Name = DPLACE | Source = Sound Recorder | ID = 65535
Description = 
 
[ Hewlett-Packard Events ]
Error - 5/5/2013 3:09:41 PM | Computer Name = philliportiz-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 5/5/2013 3:11:39 PM | Computer Name = philliportiz-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 5/5/2013 3:15:08 PM | Computer Name = philliportiz-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 5/5/2013 3:15:09 PM | Computer Name = philliportiz-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 11/28/2013 10:06:16 PM | Computer Name = Computer | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3561
Ram
 Utilization:   TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
 
 
Error - 11/28/2013 11:30:27 PM | Computer Name = Computer | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3561
Ram
 Utilization: 50  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
 
 
Error - 11/29/2013 12:34:59 AM | Computer Name = Computer | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3561
Ram
 Utilization: 60  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
 
 
[ HP Software Framework Events ]
Error - 10/15/2011 2:35:38 AM | Computer Name = HV0B8AN6B1UMP | Source = CaslWmi | ID = 5
Description = 2011/10/14 23:35:37.977|0000088C|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 10/15/2011 2:35:38 AM | Computer Name = HV0B8AN6B1UMP | Source = CaslWmi | ID = 5
Description = 2011/10/14 23:35:38.632|0000088C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 4/27/2013 2:55:57 AM | Computer Name = philliportiz-HP | Source = CaslWmi | ID = 5
Description = 2013/04/26 23:55:57.849|00001180|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 4/27/2013 2:56:00 AM | Computer Name = philliportiz-HP | Source = CaslWmi | ID = 5
Description = 2013/04/26 23:56:00.408|00001088|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 4/27/2013 3:32:01 AM | Computer Name = philliportiz-HP | Source = CaslWmi | ID = 5
Description = 2013/04/27 00:32:01.392|000012AC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/5/2013 3:12:31 PM | Computer Name = philliportiz-HP | Source = CaslWmi | ID = 5
Description = 2013/05/05 15:12:30.981|00001E18|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 5/5/2013 3:12:31 PM | Computer Name = philliportiz-HP | Source = CaslWmi | ID = 5
Description = 2013/05/05 15:12:31.404|00001E18|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 5/5/2013 3:15:37 PM | Computer Name = philliportiz-HP | Source = CaslWmi | ID = 5
Description = 2013/05/05 15:15:37.845|0000408C|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 5/5/2013 3:15:38 PM | Computer Name = philliportiz-HP | Source = CaslWmi | ID = 5
Description = 2013/05/05 15:15:38.271|0000408C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ System Events ]
Error - 10/12/2014 7:49:48 AM | Computer Name = DPLACE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1058
 
Error - 10/12/2014 7:51:54 AM | Computer Name = DPLACE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1058
 
Error - 10/12/2014 7:51:54 AM | Computer Name = DPLACE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1058
 
Error - 10/12/2014 7:51:54 AM | Computer Name = DPLACE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1058
 
Error - 10/12/2014 7:56:54 AM | Computer Name = DPLACE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1058
 
Error - 10/12/2014 7:56:54 AM | Computer Name = DPLACE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1058
 
Error - 10/12/2014 7:56:54 AM | Computer Name = DPLACE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1058
 
Error - 10/12/2014 7:59:02 AM | Computer Name = DPLACE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1058
 
Error - 10/12/2014 7:59:02 AM | Computer Name = DPLACE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1058
 
Error - 10/12/2014 7:59:02 AM | Computer Name = DPLACE | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1058
 
 
< End of report >
 

  • 0

Advertisements

#2
dbreeze
Posted 12 October 2014 - 05:09 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Hi davasativa,

Welcome to Geeks to Go. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:
  • As I am in the final phase of training right now, my responses to you may be delayed slightly as they have to be checked by my adviser (good news for you, as there will be two sets of eyes fixing your problem). I promise to be as prompt as possible in helping you, so please bear with me and we will get through this.
  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at Geeks to Go are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date. That being said, please notice the following Geeks to Go rule:
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
Let's get started....

First, the OTL log file >>>>

There should be a log file named OTL.txt on your desktop (along with the Extras.txt which you posted). Please double click on the OTL.txt file, when Notepad opens with the file, select all (by pressing CRTL + A), copy (by pressing CRTL + C) and paste the text here in a post (by pressing CRTL + V).

Second, a scan with FRST >>>>

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Third, a scan with Farbar Service Scanner >>>>

Since there are Service issues on this system, we should get a scan to check all the services on the system.

Please download Farbar Service Scanner to your desktop and double click on the file to run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Things to reply back with, please >>>>
  • the OTL.txt log file
  • the FRST.txt and Addition.txt log files
  • the FSS.txt log file
  • any questions you may have

  • 0

#3
devasativa
Posted 17 October 2014 - 09:19 PM

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

I am now going to attempt the steps you outlined, but first I would like to tell you that presently I am trying to allow windows update to run, and the first item is Windows malware tool removal, and it appers that my system will not proceed past 0%.  That said I will attempt your instructions.


  • 0

#4
devasativa
Posted 17 October 2014 - 09:43 PM

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
OTL logfile created on: 10/12/2014 4:44:07 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner-1\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.48 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 36.98% Memory free
6.95 Gb Paging File | 4.90 Gb Available in Paging File | 70.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 441.65 Gb Total Space | 76.53 Gb Free Space | 17.33% Space Free | Partition Type: NTFS
Drive D: | 19.95 Gb Total Space | 16.00 Gb Free Space | 80.21% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 3.96 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
 
Computer Name: DPLACE | User Name: Owner-1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/10/12 04:39:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner-1\Desktop\OTL.exe
PRC - [2014/09/16 01:00:14 | 000,427,008 | ---- | M] () -- C:\Program Files (x86)\grillaprice\grillaprice.exe
PRC - [2014/09/05 23:14:58 | 002,680,344 | ---- | M] () -- C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
PRC - [2014/09/02 02:46:54 | 000,253,752 | ---- | M] (Maxthon International ltd.) -- C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
PRC - [2014/08/25 11:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/08/25 11:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/08/25 11:37:18 | 005,188,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2012/03/05 10:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 10:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/13 17:49:00 | 016,825,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
MOD - [2014/09/05 23:14:58 | 002,680,344 | ---- | M] () -- C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
MOD - [2014/09/01 08:34:12 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\log4cplusU.dll
MOD - [2014/05/28 19:40:14 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Maxthon3\Core\Webkit\pdf.dll
MOD - [2014/05/28 19:40:02 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\Maxthon3\Addons\Mobile\MxMobile.dll
MOD - [2013/11/20 23:37:14 | 000,109,336 | ---- | M] () -- C:\Program Files (x86)\Maxthon3\Core\Webkit\libEGL.dll
MOD - [2013/11/20 23:37:06 | 002,128,152 | ---- | M] () -- C:\Program Files (x86)\Maxthon3\Core\Webkit\ffmpegsumo.dll
MOD - [2013/11/20 23:37:06 | 000,887,064 | ---- | M] () -- C:\Program Files (x86)\Maxthon3\Core\Webkit\libGLESv2.dll
MOD - [2013/11/17 18:18:38 | 000,258,944 | ---- | M] () -- C:\Program Files (x86)\Maxthon3\Bin\Maxzlib.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/18 15:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/17 22:29:26 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2014/04/17 18:29:24 | 000,239,616 | ---- | M] (AMD) [On_Demand | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [1999/12/31 17:00:00 | 000,332,800 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2014/09/25 09:51:18 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/25 06:21:53 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 02:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/09/01 08:34:12 | 001,843,736 | ---- | M] (AVG Secure Search) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe -- (vToolbarUpdater3.2.0)
SRV - [2014/08/25 11:42:20 | 003,242,000 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/08/25 11:38:58 | 000,289,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2014/06/21 09:37:30 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2014/06/10 17:50:38 | 000,039,568 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/05 10:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [1999/12/31 17:00:00 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/09/01 08:34:12 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/08/06 10:50:04 | 000,123,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/07/21 21:03:12 | 000,244,504 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/06/30 12:43:02 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/06/17 16:21:34 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/06/17 16:07:12 | 000,328,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/06/17 16:06:58 | 000,269,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/06/17 16:06:24 | 000,190,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/06/17 16:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2014/04/23 10:25:24 | 000,936,664 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2014/04/17 19:36:46 | 015,376,384 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/04/17 18:07:06 | 000,638,976 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/12/19 09:45:50 | 000,094,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/11/07 17:09:18 | 000,040,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbkey64.sys -- (usbkey)
DRV:64bit: - [2013/05/05 13:10:25 | 000,878,184 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2013/03/05 19:28:18 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/03 19:49:18 | 000,040,432 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 22:45:36 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/14 22:45:36 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/18 05:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/06/17 04:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/06/17 04:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/06/09 19:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/06/19 00:36:04 | 000,017,920 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2b.sys -- (InputFilter_Hid_FlexDef2b)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/24 09:55:10 | 000,011,264 | ---- | M] (Primax Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NMgamingms.sys -- (NMgamingmsFltr)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [1999/12/31 17:00:00 | 000,546,304 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [1999/12/31 17:00:00 | 000,339,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...0325AS_5VENN5AH
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123...0325AS_5VENN5AH
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.istart123...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{B4DB94BC-3512-4409-8E79-07D1ADC37C30}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...0325AS_5VENN5AH
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
IE - HKLM\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...0325AS_5VENN5AH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
IE - HKCU\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{79A430CD-F74B-4E4B-A58F-64BE68948606}: "URL" = http://www.facebook....q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:13081;
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B1DD9AC48-0855-4AE7-9934-159B4377FFA2%7D:17.0.11
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:3.1.1
FF - prefs.js..extensions.enabledAddons: %7Bcd617375-6743-4ee8-bac4-fbf10f35729e%7D:2.9.5
FF - prefs.js..extensions.enabledAddons: isreaditlater%40ideashower.com:3.0.5
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.6.5
FF - prefs.js..extensions.enabledAddons: %7B1dbc4a33-ea62-4330-966c-7bdad3455322%7D:1.0.6.10
FF - prefs.js..extensions.enabledAddons: %7Bff356687-aa08-463d-a46c-11c451824939%7D:5.7.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.11.0: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.11: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.11.0: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner-1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner-1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Owner-1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner-1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1DD9AC48-0855-4AE7-9934-159B4377FFA2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/06/21 09:39:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\5app42vp.default\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/11/26 22:37:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner-1\AppData\Roaming\mozilla\Extensions
[2014/09/25 09:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner-1\AppData\Roaming\mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\extensions
[2014/09/10 03:19:11 | 000,000,000 | ---D | M] (Remove It Permanently) -- C:\Users\Owner-1\AppData\Roaming\mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
[2014/09/08 09:32:30 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Owner-1\AppData\Roaming\mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2014/09/08 14:23:59 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\Owner-1\AppData\Roaming\mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\extensions\[email protected]
[2014/08/11 07:51:13 | 000,000,000 | ---D | M] (Pocket) -- C:\Users\Owner-1\AppData\Roaming\mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\extensions\[email protected]
[2014/08/04 15:37:57 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Owner-1\AppData\Roaming\mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\extensions\[email protected]
[2014/08/06 05:14:15 | 000,000,000 | ---D | M] (YouTube Unblocker) -- C:\Users\Owner-1\AppData\Roaming\mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\extensions\[email protected]
[2014/08/11 05:45:36 | 000,042,346 | ---- | M] () (No name found) -- C:\Users\Owner-1\AppData\Roaming\mozilla\firefox\profiles\le7ztt4j.default-1407191572707\extensions\[email protected]
[2014/08/11 05:16:28 | 000,137,181 | ---- | M] () (No name found) -- C:\Users\Owner-1\AppData\Roaming\mozilla\firefox\profiles\le7ztt4j.default-1407191572707\extensions\[email protected]
[2014/08/21 02:46:18 | 000,064,715 | ---- | M] () (No name found) -- C:\Users\Owner-1\AppData\Roaming\mozilla\firefox\profiles\le7ztt4j.default-1407191572707\extensions\[email protected]
[2014/09/25 09:44:02 | 000,450,785 | ---- | M] () (No name found) -- C:\Users\Owner-1\AppData\Roaming\mozilla\firefox\profiles\le7ztt4j.default-1407191572707\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2014/09/09 23:49:53 | 000,389,786 | ---- | M] () (No name found) -- C:\Users\Owner-1\AppData\Roaming\mozilla\firefox\profiles\le7ztt4j.default-1407191572707\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2014/08/06 06:26:48 | 000,052,032 | ---- | M] () (No name found) -- C:\Users\Owner-1\AppData\Roaming\mozilla\firefox\profiles\le7ztt4j.default-1407191572707\extensions\{41e00859-3a98-4c4c-8292-2de820be3ffa}.xpi
[2014/08/06 06:29:22 | 000,062,768 | ---- | M] () (No name found) -- C:\Users\Owner-1\AppData\Roaming\mozilla\firefox\profiles\le7ztt4j.default-1407191572707\extensions\{5ff60652-3079-4d1a-8328-3126890eae58}.xpi
[2014/08/06 05:30:39 | 000,065,849 | ---- | M] () (No name found) -- C:\Users\Owner-1\AppData\Roaming\mozilla\firefox\profiles\le7ztt4j.default-1407191572707\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
[2014/08/04 15:40:23 | 001,384,265 | ---- | M] () (No name found) -- C:\Users\Owner-1\AppData\Roaming\mozilla\firefox\profiles\le7ztt4j.default-1407191572707\extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi
[2014/08/11 05:15:34 | 000,001,937 | ---- | M] () -- C:\Users\Owner-1\AppData\Roaming\mozilla\firefox\profiles\le7ztt4j.default-1407191572707\searchplugins\duckduckgo.xml
[2014/09/25 09:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/25 09:51:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/06/21 09:39:03 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.5.671\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.5 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealPlayer Video Downloader  (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealPlayer Video Downloader for HTML5  (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealPlayer Video Downloader for PepperFlash  (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Owner-1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Owner-1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Owner-1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Owner-1\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
CHR - plugin: Shockwave for Director (Disabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
 
O1 HOSTS File: ([2014/09/15 17:17:12 | 000,000,000 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Webroot Vault) - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Web TuneUp\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableFirstLogonAnimation = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Marketplace (Microsoft Corporation)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O9:64bit: - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar64.dll File not found
O9 - Extra Button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B623FB1-11DE-4025-BA9A-100F234720A1}: DhcpNameServer = 192.168.0.1 205.171.2.65
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll (AVG Secure Search)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/09/29 00:17:18 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2014/09/15 17:17:12 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4263272e-3bbf-11e4-afdd-ec9a74573b2c}\Shell - "" = AutoRun
O33 - MountPoints2\{4263272e-3bbf-11e4-afdd-ec9a74573b2c}\Shell\AutoRun\command - "" = G:\VM_Universal_Installer2-0-2.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/10/12 04:39:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner-1\Desktop\OTL.exe
[2014/10/11 15:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono
[2014/10/06 00:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Intenium
[2014/10/05 23:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\n7-89-o9-3r-4t-r9
[2014/10/01 19:05:44 | 000,000,000 | ---D | C] -- C:\Users\Owner-1\AppData\Local\{7510169C-3D9E-45E0-B3C5-2A07F8D0CAC5}
[2014/09/29 22:54:31 | 000,000,000 | ---D | C] -- C:\Users\Owner-1\AppData\Local\{24FF32C3-A238-43DA-AB94-3D6118AD377A}
[2014/09/29 16:21:19 | 000,000,000 | ---D | C] -- C:\Users\Owner-1\Documents\Any Video Converter
[2014/09/29 09:14:32 | 000,000,000 | ---D | C] -- C:\Users\Owner-1\Desktop\New folder
[2014/09/29 09:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photosynth
[2014/09/29 09:04:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photosynth
[2014/09/29 07:04:06 | 000,000,000 | ---D | C] -- C:\Users\Owner-1\AppData\Local\{9B6E8402-CBF0-413E-AFF0-E39525B3B8B7}
[2014/09/29 06:52:07 | 000,000,000 | ---D | C] -- C:\Users\Owner-1\AppData\Local\Microsoft_Corporation
[2014/09/29 06:38:07 | 000,000,000 | ---D | C] -- C:\Users\Owner-1\AppData\Local\Autodesk
[2014/09/29 04:18:46 | 000,000,000 | ---D | C] -- C:\Users\Owner-1\AppData\Roaming\OpenSoftwareUpdater
[2014/09/29 04:18:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\grillaprice
[2014/09/29 00:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2014/09/29 00:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2014/09/29 00:18:11 | 000,000,000 | ---D | C] -- C:\Users\Owner-1\AppData\Roaming\Autodesk
[2014/09/29 00:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2014/09/29 00:17:18 | 000,000,000 | ---D | C] -- C:\Autodesk
[2014/09/27 03:59:52 | 000,000,000 | ---D | C] -- C:\Users\Owner-1\Documents\Malware bytes support history complete cases
[2014/09/26 23:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/09/26 23:01:07 | 000,128,728 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/26 22:57:32 | 000,000,000 | ---D | C] -- C:\Users\Owner-1\Desktop\mbar
[2014/09/26 10:35:07 | 000,000,000 | ---D | C] -- C:\Users\Owner-1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/09/26 08:06:40 | 000,000,000 | ---D | C] -- C:\Users\Owner-1\Documents\t.  WA law..limitations
[2014/09/25 16:16:59 | 000,000,000 | ---D | C] -- C:\Users\Owner-1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[2014/09/25 09:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/09/16 05:20:59 | 014,349,744 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Owner-1\Desktop\mbar-1.07.0.1012.exe
[2014/09/16 03:03:13 | 000,000,000 | ---D | C] -- C:\Users\Owner-1\.appwork
[2014/09/15 17:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/09/15 16:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/05/01 23:30:28 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/10/12 04:39:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner-1\Desktop\OTL.exe
[2014/10/12 04:38:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA.job
[2014/10/12 04:22:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/10/12 04:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/12 03:37:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA.job
[2014/10/12 02:34:43 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/12 02:34:43 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/12 02:27:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/12 02:27:03 | 2800,803,840 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/12 00:37:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core.job
[2014/10/11 20:25:43 | 000,026,070 | ---- | M] () -- C:\Users\Owner-1\Desktop\[kickass.to]kurt.vonnegut.collection.11.audiobooks.www.torrent
[2014/10/11 14:38:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core.job
[2014/10/11 02:00:09 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner-1.job
[2014/10/10 11:44:37 | 012,200,491 | ---- | M] () -- C:\Users\Owner-1\Desktop\attachments.zip
[2014/10/10 11:44:01 | 002,427,581 | ---- | M] () -- C:\Users\Owner-1\Desktop\IMG_0323.JPG
[2014/10/10 11:43:17 | 001,858,754 | ---- | M] () -- C:\Users\Owner-1\Desktop\daddy and Jemma.JPG
[2014/10/02 12:09:32 | 000,001,407 | ---- | M] () -- C:\Users\Owner-1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/29 13:03:17 | 000,000,997 | ---- | M] () -- C:\Users\Owner-1\Application Data\Microsoft\Internet Explorer\Quick Launch\Daum Potplayer-64 Bits.lnk
[2014/09/29 13:03:17 | 000,000,973 | ---- | M] () -- C:\Users\Owner-1\Desktop\Daum Potplayer-64 Bits.lnk
[2014/09/29 04:45:54 | 000,430,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/29 00:27:57 | 000,002,239 | ---- | M] () -- C:\Users\Owner-1\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/29 00:27:57 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/29 00:22:20 | 000,001,894 | ---- | M] () -- C:\Users\Owner-1\Application Data\Microsoft\Internet Explorer\Quick Launch\Pixlr .lnk
[2014/09/29 00:22:20 | 000,001,870 | ---- | M] () -- C:\Users\Public\Desktop\Pixlr .lnk
[2014/09/28 23:17:30 | 000,322,204 | ---- | M] () -- C:\Users\Owner-1\Desktop\My LastPass Vault_20140928231717.jpg
[2014/09/28 23:15:20 | 000,325,113 | ---- | M] () -- C:\Users\Owner-1\Desktop\My LastPass Vault_20140928231438.jpg
[2014/09/26 23:01:07 | 000,128,728 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/26 22:57:39 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/09/24 08:51:35 | 001,631,371 | ---- | M] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_12.mp4
[2014/09/24 08:51:29 | 002,316,650 | ---- | M] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_15.mp4
[2014/09/24 08:51:28 | 002,739,497 | ---- | M] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_14.mp4
[2014/09/24 08:51:26 | 002,819,822 | ---- | M] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_13.mp4
[2014/09/24 08:51:21 | 000,950,840 | ---- | M] () -- C:\Users\Owner-1\Desktop\1738079_218960804980062_2017555973_n.mp4
[2014/09/24 08:51:03 | 006,891,512 | ---- | M] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_16.mp4
[2014/09/24 08:49:07 | 002,736,439 | ---- | M] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_7(1).mp4
[2014/09/24 08:40:21 | 006,450,961 | ---- | M] () -- C:\Users\Owner-1\Desktop\10518475_254095261466616_910788609_n.mp4
[2014/09/24 08:40:18 | 002,188,153 | ---- | M] () -- C:\Users\Owner-1\Desktop\10491573_256173664592109_879986958_n.mp4
[2014/09/24 08:39:44 | 002,736,439 | ---- | M] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_7.mp4
[2014/09/24 08:39:41 | 001,436,983 | ---- | M] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_8.mp4
[2014/09/24 08:37:01 | 007,552,254 | ---- | M] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_4.mp4
[2014/09/24 08:35:37 | 009,507,406 | ---- | M] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_1(1).mp4
[2014/09/24 08:34:45 | 001,392,613 | ---- | M] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_2(1).mp4
[2014/09/24 08:33:50 | 009,507,406 | ---- | M] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_1.mp4
[2014/09/24 08:33:41 | 000,499,106 | ---- | M] () -- C:\Users\Owner-1\Desktop\10654293_270598823149593_1871693183_n.mp4
[2014/09/24 08:29:58 | 009,507,406 | ---- | M] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_2.mp4
[2014/09/22 23:34:19 | 003,591,820 | ---- | M] () -- C:\Users\Owner-1\Desktop\(99) Facebook_1.mp4
[2014/09/16 05:20:59 | 014,349,744 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Owner-1\Desktop\mbar-1.07.0.1012.exe
[2014/09/16 04:18:14 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/15 17:17:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/09/15 17:17:12 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/10/11 20:25:43 | 000,026,070 | ---- | C] () -- C:\Users\Owner-1\Desktop\[kickass.to]kurt.vonnegut.collection.11.audiobooks.www.torrent
[2014/10/10 11:44:30 | 012,200,491 | ---- | C] () -- C:\Users\Owner-1\Desktop\attachments.zip
[2014/10/10 11:44:01 | 002,427,581 | ---- | C] () -- C:\Users\Owner-1\Desktop\IMG_0323.JPG
[2014/10/10 11:43:17 | 001,858,754 | ---- | C] () -- C:\Users\Owner-1\Desktop\daddy and Jemma.JPG
[2014/10/02 12:09:34 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014/10/02 12:09:33 | 000,002,002 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Center.lnk
[2014/10/02 12:09:32 | 000,001,413 | ---- | C] () -- C:\Users\Owner-1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/10/02 12:09:32 | 000,001,407 | ---- | C] () -- C:\Users\Owner-1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/29 13:03:17 | 000,000,973 | ---- | C] () -- C:\Users\Owner-1\Desktop\Daum Potplayer-64 Bits.lnk
[2014/09/29 00:27:57 | 000,002,239 | ---- | C] () -- C:\Users\Owner-1\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/29 00:27:57 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/29 00:22:20 | 000,001,894 | ---- | C] () -- C:\Users\Owner-1\Application Data\Microsoft\Internet Explorer\Quick Launch\Pixlr .lnk
[2014/09/29 00:22:20 | 000,001,870 | ---- | C] () -- C:\Users\Public\Desktop\Pixlr .lnk
[2014/09/28 23:17:30 | 000,322,204 | ---- | C] () -- C:\Users\Owner-1\Desktop\My LastPass Vault_20140928231717.jpg
[2014/09/28 23:15:20 | 000,325,113 | ---- | C] () -- C:\Users\Owner-1\Desktop\My LastPass Vault_20140928231438.jpg
[2014/09/24 08:51:35 | 001,631,371 | ---- | C] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_12.mp4
[2014/09/24 08:51:21 | 000,950,840 | ---- | C] () -- C:\Users\Owner-1\Desktop\1738079_218960804980062_2017555973_n.mp4
[2014/09/24 08:51:20 | 002,819,822 | ---- | C] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_13.mp4
[2014/09/24 08:51:20 | 002,739,497 | ---- | C] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_14.mp4
[2014/09/24 08:51:20 | 002,316,650 | ---- | C] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_15.mp4
[2014/09/24 08:51:03 | 006,891,512 | ---- | C] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_16.mp4
[2014/09/24 08:49:07 | 002,736,439 | ---- | C] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_7(1).mp4
[2014/09/24 08:40:12 | 006,450,961 | ---- | C] () -- C:\Users\Owner-1\Desktop\10518475_254095261466616_910788609_n.mp4
[2014/09/24 08:40:12 | 002,188,153 | ---- | C] () -- C:\Users\Owner-1\Desktop\10491573_256173664592109_879986958_n.mp4
[2014/09/24 08:39:41 | 002,736,439 | ---- | C] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_7.mp4
[2014/09/24 08:39:41 | 001,436,983 | ---- | C] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_8.mp4
[2014/09/24 08:37:01 | 007,552,254 | ---- | C] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_4.mp4
[2014/09/24 08:35:30 | 009,507,406 | ---- | C] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_1(1).mp4
[2014/09/24 08:34:45 | 001,392,613 | ---- | C] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_2(1).mp4
[2014/09/24 08:33:41 | 009,507,406 | ---- | C] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_1.mp4
[2014/09/24 08:33:41 | 000,499,106 | ---- | C] () -- C:\Users\Owner-1\Desktop\10654293_270598823149593_1871693183_n.mp4
[2014/09/24 08:29:57 | 009,507,406 | ---- | C] () -- C:\Users\Owner-1\Desktop\(99) Tristen Cate_2.mp4
[2014/09/22 23:34:19 | 003,591,820 | ---- | C] () -- C:\Users\Owner-1\Desktop\(99) Facebook_1.mp4
[2014/09/15 17:17:12 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/08/02 15:40:53 | 000,000,155 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/05/30 20:46:48 | 000,005,120 | ---- | C] () -- C:\Users\Owner-1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/17 22:28:30 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2014/04/17 19:22:56 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2014/04/17 19:22:56 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2014/04/17 18:25:52 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2014/04/17 18:25:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014/01/06 03:55:03 | 000,072,621 | ---- | C] () -- C:\Windows\rodflashvideoss_uninst.exe
[2013/12/01 04:22:03 | 000,007,592 | ---- | C] () -- C:\Users\Owner-1\AppData\Local\resmon.resmoncfg
[2013/11/07 17:09:20 | 000,024,136 | ---- | C] () -- C:\Windows\SysWow64\ppmon.exe
[2013/11/07 17:09:20 | 000,012,480 | ---- | C] () -- C:\Windows\SysWow64\KL2N.DLL
[2013/11/07 17:09:20 | 000,007,440 | ---- | C] () -- C:\Windows\SysWow64\ppmon.dll
 
========== ZeroAccess Check ==========
 
[2014/09/01 14:39:50 | 004,554,955 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-1864448044-3865198937-871872176-1005\$RHN2E5K\u.zip
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/22 20:51:54 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\.mono
[2014/07/23 17:30:35 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\2Flyer
[2014/07/29 05:43:05 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\3388
[2014/06/18 12:21:14 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\AnvSoft
[2014/09/29 00:18:11 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\Autodesk
[2014/08/30 22:28:44 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\AVG2014
[2014/10/11 22:59:15 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\BitTorrent
[2013/12/08 13:31:32 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\Blio
[2014/08/14 22:46:18 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\Broken Age
[2014/09/02 21:40:05 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\Dropbox
[2014/07/29 05:08:19 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\DVDFab9
[2013/11/29 16:39:38 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\FixCleaner
[2014/10/01 08:53:51 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\GetPrivate
[2013/11/27 14:00:40 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\ID Vault
[2013/11/28 11:46:44 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\IDT
[2014/08/14 19:59:46 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\iWin
[2014/06/10 05:49:46 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\library_dir
[2014/07/29 00:14:21 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\Maxthon3
[2014/06/08 10:07:34 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\MPC-HC
[2014/09/29 04:18:46 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\OpenSoftwareUpdater
[2014/06/25 00:37:31 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\PixorialUploader.old
[2014/08/14 17:58:57 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\PlayFirst
[2014/09/02 22:01:11 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\PotPlayerMini64
[2013/12/01 00:16:07 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\Reason
[2014/09/04 20:40:54 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\Spotify
[2013/11/18 19:27:03 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\Synaptics
[2013/11/28 14:11:16 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\Systweak
[2014/08/30 22:27:12 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\TuneUp Software
[2014/03/03 13:20:13 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\Unity
[2014/09/03 12:39:43 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\uTorrent
[2013/12/01 02:50:20 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\WinBatch
[2014/03/02 21:08:25 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\Windows Live Writer
[2014/08/31 01:23:42 | 000,000,000 | ---D | M] -- C:\Users\Owner-1\AppData\Roaming\Wise
 
========== Purity Check ==========
 
 
 
< End of report >

  • 0

#5
devasativa
Posted 17 October 2014 - 09:55 PM

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Owner-1 (administrator) on DPLACE on 17-10-2014 20:49:36
Running from C:\Users\Owner-1\Desktop
Loaded Profile: Owner-1 (Available profiles: Owner-1 & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files (x86)\grillaprice\grillaprice.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Reason Software Company Inc.) C:\Users\Owner-1\AppData\Roaming\Reason\Boost\boost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2680344 2014-09-05] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1864448044-3865198937-871872176-1005\...\MountPoints2: {4263272e-3bbf-11e4-afdd-ec9a74573b2c} - G:\VM_Universal_Installer2-0-2.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...0325AS_5VENN5AH
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...0325AS_5VENN5AH
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123...0325AS_5VENN5AH
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...0325AS_5VENN5AH
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123...q={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123...q={searchTerms}
SearchScopes: HKLM - {B4DB94BC-3512-4409-8E79-07D1ADC37C30} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = 
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {79A430CD-F74B-4E4B-A58F-64BE68948606} URL = http://www.facebook....q={searchTerms}
SearchScopes: HKCU - {B4DB94BC-3512-4409-8E79-07D1ADC37C30} URL = 
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll (AVG Secure Search)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.65
 
FireFox:
========
FF ProfilePath: C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.0\\npsitesafety.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Owner-1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner-1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Owner-1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner-1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner-1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner-1\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istart123.xml
FF Extension: Avira Browser Safety - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-09-08]
FF Extension: Pocket - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-11]
FF Extension: LastPass - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-04]
FF Extension: YouTube Unblocker - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-06]
FF Extension: Remove It Permanently - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322} [2014-09-10]
FF Extension: Evernote Web Clipper - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-08-11]
FF Extension: Add to Search Bar - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-11]
FF Extension: DuckDuckGo Plus - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-11]
FF Extension: Perfect View - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-06]
FF Extension: All-in-One Sidebar - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-08-11]
FF Extension: FlashGot - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-08-06]
FF Extension: PictuTools - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{41e00859-3a98-4c4c-8292-2de820be3ffa}.xpi [2014-08-06]
FF Extension: FB Gamer - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{5ff60652-3079-4d1a-8328-3126890eae58}.xpi [2014-08-06]
FF Extension: RightToClick - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2014-08-06]
FF Extension: Red Cats (blue flavor) - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi [2014-08-04]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-21]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\5app42vp.default\extensions\[email protected]
 
Chrome: 
=======
CHR Profile: C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Art Project, powered by Google) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafjiaooblldgcephecfcafbmckcfeep [2013-11-28]
CHR Extension: (Bejeweled) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2013-11-28]
CHR Extension: (Kicksend - Share Photos) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeknnigbopacbbcnnphalkgflgdlnoon [2014-09-29]
CHR Extension: (Theme Creator) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2013-11-28]
CHR Extension: (Worlize) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoleedjgbljpnebkobbongneigoelmnb [2013-11-28]
CHR Extension: (UJAM - Make your music.) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdiogojbmdncjdpljocafnigiokgmci [2013-11-28]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2013-11-28]
CHR Extension: (ezFractal - Strange Attractors App) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\befeejacabkplbgddjbhbbbbogmlomhg [2013-11-28]
CHR Extension: (Fotor Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2014-09-29]
CHR Extension: (Simple Image Resizer) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bficingcnodlbbildpbnjdgcmbipgnbi [2014-09-25]
CHR Extension: (Loupe Collage) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhaonknplhhecdgjpphnooeomecgipkc [2013-11-28]
CHR Extension: (Pulsate) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjilkkfelgjefpjbjfnfdhmmoglpbhli [2013-11-28]
CHR Extension: (Genie Jackpots) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnaafakedmhapgnckdkkadbjmoakikki [2013-11-28]
CHR Extension: (Cash of the Titans) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkbkhakepfeehemdjcegjlmcehjckid [2013-11-28]
CHR Extension: (Tarot Reading (FREE)) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegplnibkbhflhkcbohabjbmmokildob [2014-09-25]
CHR Extension: (Camera360网页版) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfojbadjlaaiddllnogeohfgamgedcfd [2014-09-29]
CHR Extension: (Pixsta) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijncchffkmlnfdbnkkfclcbnjcoegjc [2014-09-29]
CHR Extension: (Amigo's Gold) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnfmlpgjkhndffmipbeemgbbdihoeihg [2013-11-28]
CHR Extension: (Weebly - Website Builder) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2013-11-28]
CHR Extension: (Panda Poet) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\daicmhhkdcccfobnkidlhnieapcikadf [2013-11-28]
CHR Extension: (ColorMandala) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbafebdejmcgpbfkppndjeajebpppnei [2013-11-28]
CHR Extension: (Gaia Online) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcejlakbncmhdpijmpdepcjfjodfeljj [2013-11-28]
CHR Extension: (Fun Switcher) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb [2013-11-28]
CHR Extension: (PiXditor - Photo Effects) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddfflkeppghppjmfikeachhdbmpjiacj [2014-09-29]
CHR Extension: (CasinoRPG - Poker, Slots, Tycoon, MMORPG) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfadcimibgpdemlpghdofndlapaiciel [2014-09-25]
CHR Extension: (rotoscope) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhimnnhmaanmanmmokfpijgambokcpni [2014-09-29]
CHR Extension: (PicMonkey Extension) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhipmoghimfdldnocmopeoanjmoolofl [2013-11-28]
CHR Extension: (Denki Word Quest) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibnbdoaalhdbddheelckdbghjhgkahn [2014-09-25]
CHR Extension: (Word Search) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2013-11-28]
CHR Extension: (Free Casino Slots) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnomkmpkegpcpakppphmmaphjeabjkcp [2014-09-25]
CHR Extension: (Sumo Paint) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod [2013-11-28]
CHR Extension: (ClanShot - Social Image Gallery) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkonmnepckfdddbbmjbnmgjagehnjde [2014-09-29]
CHR Extension: (Mahjongg) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2013-11-28]
CHR Extension: (Cop the Lot) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efgjbkonhellpgfomncmljjdjejbocnc [2013-11-28]
CHR Extension: (Best Entertainment Apps) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efngbgpefbbmjdekcljbnpgdjaegljpn [2013-11-28]
CHR Extension: (500px) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\egpociadnldbkfkjpmjoaibnbcoeplja [2014-09-29]
CHR Extension: (King Solomons) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlombkifoagifleccjfpbhfbjibpkfj [2014-09-25]
CHR Extension: (Box - 10GB of FREE storage) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2013-11-28]
CHR Extension: (Fairest of Them All) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\elakbdjgendoliaogejfmnhdjchdkboc [2013-11-28]
CHR Extension: (Krishna 3D) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\feadgpcllehmhnikijnojlfccolbllge [2013-11-28]
CHR Extension: (PicMonkey) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-09-29]
CHR Extension: (Stupeflix Video Maker) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem [2013-11-28]
CHR Extension: (Avira Browser Safety) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-07-31]
CHR Extension: (C++ Tutorial) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpkdcihamnidijdfmjeckahccaphlofi [2014-09-25]
CHR Extension: (Best Apps) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekkkgddoohlaojggcdmihoeahbnlomf [2013-11-28]
CHR Extension: (Picadilo) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\geljjpapbfokifgnlnpdbiplebdhlein [2014-09-29]
CHR Extension: (Wallpaper Backgrounds - Free Wallpapers) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gggpfgbncdijopafhadglgjglomiaoba [2013-11-28]
CHR Extension: (Planetarium) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2013-11-28]
CHR Extension: (Autodesk 123D Catch) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjmccldlkdbjakaebbpiojpfbambiphj [2013-11-28]
CHR Extension: (Heart) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnfkpbienbblndialjooaiaociigepn [2013-11-28]
CHR Extension: (Save to Google Drive) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-09-25]
CHR Extension: (Free Slots) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gncgkjfgbkncmgekiidabkngldhokoio [2014-09-25]
CHR Extension: (ImageBot Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngdfkmfhlbimnaglgofeloikojnnaka [2013-11-28]
CHR Extension: (Hippo Paint) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gocgkkkalgjbolohhjmbekcemffhijbf [2013-11-28]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-11-28]
CHR Extension: (FabCam) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hejilffmihldhlfocnabcgndjjpgadfl [2013-11-28]
CHR Extension: (Atavi bookmarks) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfephclnnkjfkfnmmcjampphpfgijgae [2014-09-25]
CHR Extension: (The Elementals) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhfehlnocjpbnbcabcjjnemkkkghaak [2013-11-28]
CHR Extension: (Leprechaun's Luck) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhgkfjhkjijkebohallibampichdppc [2013-11-28]
CHR Extension: (Vimeo Couch Mode) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjkdhkejcnlmkfdodbkdkelefnkobfif [2014-09-25]
CHR Extension: (Mystery Case Files: Madame Fate ®) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjhpnaodhjkfpbhmjjakbngblomampb [2013-11-28]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-09-26]
CHR Extension: (Wild Gambler) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmkmbgbgljpggoifoncmahpbdpholjgo [2013-11-28]
CHR Extension: (Quotes Book) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfjeadhjbcepmknoanimdbemlobmlpe [2014-09-25]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-11-29]
CHR Extension: (Pixlr Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2013-11-28]
CHR Extension: (RealPlayer Downloader) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-31]
CHR Extension: (Lunapic Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifimmnanlabnljjnaegjmgnelmdmjabn [2013-11-28]
CHR Extension: (Twinoo Brain Training - Test your Brain) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\igippnbkniajgjmfiklnjokigepheabp [2013-11-28]
CHR Extension: (Qbox - Wisdom of the Ages) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfnimbehfhlelledoaemompbeihbhfb [2013-11-28]
CHR Extension: (iPiccy Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2013-11-28]
CHR Extension: (Memrise) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipanemchpnjhopmgcmmjhjcniogmoooc [2013-11-28]
CHR Extension: (Fish Tales 2) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaghkmcgmmageapicnkmimibjenkldkc [2013-11-28]
CHR Extension: (Cut the Rope) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbadlndcminbkfojhlimnkgaackjmdo [2014-09-25]
CHR Extension: (Psykogif) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkjoklgdmjnffhmmllncmleongbhpdok [2014-01-01]
CHR Extension: (Lucky Free Slots) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklflojhcplaifoheemkildbmcjfhlij [2013-11-28]
CHR Extension: (Pixlr Touch Up) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2014-09-29]
CHR Extension: (Alice's Wonderland) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\khdhgjjadoofeaeajlpanbfgigchpgph [2013-11-28]
CHR Extension: (MakeGIF) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiibohfpiojejdooomkpmhhilobdkkle [2014-09-29]
CHR Extension: (Sand 2) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\klicmgamjpclmbhppmdeamffedflmkcn [2013-11-28]
CHR Extension: (Adblock Super) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2014-09-25]
CHR Extension: (Little Alchemy) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-11-28]
CHR Extension: (Until AM Web App) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2013-11-28]
CHR Extension: (Rango: The WORLD) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ladlgddeghalkmimaamlhbfaglfcdiep [2013-11-28]
CHR Extension: (Picozu) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajpehananomepaahgohcnmgkgmkhogf [2013-11-28]
CHR Extension: (Pix: Pixel Mixer) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbjiacdnbellpbhocabghholhnlboibg [2014-09-25]
CHR Extension: (Best Game Apps) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcedphmnlpmkcmhmpejeoalaeljdogia [2013-11-28]
CHR Extension: (Webcam Toy) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-11-28]
CHR Extension: (Comic Webcam) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffhmndpldceogndeognocbpmlgdemi [2014-09-29]
CHR Extension: (Picasa Extension (by Google)) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhhlohbbihddnfcehbijmlnpkafmmkfp [2013-11-28]
CHR Extension: (Vegas World) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkfngbagahkfkhdkaelphbgkaalajhim [2014-09-25]
CHR Extension: (Hottest Apps) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\maceojlogikadmomgoojfcgbbmnjggje [2013-11-28]
CHR Extension: (SMS Quotes) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\maipobjfmhedpebidmfcpajlegghgmpk [2014-09-29]
CHR Extension: (Madalin - Casino) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbiiphkhamhjhlefjichkpdjncmmokje [2013-11-28]
CHR Extension: (Pocket) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-09-25]
CHR Extension: (PixFiltre - Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebhanlkihgdilmhiaiaclanodcalglc [2014-09-29]
CHR Extension: (Drive) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2014-09-26]
CHR Extension: (TextNow) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkjdngkmnogclafejjgbgjjegoaahihg [2014-09-25]
CHR Extension: (Google Wallet) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR Extension: (Hover Zoom) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-09-26]
CHR Extension: (GIFPAL) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch [2013-11-28]
CHR Extension: (piZap Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\occpjibghkbopohbefbejkklnfdkdmok [2013-11-28]
CHR Extension: (Foto Rulez) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\odahhdimpaeigjcdbgcnhemlkejclmmk [2014-09-29]
CHR Extension: (Picky Wallpapers) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj [2013-11-28]
CHR Extension: (Scribble - stickies on steroids) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\offpaifnchmpbnjhjbhpdffahlofdkfb [2013-11-28]
CHR Extension: (Picasa) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-09-25]
CHR Extension: (Bastion) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2013-11-28]
CHR Extension: (Rollip - Photo Effects) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooikhmcdpofogemaldinihdhidaokcmp [2014-09-29]
CHR Extension: (Falling Sand Game) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdknckljjbdpkhgmcokoahffbdinafbo [2013-11-28]
CHR Extension: (Psykopaint) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2013-11-28]
CHR Extension: (Harry Trotter) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnfmgchcbgfcjhefffockipipfofamid [2013-11-28]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [iekjmlcgpmcjigljdiagaibfjfaideal] - C:\Users\Owner\AppData\Local\CRE\iekjmlcgpmcjigljdiagaibfjfaideal.crx [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-08-04]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
Locked "GrillaPrice" service was unlocked successfully. <===== ATTENTION
 
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 GrillaPrice; C:\Program Files (x86)\grillaprice\grillaprice.exe [427008 2014-09-16] () [File not signed]
S3 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 1999-12-31] (Realsil Microelectronics Inc.) [File not signed]
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
S3 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-21] (RealNetworks, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 1999-12-31] (IDT, Inc.) [File not signed]
S3 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-09-01] (AVG Secure Search)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 AntiLog32; No ImagePath
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-01] (AVG Technologies)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-03-05] (MediaMall Technologies, Inc.)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [40288 2013-11-07] ()
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 cpuz134; \??\C:\Users\Owner-1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-17 20:49 - 2014-10-17 20:50 - 00037293 _____ () C:\Users\Owner-1\Desktop\FRST.txt
2014-10-17 20:49 - 2014-10-17 20:49 - 00000000 ____D () C:\FRST
2014-10-17 20:47 - 2014-10-17 20:47 - 02112000 _____ (Farbar) C:\Users\Owner-1\Desktop\FRST64.exe
2014-10-17 20:45 - 2014-10-17 20:45 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\Avg2015
2014-10-17 19:46 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 19:46 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 19:46 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 19:46 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 19:46 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 19:46 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 19:46 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 19:46 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 19:46 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 19:46 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 19:46 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 19:46 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 19:46 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 19:46 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 19:46 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 19:46 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-17 19:46 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-17 19:46 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-17 19:46 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-17 19:46 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-17 19:46 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-17 19:46 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-17 19:46 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-17 19:46 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-17 19:46 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-17 19:46 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-17 19:46 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-17 19:45 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 19:45 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 19:45 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 19:45 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 19:45 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 19:45 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 19:45 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 19:45 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 19:45 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 19:45 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 19:45 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 19:45 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 19:45 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 19:45 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 19:45 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 19:45 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 19:45 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 19:45 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 19:45 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 19:45 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 19:45 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 19:45 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 19:45 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 19:45 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 19:45 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 19:45 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 19:45 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 19:45 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 19:45 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 19:45 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 19:45 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 19:45 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 19:45 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 19:45 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 19:45 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 19:45 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 19:45 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 19:45 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 19:45 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 19:45 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 19:45 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 19:43 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 19:43 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 19:43 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 19:43 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 19:43 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 19:43 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 19:43 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 19:41 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 19:41 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 19:40 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 19:40 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 19:40 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 19:40 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 19:39 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 19:39 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-17 19:39 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 19:39 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 19:39 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 19:39 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 19:39 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 19:39 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 19:39 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 19:39 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 19:39 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-17 19:39 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-17 19:39 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 19:39 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 19:39 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 19:39 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-12 05:02 - 2014-10-12 05:18 - 00079182 _____ () C:\Users\Owner-1\Desktop\Extras.Txt
2014-10-12 05:00 - 2014-10-12 05:00 - 00120358 _____ () C:\Users\Owner-1\Desktop\OTL.Txt
2014-10-12 04:39 - 2014-10-12 04:39 - 00602112 _____ (OldTimer Tools) C:\Users\Owner-1\Desktop\OTL.exe
2014-10-12 04:19 - 2014-10-12 04:19 - 00008847 _____ () C:\Users\Owner-1\Documents\newlist.txt
2014-10-11 20:25 - 2014-10-11 20:25 - 00026070 _____ () C:\Users\Owner-1\Desktop\[kickass.to]kurt.vonnegut.collection.11.audiobooks.www.torrent
2014-10-11 15:34 - 2014-10-11 15:34 - 00000000 ____D () C:\ProgramData\.mono
2014-10-10 20:51 - 2014-10-10 20:51 - 00002982 _____ () C:\Windows\System32\Tasks\{F3CF654F-0598-47BA-88A3-91DE7AA6C1A3}
2014-10-10 20:51 - 2014-10-10 20:51 - 00002982 _____ () C:\Windows\System32\Tasks\{E6FA3439-D03E-474A-A864-54E7CEA93455}
2014-10-10 20:51 - 2014-10-10 20:51 - 00002982 _____ () C:\Windows\System32\Tasks\{3D9E1804-6740-4300-B671-3239C524921F}
2014-10-10 20:51 - 2014-10-10 20:51 - 00002956 _____ () C:\Windows\System32\Tasks\{11C396B0-D4A0-46CB-A841-EFD6AD7715E4}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{F10006ED-B251-4972-840E-25EDFDDCD041}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{E0A18E8D-F885-4A82-9916-54CFB5E9046C}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{97E5E8F8-2B69-462C-905E-D5975B48C1FB}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{82994078-CC11-4AC2-8DC3-2C19C579B5E9}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{42A1BE7E-6CCD-4E7E-8C4A-4EB2ABC124B8}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{345E4FE0-B690-4458-BE6A-E2AC593605B9}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{1D7A61D8-B204-4C03-9D41-8731703E7E05}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{1B7F23FC-C788-4D5A-AE59-92D5BA290952}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{1609BA14-0FED-442D-9170-C04C15F981C5}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{0F7B7E08-1DD9-4AE5-9A9A-08CDDDCD1169}
2014-10-10 20:46 - 2014-10-10 20:46 - 00002956 _____ () C:\Windows\System32\Tasks\{7BAABC9C-7086-4FA4-BDE5-681BD8017B19}
2014-10-10 11:44 - 2014-10-10 11:44 - 12200491 _____ () C:\Users\Owner-1\Desktop\attachments.zip
2014-10-06 00:22 - 2014-10-06 00:22 - 00000000 ____D () C:\ProgramData\Intenium
2014-10-05 23:54 - 2014-10-05 23:54 - 00000000 ____D () C:\ProgramData\n7-89-o9-3r-4t-r9
2014-10-02 12:09 - 2014-10-02 12:09 - 00002002 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Center.lnk
2014-10-02 12:09 - 2014-10-02 12:09 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-02 12:09 - 2014-10-02 12:09 - 00001413 _____ () C:\Users\Owner-1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-01 19:05 - 2014-10-01 19:05 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\{7510169C-3D9E-45E0-B3C5-2A07F8D0CAC5}
2014-10-01 05:20 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 05:20 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 22:54 - 2014-09-29 22:54 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\{24FF32C3-A238-43DA-AB94-3D6118AD377A}
2014-09-29 16:21 - 2014-09-29 16:21 - 00000000 ____D () C:\Users\Owner-1\Documents\Any Video Converter
2014-09-29 13:03 - 2014-09-29 13:03 - 00000973 _____ () C:\Users\Owner-1\Desktop\Daum Potplayer-64 Bits.lnk
2014-09-29 09:14 - 2014-09-29 09:16 - 00000000 ____D () C:\Users\Owner-1\Desktop\New folder
2014-09-29 09:04 - 2014-09-29 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photosynth
2014-09-29 09:04 - 2014-09-29 09:04 - 00000000 ____D () C:\Program Files (x86)\Photosynth
2014-09-29 07:04 - 2014-09-29 07:04 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\{9B6E8402-CBF0-413E-AFF0-E39525B3B8B7}
2014-09-29 06:52 - 2014-09-29 06:52 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\Microsoft_Corporation
2014-09-29 06:38 - 2014-09-29 06:38 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\Autodesk
2014-09-29 04:18 - 2014-09-29 04:18 - 00000000 ____D () C:\Users\Owner-1\AppData\Roaming\OpenSoftwareUpdater
2014-09-29 04:18 - 2014-09-29 04:18 - 00000000 ____D () C:\Program Files (x86)\grillaprice
2014-09-29 04:16 - 2014-09-29 04:16 - 00000000 _____ () C:\nsw27C6.tmp
2014-09-29 04:16 - 2014-09-29 04:16 - 00000000 _____ () C:\nsr27A6.tmp
2014-09-29 04:07 - 2014-09-29 04:11 - 230403216 _____ (COMODO) C:\Users\Owner-1\Downloads\cispremium_installer_5997_92.exe
2014-09-29 00:27 - 2014-09-29 00:27 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-29 00:22 - 2014-09-29 00:22 - 00001870 _____ () C:\Users\Public\Desktop\Pixlr .lnk
2014-09-29 00:22 - 2014-09-29 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2014-09-29 00:21 - 2014-09-29 00:21 - 00000000 ____D () C:\Program Files (x86)\Autodesk
2014-09-29 00:18 - 2014-09-29 00:18 - 00000000 ____D () C:\Users\Owner-1\AppData\Roaming\Autodesk
2014-09-29 00:18 - 2014-09-29 00:18 - 00000000 ____D () C:\ProgramData\Autodesk
2014-09-29 00:17 - 2014-09-29 00:17 - 00000000 ____D () C:\Autodesk
2014-09-27 03:59 - 2014-09-27 04:01 - 00000000 ____D () C:\Users\Owner-1\Documents\Malware bytes support history complete cases
2014-09-27 03:59 - 2014-09-27 03:59 - 00000000 _____ () C:\Users\Owner-1\Documents\New Text Document.txt
2014-09-26 23:01 - 2014-09-28 11:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-26 23:01 - 2014-09-26 23:01 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-26 22:57 - 2014-09-28 11:03 - 00000000 ____D () C:\Users\Owner-1\Desktop\mbar
2014-09-26 22:28 - 2014-09-30 04:12 - 00000000 ____D () C:\Users\Owner-1\Downloads\portable browsers
2014-09-26 10:35 - 2014-09-26 10:35 - 00000000 ____D () C:\Users\Owner-1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-26 10:27 - 2014-09-26 10:27 - 11846283 _____ () C:\Users\Owner-1\Downloads\oneclick.crx
2014-09-26 10:25 - 2014-10-01 05:43 - 00000000 ____D () C:\Users\Owner-1\Downloads\chrome extension
2014-09-26 08:06 - 2014-09-26 12:37 - 00000000 ____D () C:\Users\Owner-1\Documents\t.  WA law..limitations
2014-09-25 09:51 - 2014-09-25 09:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 08:51 - 2014-09-24 08:51 - 06891512 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_16.mp4
2014-09-24 08:51 - 2014-09-24 08:51 - 02819822 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_13.mp4
2014-09-24 08:51 - 2014-09-24 08:51 - 02739497 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_14.mp4
2014-09-24 08:51 - 2014-09-24 08:51 - 02316650 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_15.mp4
2014-09-24 08:51 - 2014-09-24 08:51 - 01631371 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_12.mp4
2014-09-24 08:51 - 2014-09-24 08:51 - 00950840 _____ () C:\Users\Owner-1\Desktop\1738079_218960804980062_2017555973_n.mp4
2014-09-24 08:49 - 2014-09-24 08:49 - 02736439 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_7(1).mp4
2014-09-24 08:40 - 2014-09-24 08:40 - 06450961 _____ () C:\Users\Owner-1\Desktop\10518475_254095261466616_910788609_n.mp4
2014-09-24 08:40 - 2014-09-24 08:40 - 02188153 _____ () C:\Users\Owner-1\Desktop\10491573_256173664592109_879986958_n.mp4
2014-09-24 08:39 - 2014-09-24 08:39 - 02736439 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_7.mp4
2014-09-24 08:39 - 2014-09-24 08:39 - 01436983 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_8.mp4
2014-09-24 08:37 - 2014-09-24 08:37 - 07552254 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_4.mp4
2014-09-24 08:35 - 2014-09-24 08:35 - 09507406 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_1(1).mp4
2014-09-24 08:34 - 2014-09-24 08:34 - 01392613 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_2(1).mp4
2014-09-24 08:33 - 2014-09-24 08:33 - 09507406 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_1.mp4
2014-09-24 08:33 - 2014-09-24 08:33 - 00499106 _____ () C:\Users\Owner-1\Desktop\10654293_270598823149593_1871693183_n.mp4
2014-09-24 08:29 - 2014-09-24 08:29 - 09507406 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_2.mp4
2014-09-24 08:14 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 08:14 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 23:34 - 2014-09-22 23:34 - 03591820 _____ () C:\Users\Owner-1\Desktop\(99) Facebook_1.mp4
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-17 20:45 - 2014-08-30 06:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-17 20:44 - 2014-06-21 09:40 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1864448044-3865198937-871872176-1005
2014-10-17 20:42 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 20:42 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 20:41 - 2011-12-17 01:42 - 01217971 _____ () C:\Windows\WindowsUpdate.log
2014-10-17 20:38 - 2014-06-03 13:00 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA.job
2014-10-17 20:36 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-17 20:36 - 2009-07-13 21:45 - 00430568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 20:22 - 2013-11-13 20:34 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-17 20:21 - 2013-08-01 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 20:21 - 2013-04-27 01:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-17 20:02 - 2013-05-01 23:01 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 19:37 - 2014-01-06 01:32 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core.job
2014-10-17 19:36 - 2014-01-06 01:32 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA.job
2014-10-16 21:34 - 2014-06-03 13:00 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core.job
2014-10-15 21:04 - 2013-11-25 13:39 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner-1
2014-10-15 21:04 - 2013-11-25 13:39 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner-1.job
2014-10-12 04:26 - 2013-12-05 06:07 - 00000000 ___RD () C:\Users\Owner-1\Dropbox
2014-10-12 00:41 - 2013-11-16 18:57 - 00000000 ____D () C:\Users\Owner-1
2014-10-11 22:59 - 2014-08-27 11:59 - 00000000 ____D () C:\Users\Owner-1\AppData\Roaming\BitTorrent
2014-10-10 20:44 - 2014-02-07 19:25 - 00000000 ____D () C:\Users\Owner-1\Desktop\My Shared Folder
2014-10-10 20:44 - 2013-12-23 00:14 - 00000000 ____D () C:\Users\Owner-1\Games
2014-10-09 15:10 - 2013-11-26 22:36 - 00000000 ____D () C:\Users\Owner-1\AppData\Roaming\Mozilla
2014-10-06 21:07 - 2013-12-01 18:02 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\CrashDumps
2014-10-06 00:20 - 2013-11-16 18:58 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\VirtualStore
2014-10-05 21:42 - 2013-12-23 23:44 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\Last.fm
2014-10-02 12:35 - 2014-04-24 11:26 - 00000000 ___RD () C:\Users\Owner-1\blocklist..host file
2014-10-01 08:53 - 2014-08-27 11:29 - 00000000 ____D () C:\Users\Owner-1\AppData\Roaming\GetPrivate
2014-10-01 05:42 - 2014-08-30 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-01 05:41 - 2014-08-31 06:33 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\Avg
2014-09-29 11:15 - 2013-12-03 06:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-29 04:54 - 2014-09-15 16:56 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-29 04:47 - 2013-11-16 18:58 - 00109920 _____ () C:\Users\Owner-1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-28 21:54 - 2013-04-27 00:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-26 22:57 - 2014-08-29 02:36 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-26 12:38 - 2011-10-14 23:22 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-09-25 08:28 - 2013-04-27 01:27 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-25 08:28 - 2009-07-13 22:08 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-25 06:21 - 2013-04-27 01:27 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-25 06:21 - 2011-10-14 23:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-10 12:19
 
==================== End Of Log ============================

  • 0

#6
devasativa
Posted 17 October 2014 - 09:55 PM

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by Owner-1 at 2014-10-17 20:52:11
Running from C:\Users\Owner-1\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Disabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 2.5.775.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.60928.0618 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 1.00.0000 - AMD) Hidden
AMD Steady Video Plug-In  (Version: 2.07.0000 - AMD) Hidden
AMD System Monitor (HKLM-x32\...\{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}) (Version: 1.0.9 - Advanced Micro Devices, Inc.)
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
Any Video Converter 5.6.4 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Ares 2.2.7 (HKLM-x32\...\Ares) (Version: 2.2.7-Build#3051 - Seekar Ltd)
Autodesk Pixlr (HKLM-x32\...\Autodesk Pixlr) (Version: 1.0.2.0 - Autodesk)
Autodesk Pixlr (x32 Version: 1.0.2.0 - Autodesk) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4040 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.519 - AVG) Hidden
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 3.2.0.15 - AVG Technologies)
Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version:  - )
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.2.34312 - BitTorrent Inc.)
Blio (HKLM-x32\...\{0361F83A-9DFC-483F-BC9E-7A73170612EA}) (Version: 3.3.9721 - K-NFB Reading Technology, Inc.)
Boost (HKCU\...\Boost 1.0.2) (Version: 1.0.2 - Reason Software Company Inc.)
Boost (Version: 1.0.2 - Reason Software Company Inc.) Hidden
Broken Age (HKLM-x32\...\Broken Age_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5822 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5822 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dragonboard 0.9 (HKLM-x32\...\Dragonboard_is1) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
DVDFab 9.1.5.9 (25/07/2014) (HKLM-x32\...\DVDFab 9 US_is1) (Version:  - Fengtao Software Inc.)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
grillaprice (HKLM-x32\...\grillaprice) (Version:  - )
HP Application Assistant (HKLM\...\{0CE7EBAF-157D-4111-9146-057CB2A4023E}) (Version: 1.1.466.3970 - Hewlett-Packard)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{BC6CB499-9F29-4B41-8B8B-FA7248525256}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Launch Box (HKLM\...\{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}) (Version: 1.0.12 - Hewlett-Packard Company)
HP MovieStore (x32 Version: 2.1.091 - Hewlett-Packard) Hidden
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}) (Version: 3.1.1.10197 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15076.3891 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6466.0 - IDT)
Jewel Quest Mysteries 4 – The Oracle of Ur Collector’s Edition (HKLM-x32\...\{4B61EB17-1D01-49CA-A802-7DDB8E8C2960}_is1) (Version:  - FRGames)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kabloom (HKLM-x32\...\Kabloom_is1) (Version:  - DigiPen (USA) Corp.)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.1.3000 - Maxthon International Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Image Composite Editor (HKLM\...\{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}) (Version: 1.4.4 - Microsoft Corporation)
Microsoft Research Cliplets (HKLM\...\{A4DA1935-2F04-4AFF-BE48-085CCC7BD0CB}) (Version: 1.1.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystic Palace Slots HD (HKLM-x32\...\{0B8F985B-260F-465A-B4C7-2C68F1DED218}_is1) (Version:  - FRGames)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Photosynth 2.0114.0807.1507 (HKLM-x32\...\{7799F944-C219-4F7B-8A41-8B8F38DA4D69}) (Version: 3.0114.0807.1507 - Microsoft)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picasa Web Albums Live Publisher (HKLM-x32\...\{5B7F33B3-C72C-4408-8AF9-B855775F51DB}) (Version: 2.4.0 - PicasaWebPublisher)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Daum Communications Corp.)
Publish to Photo Frame (HKLM-x32\...\{AD30EBFD-3F8A-491F-8C42-90BD51D7A2B9}) (Version: 1.0.1.0 - Roger Lipscombe)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 17.0.11 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.10 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.85.423.2014 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.11.0706 - REALTEK Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Runeshift (HKLM-x32\...\Runeshift_is1) (Version:  - DigiPen Institute of Technology)
Scanner Mouse (HKLM-x32\...\{5BFED7F5-6423-49AC-82C4-A4648347AC0B}) (Version: 1.7.1 - Dacuda)
Should I Remove It (HKCU\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SlimCleaner (HKLM-x32\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
SlimComputer (HKLM-x32\...\{574BF026-4487-4051-BCE5-83C4E40AAF6D}) (Version: 1.3.30878 - SlimWare Utilities, Inc.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.11.0 - Synaptics Incorporated)
Unfolding Tale 1.0 (HKLM-x32\...\{C6B7023C-2EE6-45A4-9670-4549D9829DD0}_is1) (Version:  - DigiPen Institute of Technology)
Unity (HKLM-x32\...\Unity) (Version:  - Unity Technologies ApS)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Screensaver 1.0 (HKLM-x32\...\Video Screensaver) (Version: 1.0 - rodflash.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - %HP%  (HKLM\...\D8A96622E135715AED5E5B6001904E8687BD9996) (Version:  - %HP%)
Windows Driver Package - KEYLOK (usbkey) USB  (06/10/2010 64.0.0.0) (HKLM\...\B048A6D4B0188E5A802ADFF30A7C78FA4AD99BE0) (Version: 06/10/2010 64.0.0.0 - KEYLOK)
Windows Driver Package - Microcomputer Applications, Inc. (usbkey) USB  (06/10/2010 32.0.0.0) (HKLM\...\A3870D6BEDDC4A8FF6622FE720C457528EFAA4F3) (Version: 06/10/2010 32.0.0.0 - Microcomputer Applications, Inc.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WMS Slots – Jungle Wild (HKLM-x32\...\{25F3B08A-F579-40E8-A8D8-42D7AFD93F18}_is1) (Version:  - FRGames)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner-1\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1864448044-3865198937-871872176-1005_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner-1\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
15-09-2014 23:59:23 Installed SpyHunter
25-09-2014 10:00:36 Windows Update
29-09-2014 11:52:20 Removed SpyHunter
29-09-2014 14:36:33 Installed Photosynth 2.0114.0807.1507
01-10-2014 12:21:13 Windows Update
02-10-2014 10:00:24 Windows Update
18-10-2014 03:01:05 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-09-15 17:17 - 2014-09-15 17:17 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {00AA0A06-BAEF-463E-96F6-53B56CD3473A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core => C:\Users\Owner-1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-06] (Facebook Inc.)
Task: {0965CFEF-3D79-4871-9955-98775C3AB2C5} - System32\Tasks\HPCeeScheduleForOwner-1 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {09D4AB3B-6963-4149-B965-807FB22C1E51} - System32\Tasks\SlimComputer Run => C:\Program Files (x86)\SlimComputer\SlimComputer.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {0F6E6DB3-74B7-45C6-A55D-73D6E9839AEC} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {20E8DD6B-05F3-4CA5-ABA5-11C9DB6595BD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {2200C973-068D-4F04-9F56-9403C4A12F5C} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe
Task: {29961242-5F94-483F-AF7E-22F0EB4E282B} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon3\Bin\mxup.exe [2014-05-13] (Maxthon International ltd.)
Task: {2D5BF65F-872E-4126-A8B9-29D5F9CAD744} - System32\Tasks\{7BAABC9C-7086-4FA4-BDE5-681BD8017B19} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {34EEF022-C248-430D-AA8C-A379F5839F30} - System32\Tasks\DSite => C:\Users\PHILLI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {453CB1F1-50C5-45BE-90A6-0E281D18EA88} - System32\Tasks\{E6FA3439-D03E-474A-A864-54E7CEA93455} => C:\Users\Owner-1\Games\___ARESTRA___igt slots wolf run.exe [2014-07-30] ()
Task: {4AA3FA1F-DAAB-4BE0-8531-95ADCB8864B8} - System32\Tasks\{1609BA14-0FED-442D-9170-C04C15F981C5} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {4BE397D8-DE03-4ACA-AB32-0AA58EA4A8FB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA => C:\Users\Owner-1\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-03] (Google Inc.)
Task: {4D4FC430-FBD7-4CB5-BA1A-C4207460695B} - System32\Tasks\Boost => C:\Users\Owner-1\AppData\Roaming\Reason\Boost\boost.exe [2013-11-22] (Reason Software Company Inc.)
Task: {5B5E5C6B-01D4-4474-B251-9095C6E5BADA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA => C:\Users\Owner-1\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-01-06] (Facebook Inc.)
Task: {611C38DE-97FF-49D4-A9B3-014C23B446FF} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1864448044-3865198937-871872176-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {67563A5F-B8E1-4EC0-9A11-4E06F45E2861} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-25] (CyberLink)
Task: {6967B603-BB21-4D09-A0C6-531FFF109B10} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-13] (Google Inc.)
Task: {7347B9F7-96F7-47E2-B8CC-95E149C4AD06} - System32\Tasks\{0F7B7E08-1DD9-4AE5-9A9A-08CDDDCD1169} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {7757AC86-3751-4137-8B89-2C6AE04D6990} - System32\Tasks\{11C396B0-D4A0-46CB-A841-EFD6AD7715E4} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {776036F3-5981-44E5-90B4-F14BC339A538} - System32\Tasks\{F3CF654F-0598-47BA-88A3-91DE7AA6C1A3} => C:\Users\Owner-1\Games\___ARESTRA___igt slots wolf run.exe [2014-07-30] ()
Task: {7993C8AC-4D96-4B41-AA9B-9A93722F817C} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24] (SlimWare Utilities, Inc.)
Task: {86164C3A-3BEE-4319-8FF8-8BC1C871601E} - \DealPly No Task File <==== ATTENTION
Task: {8D901B83-99E7-445F-A4FC-AA4A363DCD00} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25] (Adobe Systems Incorporated)
Task: {92A651FB-72ED-4AA0-A27E-201636D45098} - System32\Tasks\{97E5E8F8-2B69-462C-905E-D5975B48C1FB} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {98F36AF1-1521-4480-A1C8-029BE73373AD} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1864448044-3865198937-871872176-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-06-10] (RealNetworks, Inc.)
Task: {A3FE437A-04E8-4EAC-BBD4-91412668C9A2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1864448044-3865198937-871872176-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {A9399806-F1EC-4110-9B25-B0C5E4E8C01A} - System32\Tasks\{3D9E1804-6740-4300-B671-3239C524921F} => C:\Users\Owner-1\Games\___ARESTRA___igt slots wolf run.exe [2014-07-30] ()
Task: {A9B162E8-7334-4507-889D-02A48EA70D6E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1864448044-3865198937-871872176-1005 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {AA56A0A1-1607-4C53-906B-EDF4C01202AC} - System32\Tasks\ShouldIRemoveIt => C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe [2013-12-09] (Reason Software Company Inc.)
Task: {B10A56D0-D5AF-453A-9F73-107707E63C56} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1864448044-3865198937-871872176-1002 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-06-10] (RealNetworks, Inc.)
Task: {B4F67FF7-7B79-4AA4-B0B2-2D959B2FA535} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core => C:\Users\Owner-1\AppData\Local\Google\Update\GoogleUpdate.exe [2014-06-03] (Google Inc.)
Task: {BB92E39A-CAED-48B3-AC51-1C462331E487} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-13] (Google Inc.)
Task: {C215F820-9A4A-4644-993C-720E18C22DB2} - System32\Tasks\{E0A18E8D-F885-4A82-9916-54CFB5E9046C} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {CA837510-E02D-4FCD-B12D-19E8501EC27D} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {DBEB3027-1751-482A-92B8-1444A515378C} - System32\Tasks\{1B7F23FC-C788-4D5A-AE59-92D5BA290952} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {E91AAA25-BB5E-4F0A-A79D-8DE59E869F03} - System32\Tasks\{42A1BE7E-6CCD-4E7E-8C4A-4EB2ABC124B8} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {E93F201D-E8A9-488C-BBCC-F6DBFC28F04B} - System32\Tasks\{82994078-CC11-4AC2-8DC3-2C19C579B5E9} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {EAE3F7D8-A662-4AB8-946C-C4B764C14EA8} - System32\Tasks\{1D7A61D8-B204-4C03-9D41-8731703E7E05} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {F3614D0C-CD89-471C-B6E0-230FA1BE8784} - System32\Tasks\{345E4FE0-B690-4458-BE6A-E2AC593605B9} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {F50E9488-DB86-48E3-9DB1-25D0A03675CD} - System32\Tasks\{F10006ED-B251-4972-840E-25EDFDDCD041} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {F88EF904-D938-4F00-A37C-1EC7A5247F44} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core.job => C:\Users\Owner-1\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA.job => C:\Users\Owner-1\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core.job => C:\Users\Owner-1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA.job => C:\Users\Owner-1\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOwner-1.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\ShouldIRemoveIt.job => C:\Program Files (x86)\Reason\Should I Remove It\ShouldIRemoveIt.exe
Task: C:\Windows\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-09-16 01:00 - 2014-09-16 01:00 - 00427008 _____ () C:\Program Files (x86)\grillaprice\grillaprice.exe
2014-09-01 08:34 - 2014-09-05 23:14 - 02680344 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2014-09-01 08:34 - 2014-09-01 08:34 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\log4cplusU.dll
2014-05-21 07:55 - 2013-11-17 18:18 - 00258944 _____ () C:\Program Files (x86)\Maxthon3\bin\Maxzlib.dll
2014-05-21 07:55 - 2013-11-17 18:18 - 00258944 _____ () C:\Program Files (x86)\Maxthon3\Bin\maxzlib.dll
2014-07-29 00:13 - 2014-05-28 19:40 - 00247096 _____ () C:\Program Files (x86)\Maxthon3\Addons\Mobile\MxMobile.dll
2014-05-21 07:55 - 2013-11-20 23:37 - 00887064 _____ () C:\Program Files (x86)\Maxthon3\Core\Webkit\libglesv2.dll
2014-05-21 07:55 - 2013-11-20 23:37 - 00109336 _____ () C:\Program Files (x86)\Maxthon3\Core\Webkit\libegl.dll
2014-07-29 00:13 - 2013-11-20 23:37 - 02128152 _____ () C:\Program Files (x86)\Maxthon3\Core\Webkit\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 3
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1864448044-3865198937-871872176-500 - Administrator - Disabled)
Guest (S-1-5-21-1864448044-3865198937-871872176-501 - Limited - Enabled) => C:\Users\Guest
Owner-1 (S-1-5-21-1864448044-3865198937-871872176-1005 - Administrator - Enabled) => C:\Users\Owner-1
 
==================== Faulty Device Manager Devices =============
 
Name: AntiLog32
Description: AntiLog32
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AntiLog32
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/17/2014 08:39:38 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: 
 
Error: (10/17/2014 08:37:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/17/2014 08:29:06 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description: 
 
Error: (10/17/2014 08:23:07 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description: 
 
Error: (10/17/2014 08:20:54 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: 
 
Error: (10/17/2014 07:36:46 PM) (Source: Google Update) (EventID: 20) (User: DPLACE)
Description: Network Request Error.
Error: 0x80072f78. Http status code: 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13081;, bypass=<-loopback>.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13081;, bypa
 
Error: (10/16/2014 09:34:07 PM) (Source: Google Update) (EventID: 20) (User: DPLACE)
Description: Network Request Error.
Error: 0x80072f78. Http status code: 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13081;, bypass=<-loopback>.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13081;, bypa
 
Error: (10/16/2014 00:35:20 PM) (Source: Google Update) (EventID: 20) (User: DPLACE)
Description: Network Request Error.
Error: 0x80072f78. Http status code: 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13081;, bypass=<-loopback>.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13081;, bypa
 
Error: (10/15/2014 07:27:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/15/2014 07:27:30 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: 
 
 
System errors:
=============
Error: (10/17/2014 08:53:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
Error: (10/17/2014 08:53:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
Error: (10/17/2014 08:53:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
Error: (10/17/2014 08:51:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
Error: (10/17/2014 08:51:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
Error: (10/17/2014 08:51:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
Error: (10/17/2014 08:46:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
Error: (10/17/2014 08:46:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
Error: (10/17/2014 08:46:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
Error: (10/17/2014 08:44:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office Sessions:
=========================
Error: (10/17/2014 08:39:38 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: 
 
Error: (10/17/2014 08:37:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/17/2014 08:29:06 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description: 
 
Error: (10/17/2014 08:23:07 PM) (Source: PerfNet) (EventID: 2006) (User: )
Description: 
 
Error: (10/17/2014 08:20:54 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: 
 
Error: (10/17/2014 07:36:46 PM) (Source: Google Update) (EventID: 20) (User: DPLACE)
Description: Network Request Error.
Error: 0x80072f78. Http status code: 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13081;, bypass=<-loopback>.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13081;, bypa
 
Error: (10/16/2014 09:34:07 PM) (Source: Google Update) (EventID: 20) (User: DPLACE)
Description: Network Request Error.
Error: 0x80072f78. Http status code: 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13081;, bypass=<-loopback>.
trying CUP:WinHTTP.
Send request returned 0x80072efe. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13081;, bypa
 
Error: (10/16/2014 00:35:20 PM) (Source: Google Update) (EventID: 20) (User: DPLACE)
Description: Network Request Error.
Error: 0x80072f78. Http status code: 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13081;, bypass=<-loopback>.
trying CUP:WinHTTP.
Send request returned 0x80072f78. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, named proxy=http=127.0.0.1:13081;, bypa
 
Error: (10/15/2014 07:27:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/15/2014 07:27:30 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description: 
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-3420M APU with Radeon™ HD Graphics
Percentage of memory in use: 62%
Total physical RAM: 3561.41 MB
Available physical RAM: 1324.1 MB
Total Pagefile: 7120.99 MB
Available Pagefile: 5068.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:441.65 GB) (Free:82.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.95 GB) (Free:15.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.96 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 895A24CC)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=441.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
 
==================== End Of Log ============================

  • 0

#7
devasativa
Posted 17 October 2014 - 10:01 PM

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

Also, the windows update was allowed, apparantly, however, I now show an animated windows starting screen before the  Welcome7 home premium screen..this is a recent change.there is no longer the screen when windows shuts down improperly with options nor is ck disc allowed apparantly.  I did not check it today..nothing extra.  Awaiting your further binstructions.  I am forever grateful for your time and help.


  • 0

#8
dbreeze
Posted 18 October 2014 - 12:40 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
There is one scan that either did not get processed or posted.  I would like to see the Farbar Service Scanner report, please.

Please download Farbar Service Scanner to your desktop and double click on the file to run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#9
devasativa
Posted 18 October 2014 - 01:39 PM

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Farbar Service Scanner Version: 21-07-2014
Ran by Owner-1 (administrator) on 18-10-2014 at 12:38:00
Running from "C:\Users\Owner-1\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#10
dbreeze
Posted 19 October 2014 - 02:10 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts
Hi devasativa,

Thanks for the logs so far. We can get started cleaning with the logs you have provided so far.

First, a warning >>>>
 

:upset: :upset: :upset: ALERT!!! P2P WARNING ALERT!!! :upset: :upset: :upset:



You have a P2P / file sharing application on your system!! While this may not be a surprize to you (most likely installed by you or another user on the system) and the file sharing application itself may be safe, the files shared could be a little more than you hoped for. File sharing has been shown to be a major source for trojans, virii, worms and webbot attacks to spread on the internet. There are exploits in file sharing software that can be used to compromise your system and personal information. You may be sharing a lot more than just a little bandwidth to 'help the community share' information.

Geeks to Go recommends that you uninstall your P2P software; you have to have open pathways (network ports) in and out of your system and you could be helping to move illegal files (copyrighted material (software, movies, video, etc.) even if you don't 'download' them yourself.

If you choose to keep your P2P program installed, I must ask that you de-activate / shutdown the software and not use it until the cleaning of your system is done.

Application to uninstall: BitTorrent

Need more info? Read these:Second, A Manual Uninstall

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

gillaprice
BitTorrent (if you decided to uninstall it)

To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


Third, FRST Fix script

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt




start
CloseProcesses:
HKU\S-1-5-21-1864448044-3865198937-871872176-1005\...\MountPoints2: {4263272e-3bbf-11e4-afdd-ec9a74573b2c} - G:\VM_Universal_Installer2-0-2.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...0325AS_5VENN5AH
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...0325AS_5VENN5AH
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123...0325AS_5VENN5AH
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...0325AS_5VENN5AH
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123...q={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123...q={searchTerms}
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istart123.xml
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istart123.xml
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Locked "GrillaPrice" service was unlocked successfully. <===== ATTENTION
R2 GrillaPrice; C:\Program Files (x86)\grillaprice\grillaprice.exe [427008 2014-09-16] () [File not signed]
S1 AntiLog32; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
Task: {2D5BF65F-872E-4126-A8B9-29D5F9CAD744} - System32\Tasks\{7BAABC9C-7086-4FA4-BDE5-681BD8017B19} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {34EEF022-C248-430D-AA8C-A379F5839F30} - System32\Tasks\DSite => C:\Users\PHILLI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {453CB1F1-50C5-45BE-90A6-0E281D18EA88} - System32\Tasks\{E6FA3439-D03E-474A-A864-54E7CEA93455} => C:\Users\Owner-1\Games\___ARESTRA___igt slots wolf run.exe [2014-07-30] ()
Task: {4AA3FA1F-DAAB-4BE0-8531-95ADCB8864B8} - System32\Tasks\{1609BA14-0FED-442D-9170-C04C15F981C5} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {7347B9F7-96F7-47E2-B8CC-95E149C4AD06} - System32\Tasks\{0F7B7E08-1DD9-4AE5-9A9A-08CDDDCD1169} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {7757AC86-3751-4137-8B89-2C6AE04D6990} - System32\Tasks\{11C396B0-D4A0-46CB-A841-EFD6AD7715E4} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {776036F3-5981-44E5-90B4-F14BC339A538} - System32\Tasks\{F3CF654F-0598-47BA-88A3-91DE7AA6C1A3} => C:\Users\Owner-1\Games\___ARESTRA___igt slots wolf run.exe [2014-07-30] ()
Task: {86164C3A-3BEE-4319-8FF8-8BC1C871601E} - \DealPly No Task File <==== ATTENTION
Task: {92A651FB-72ED-4AA0-A27E-201636D45098} - System32\Tasks\{97E5E8F8-2B69-462C-905E-D5975B48C1FB} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {A9399806-F1EC-4110-9B25-B0C5E4E8C01A} - System32\Tasks\{3D9E1804-6740-4300-B671-3239C524921F} => C:\Users\Owner-1\Games\___ARESTRA___igt slots wolf run.exe [2014-07-30] ()
Task: {C215F820-9A4A-4644-993C-720E18C22DB2} - System32\Tasks\{E0A18E8D-F885-4A82-9916-54CFB5E9046C} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {CA837510-E02D-4FCD-B12D-19E8501EC27D} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {DBEB3027-1751-482A-92B8-1444A515378C} - System32\Tasks\{1B7F23FC-C788-4D5A-AE59-92D5BA290952} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {E91AAA25-BB5E-4F0A-A79D-8DE59E869F03} - System32\Tasks\{42A1BE7E-6CCD-4E7E-8C4A-4EB2ABC124B8} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {E93F201D-E8A9-488C-BBCC-F6DBFC28F04B} - System32\Tasks\{82994078-CC11-4AC2-8DC3-2C19C579B5E9} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {EAE3F7D8-A662-4AB8-946C-C4B764C14EA8} - System32\Tasks\{1D7A61D8-B204-4C03-9D41-8731703E7E05} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {F3614D0C-CD89-471C-B6E0-230FA1BE8784} - System32\Tasks\{345E4FE0-B690-4458-BE6A-E2AC593605B9} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {F50E9488-DB86-48E3-9DB1-25D0A03675CD} - System32\Tasks\{F10006ED-B251-4972-840E-25EDFDDCD041} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
2014-10-10 20:51 - 2014-10-10 20:51 - 00002982 _____ () C:\Windows\System32\Tasks\{F3CF654F-0598-47BA-88A3-91DE7AA6C1A3}
2014-10-10 20:51 - 2014-10-10 20:51 - 00002982 _____ () C:\Windows\System32\Tasks\{E6FA3439-D03E-474A-A864-54E7CEA93455}
2014-10-10 20:51 - 2014-10-10 20:51 - 00002982 _____ () C:\Windows\System32\Tasks\{3D9E1804-6740-4300-B671-3239C524921F}
2014-10-10 20:51 - 2014-10-10 20:51 - 00002956 _____ () C:\Windows\System32\Tasks\{11C396B0-D4A0-46CB-A841-EFD6AD7715E4}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{F10006ED-B251-4972-840E-25EDFDDCD041}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{E0A18E8D-F885-4A82-9916-54CFB5E9046C}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{97E5E8F8-2B69-462C-905E-D5975B48C1FB}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{82994078-CC11-4AC2-8DC3-2C19C579B5E9}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{42A1BE7E-6CCD-4E7E-8C4A-4EB2ABC124B8}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{345E4FE0-B690-4458-BE6A-E2AC593605B9}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{1D7A61D8-B204-4C03-9D41-8731703E7E05}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{1B7F23FC-C788-4D5A-AE59-92D5BA290952}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{1609BA14-0FED-442D-9170-C04C15F981C5}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{0F7B7E08-1DD9-4AE5-9A9A-08CDDDCD1169}
2014-09-29 04:18 - 2014-09-29 04:18 - 00000000 ____D () C:\Program Files (x86)\grillaprice
EmptyTemp:
end


NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Fourth, a Fresh FRST scan
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
Things to Let me see next
  • What you decided about BitTorrent
  • Were the uninstalls successful and what did you uninstall
  • The Fixlog.txt log file
  • The fresh FRST scan log
  • How is your system running now? Any questions you have so far?

  • 0

Advertisements

#11
devasativa
Posted 20 October 2014 - 01:47 PM

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

When I attempt to remove grillaprice on remove programs, it opens a browser window with a program remover tool.  avg says this tool is a malicious file, thus I have been stumped at how to proceed with that removal.Removing bit torrent.


Edited by devasativa, 20 October 2014 - 01:51 PM.

  • 0

#12
dbreeze
Posted 20 October 2014 - 01:57 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

If you haven't done the rest of the post (the Fixlist and FRST scan) then please hold off for a bit as I am getting some advise on the 'grillaprice' issue.  Will be back asap.


  • 0

#13
dbreeze
Posted 20 October 2014 - 02:37 PM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Please boot into Safe Mode and try the uninstall of grillaprice from that mode. 

 

To get into Safe Mode, follow these steps:

 

If the PC is booted (running) then shut down (power off) the system as you normally would.

 

Start the system back up and start tapping the F8 key until you see the Advanced Boot Options menu appear.

 

Use you arrow keys to highlight Safe Mode and press ENTER.

 

Win7AdvBootOpts_zpsaf860abf.png

 

Once in Safe Mode, please try the uninstall there.  If there is no problem then reboot the machine and continue on with the cleaning post (run the Fixlist and FRST scan).  If there is still a problem with the uninstall, reboot the system and come back here to let me know about the problem.  Either way, whether the uninstall happens or not, you should reboot the system into normal mode.


  • 0

#14
devasativa
Posted 20 October 2014 - 04:01 PM

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

Unsuccessful in grilla price in safe mode.  Issue remains, browser attempted to open tool removal page.


  • 0

#15
devasativa
Posted 20 October 2014 - 04:07 PM

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts

http://microsoft.com...2_0918......the page here keeps opening in internet explorer clain a high risk security issue..opens auto,matically..thjis time it said it was going to gorilla price then redirected here, instructing me to call an 800# immediately or dire consequenses could happen if neglected...is this authentic?


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP