Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

  • This topic is locked This topic is locked

#16
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
I just turned on my computer and got yet another "alert"..I am including saved webpage for your analysis/opinion .  I am leaving computer off exept to periodically check for your hep responses.  Thanks again..i tried to attach html ...I guess that may be dangerous as is not allowed..this one was vinking virus alert..scareware, I am thinking if not ransomeware..closed window but saved page..is this a bad move?

Attached Thumbnails

  • bottom2.png
  • warning2.png
  • windows-firewall.png

Edited by devasativa, 20 October 2014 - 05:29 PM.

  • 0

Advertisements


#17
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Thank you for keeping me updated. I believe that this will get us back in control of your system.

First, Backup the registry
  • Please download Registry Backup from here.
  • Double click to run the installer; even though there is no 'foistware' installed with this program, as good practice, you should read all the instructions on every screen of the install.
  • If you let it, the install put a shortcut to the program on your desktop; either click on this or goto START > All Programs > Tweaking.com > Registry Backup > Tweaking.com - Registry Backup to start the program. Click Yes in reply to the User Account Control if it asks.
  • Please leave the backup storage setting at the default (if anything happens, I can tell you how to get there and restore the registry as this location is the same on every system).
  • Click on Backup Now to start the backup process; a progress window will open and show you the status of the backup. When complete, the program will state Successful and you can close the program.
Second, download Runassystem.exe

Download Runassystem.zip from here to your desktop.
Right click on the file and select Extract All. In the Windows box that opens, browse or select the desktop (this should be the default location as that is where the file is). If AVG warns you about the file or deletes it, then disable AVG for 30 minutes.


Third, Run the Fixlist script as a System level

If you do not have FRST64.exe on the desktop, please download it from here. Farbar Recovery Scan Tool 64bit

Download the attached Fixlist.txt file to the desktop. Attached File  Fixlist.txt   7.09KB   210 downloads

You should now have three files on your desktop for this to work:
FRST64.exe
Fixlist.txt
Runassystem.exe

Double click on the Runassystem icon to start the program. Accept the UAC if prompted.
Click on the Browse button and navigate to Desktop, select FRST64.exe and click Open.
Click OK to start FRST64.
IF the program updates itself (FRST will inform you of the update and download it for you) please close FRST64 and restart it from Runassystem.exe.
Once FRST64 is loaded and ready to run, click on the Fix button. FRST will load the Fixlist script and run the commands in it. Your desktop will close and the system should reboot itself. Once the system is loaded again, FRST will produce a log named Fixlog.txt. Please post that here for review.


Fourth, Run a fresh FRST scan

We don't need to run this via Runassystem.exe; just run this as you did normally.
  • Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • If an update is available, the program will inform you and download the update. Allow it do this please.
  • Please check the Addition.txt in the Optional Scans section.
  • Press the Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The tool will generate another log (Addition.txt - also located in the same directory as FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Information to reply back with
  • Registry Backup go OK? (If it didn't don't do any thing else; just inform us here)
  • The Fixlog.txt log file.
  • The FRST.txt log file you just made.
  • The Addition.txt log file you just made.
  • How is you system running now? Did the Fake alert stop?

  • 0

#18
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Still waiting to hear on gorillaprice, but did want to say, every time auto open of internet explorer, the first opening always says,"cpvdr.com..then redirects to some scare with 800 #..do you think gorilla price is causing this behavior? I am still holding on next malware steps for your go ahead.
  • 0

#19
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Forget about manually uninstalling grillaprice / gorillaprice; the malware has been changed to prevent manual removal.  Please run the steps in post #17.  Thank you.


  • 0

#20
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
registry backup not taking volume snapshot..ok to use "fallback method"?
  • 0

#21
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
It might take awhile for the Volume Snapshot to happen (sometimes 3 or 4 minutes) but if it never works then it is ok to use Fallback Method.
  • 0

#22
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
please disreguard last post.backup sucessfull..proceeding as instructed.
  • 0

#23
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Cool   :spoton:


  • 0

#24
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
your instructions have disappeared last posting I now show is your # 13...I did run the 3 programs as indicated but system did not re-boot should I boot manually?
  • 0

#25
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
ok..crazy, but your posts are back now!!..manual reboot?
  • 0

Advertisements


#26
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts
Did the desktop disappear? Give it awhile and then reboot the system. We do need the logs though. Thanks.
  • 0

#27
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
ok..cleared history and cache and now viewing posts correctly..So..I have rebooted system but am unsure whether tool completed its tasks. should I now submit logs and continue #18?
  • 0

#28
dbreeze

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,213 posts

Yes


  • 0

#29
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-10-2014
Ran by SYSTEM at 2014-10-22 15:47:59 Run:1
Running from C:\Users\Owner-1\Desktop
Loaded Profile: Owner-1 (Available profiles: Owner-1 & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-1864448044-3865198937-871872176-1005\...\MountPoints2: {4263272e-3bbf-11e4-afdd-ec9a74573b2c} - G:\VM_Universal_Installer2-0-2.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...0325AS_5VENN5AH
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...0325AS_5VENN5AH
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istart123...0325AS_5VENN5AH
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istart123...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...0325AS_5VENN5AH
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123...q={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPNTDF
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.istart123...q={searchTerms}
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istart123.xml
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istart123.xml
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Locked "GrillaPrice" service was unlocked successfully. <===== ATTENTION
R2 GrillaPrice; C:\Program Files (x86)\grillaprice\grillaprice.exe [427008 2014-09-16] () [File not signed]
S1 AntiLog32; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
Task: {2D5BF65F-872E-4126-A8B9-29D5F9CAD744} - System32\Tasks\{7BAABC9C-7086-4FA4-BDE5-681BD8017B19} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {34EEF022-C248-430D-AA8C-A379F5839F30} - System32\Tasks\DSite => C:\Users\PHILLI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {453CB1F1-50C5-45BE-90A6-0E281D18EA88} - System32\Tasks\{E6FA3439-D03E-474A-A864-54E7CEA93455} => C:\Users\Owner-1\Games\___ARESTRA___igt slots wolf run.exe [2014-07-30] ()
Task: {4AA3FA1F-DAAB-4BE0-8531-95ADCB8864B8} - System32\Tasks\{1609BA14-0FED-442D-9170-C04C15F981C5} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {7347B9F7-96F7-47E2-B8CC-95E149C4AD06} - System32\Tasks\{0F7B7E08-1DD9-4AE5-9A9A-08CDDDCD1169} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {7757AC86-3751-4137-8B89-2C6AE04D6990} - System32\Tasks\{11C396B0-D4A0-46CB-A841-EFD6AD7715E4} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {776036F3-5981-44E5-90B4-F14BC339A538} - System32\Tasks\{F3CF654F-0598-47BA-88A3-91DE7AA6C1A3} => C:\Users\Owner-1\Games\___ARESTRA___igt slots wolf run.exe [2014-07-30] ()
Task: {86164C3A-3BEE-4319-8FF8-8BC1C871601E} - \DealPly No Task File <==== ATTENTION
Task: {92A651FB-72ED-4AA0-A27E-201636D45098} - System32\Tasks\{97E5E8F8-2B69-462C-905E-D5975B48C1FB} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {A9399806-F1EC-4110-9B25-B0C5E4E8C01A} - System32\Tasks\{3D9E1804-6740-4300-B671-3239C524921F} => C:\Users\Owner-1\Games\___ARESTRA___igt slots wolf run.exe [2014-07-30] ()
Task: {C215F820-9A4A-4644-993C-720E18C22DB2} - System32\Tasks\{E0A18E8D-F885-4A82-9916-54CFB5E9046C} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {CA837510-E02D-4FCD-B12D-19E8501EC27D} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {DBEB3027-1751-482A-92B8-1444A515378C} - System32\Tasks\{1B7F23FC-C788-4D5A-AE59-92D5BA290952} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {E91AAA25-BB5E-4F0A-A79D-8DE59E869F03} - System32\Tasks\{42A1BE7E-6CCD-4E7E-8C4A-4EB2ABC124B8} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {E93F201D-E8A9-488C-BBCC-F6DBFC28F04B} - System32\Tasks\{82994078-CC11-4AC2-8DC3-2C19C579B5E9} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {EAE3F7D8-A662-4AB8-946C-C4B764C14EA8} - System32\Tasks\{1D7A61D8-B204-4C03-9D41-8731703E7E05} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {F3614D0C-CD89-471C-B6E0-230FA1BE8784} - System32\Tasks\{345E4FE0-B690-4458-BE6A-E2AC593605B9} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
Task: {F50E9488-DB86-48E3-9DB1-25D0A03675CD} - System32\Tasks\{F10006ED-B251-4972-840E-25EDFDDCD041} => C:\Users\Owner-1\Games\___ARESTRA___setup.exe [2014-07-30] ()
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
2014-10-10 20:51 - 2014-10-10 20:51 - 00002982 _____ () C:\Windows\System32\Tasks\{F3CF654F-0598-47BA-88A3-91DE7AA6C1A3}
2014-10-10 20:51 - 2014-10-10 20:51 - 00002982 _____ () C:\Windows\System32\Tasks\{E6FA3439-D03E-474A-A864-54E7CEA93455}
2014-10-10 20:51 - 2014-10-10 20:51 - 00002982 _____ () C:\Windows\System32\Tasks\{3D9E1804-6740-4300-B671-3239C524921F}
2014-10-10 20:51 - 2014-10-10 20:51 - 00002956 _____ () C:\Windows\System32\Tasks\{11C396B0-D4A0-46CB-A841-EFD6AD7715E4}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{F10006ED-B251-4972-840E-25EDFDDCD041}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{E0A18E8D-F885-4A82-9916-54CFB5E9046C}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{97E5E8F8-2B69-462C-905E-D5975B48C1FB}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{82994078-CC11-4AC2-8DC3-2C19C579B5E9}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{42A1BE7E-6CCD-4E7E-8C4A-4EB2ABC124B8}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{345E4FE0-B690-4458-BE6A-E2AC593605B9}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{1D7A61D8-B204-4C03-9D41-8731703E7E05}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{1B7F23FC-C788-4D5A-AE59-92D5BA290952}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{1609BA14-0FED-442D-9170-C04C15F981C5}
2014-10-10 20:48 - 2014-10-10 20:48 - 00002956 _____ () C:\Windows\System32\Tasks\{0F7B7E08-1DD9-4AE5-9A9A-08CDDDCD1169}
2014-09-29 04:18 - 2014-09-29 04:18 - 00000000 ____D () C:\Program Files (x86)\grillaprice
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\grillaprice" /F
EmptyTemp:
end

*****************

Processes closed successfully.
"HKU\S-1-5-21-1864448044-3865198937-871872176-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4263272e-3bbf-11e4-afdd-ec9a74573b2c}" => Key deleted successfully.
"HKCR\CLSID\{4263272e-3bbf-11e4-afdd-ec9a74573b2c}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => Key deleted successfully.
"HKCR\CLSID\{c8d5d964-2be8-4c5b-8cf5-6e975aa88504}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istart123.xml => Moved successfully.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istart123.xml" => File/Directory not found.
"HKCU\SOFTWARE\Policies\Google" => Key not found.
Locked "GrillaPrice" service was unlocked successfully. <===== ATTENTION => Error: No automatic fix found for this entry.
GrillaPrice => Unable to stop service
GrillaPrice => Service deleted successfully.
AntiLog32 => Service deleted successfully.
esgiguard => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D5BF65F-872E-4126-A8B9-29D5F9CAD744}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D5BF65F-872E-4126-A8B9-29D5F9CAD744}" => Key deleted successfully.
C:\Windows\System32\Tasks\{7BAABC9C-7086-4FA4-BDE5-681BD8017B19} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7BAABC9C-7086-4FA4-BDE5-681BD8017B19}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34EEF022-C248-430D-AA8C-A379F5839F30}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34EEF022-C248-430D-AA8C-A379F5839F30}" => Key deleted successfully.
C:\Windows\System32\Tasks\DSite => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSite" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{453CB1F1-50C5-45BE-90A6-0E281D18EA88}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{453CB1F1-50C5-45BE-90A6-0E281D18EA88}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E6FA3439-D03E-474A-A864-54E7CEA93455} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E6FA3439-D03E-474A-A864-54E7CEA93455}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AA3FA1F-DAAB-4BE0-8531-95ADCB8864B8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AA3FA1F-DAAB-4BE0-8531-95ADCB8864B8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{1609BA14-0FED-442D-9170-C04C15F981C5} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1609BA14-0FED-442D-9170-C04C15F981C5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7347B9F7-96F7-47E2-B8CC-95E149C4AD06}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7347B9F7-96F7-47E2-B8CC-95E149C4AD06}" => Key deleted successfully.
C:\Windows\System32\Tasks\{0F7B7E08-1DD9-4AE5-9A9A-08CDDDCD1169} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0F7B7E08-1DD9-4AE5-9A9A-08CDDDCD1169}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7757AC86-3751-4137-8B89-2C6AE04D6990}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7757AC86-3751-4137-8B89-2C6AE04D6990}" => Key deleted successfully.
C:\Windows\System32\Tasks\{11C396B0-D4A0-46CB-A841-EFD6AD7715E4} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{11C396B0-D4A0-46CB-A841-EFD6AD7715E4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{776036F3-5981-44E5-90B4-F14BC339A538}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{776036F3-5981-44E5-90B4-F14BC339A538}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F3CF654F-0598-47BA-88A3-91DE7AA6C1A3} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F3CF654F-0598-47BA-88A3-91DE7AA6C1A3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86164C3A-3BEE-4319-8FF8-8BC1C871601E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86164C3A-3BEE-4319-8FF8-8BC1C871601E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{92A651FB-72ED-4AA0-A27E-201636D45098}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92A651FB-72ED-4AA0-A27E-201636D45098}" => Key deleted successfully.
C:\Windows\System32\Tasks\{97E5E8F8-2B69-462C-905E-D5975B48C1FB} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{97E5E8F8-2B69-462C-905E-D5975B48C1FB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A9399806-F1EC-4110-9B25-B0C5E4E8C01A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9399806-F1EC-4110-9B25-B0C5E4E8C01A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{3D9E1804-6740-4300-B671-3239C524921F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3D9E1804-6740-4300-B671-3239C524921F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C215F820-9A4A-4644-993C-720E18C22DB2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C215F820-9A4A-4644-993C-720E18C22DB2}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E0A18E8D-F885-4A82-9916-54CFB5E9046C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E0A18E8D-F885-4A82-9916-54CFB5E9046C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CA837510-E02D-4FCD-B12D-19E8501EC27D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA837510-E02D-4FCD-B12D-19E8501EC27D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBEB3027-1751-482A-92B8-1444A515378C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBEB3027-1751-482A-92B8-1444A515378C}" => Key deleted successfully.
C:\Windows\System32\Tasks\{1B7F23FC-C788-4D5A-AE59-92D5BA290952} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1B7F23FC-C788-4D5A-AE59-92D5BA290952}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E91AAA25-BB5E-4F0A-A79D-8DE59E869F03}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E91AAA25-BB5E-4F0A-A79D-8DE59E869F03}" => Key deleted successfully.
C:\Windows\System32\Tasks\{42A1BE7E-6CCD-4E7E-8C4A-4EB2ABC124B8} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{42A1BE7E-6CCD-4E7E-8C4A-4EB2ABC124B8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E93F201D-E8A9-488C-BBCC-F6DBFC28F04B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E93F201D-E8A9-488C-BBCC-F6DBFC28F04B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{82994078-CC11-4AC2-8DC3-2C19C579B5E9} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{82994078-CC11-4AC2-8DC3-2C19C579B5E9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAE3F7D8-A662-4AB8-946C-C4B764C14EA8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAE3F7D8-A662-4AB8-946C-C4B764C14EA8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{1D7A61D8-B204-4C03-9D41-8731703E7E05} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1D7A61D8-B204-4C03-9D41-8731703E7E05}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3614D0C-CD89-471C-B6E0-230FA1BE8784}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3614D0C-CD89-471C-B6E0-230FA1BE8784}" => Key deleted successfully.
C:\Windows\System32\Tasks\{345E4FE0-B690-4458-BE6A-E2AC593605B9} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{345E4FE0-B690-4458-BE6A-E2AC593605B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F50E9488-DB86-48E3-9DB1-25D0A03675CD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F50E9488-DB86-48E3-9DB1-25D0A03675CD}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F10006ED-B251-4972-840E-25EDFDDCD041} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F10006ED-B251-4972-840E-25EDFDDCD041}" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRkrn" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WRSVC" => Key deleted successfully.
"C:\Windows\System32\Tasks\{F3CF654F-0598-47BA-88A3-91DE7AA6C1A3}" => File/Directory not found.
"C:\Windows\System32\Tasks\{E6FA3439-D03E-474A-A864-54E7CEA93455}" => File/Directory not found.
"C:\Windows\System32\Tasks\{3D9E1804-6740-4300-B671-3239C524921F}" => File/Directory not found.
"C:\Windows\System32\Tasks\{11C396B0-D4A0-46CB-A841-EFD6AD7715E4}" => File/Directory not found.
"C:\Windows\System32\Tasks\{F10006ED-B251-4972-840E-25EDFDDCD041}" => File/Directory not found.
"C:\Windows\System32\Tasks\{E0A18E8D-F885-4A82-9916-54CFB5E9046C}" => File/Directory not found.
"C:\Windows\System32\Tasks\{97E5E8F8-2B69-462C-905E-D5975B48C1FB}" => File/Directory not found.
"C:\Windows\System32\Tasks\{82994078-CC11-4AC2-8DC3-2C19C579B5E9}" => File/Directory not found.
"C:\Windows\System32\Tasks\{42A1BE7E-6CCD-4E7E-8C4A-4EB2ABC124B8}" => File/Directory not found.
"C:\Windows\System32\Tasks\{345E4FE0-B690-4458-BE6A-E2AC593605B9}" => File/Directory not found.
"C:\Windows\System32\Tasks\{1D7A61D8-B204-4C03-9D41-8731703E7E05}" => File/Directory not found.
"C:\Windows\System32\Tasks\{1B7F23FC-C788-4D5A-AE59-92D5BA290952}" => File/Directory not found.
"C:\Windows\System32\Tasks\{1609BA14-0FED-442D-9170-C04C15F981C5}" => File/Directory not found.
"C:\Windows\System32\Tasks\{0F7B7E08-1DD9-4AE5-9A9A-08CDDDCD1169}" => File/Directory not found.

"C:\Program Files (x86)\grillaprice" directory move:

Could not move "C:\Program Files (x86)\grillaprice\grillaprice.exe" => Scheduled to move on reboot.
Could not move "C:\Program Files (x86)\grillaprice" directory. => Scheduled to move on reboot.


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\grillaprice" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========
  • 0

#30
devasativa

devasativa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by Owner-1 (administrator) on DPLACE on 22-10-2014 17:13:53
Running from C:\Users\Owner-1\Desktop
Loaded Profile: Owner-1 (Available profiles: Owner-1 & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Reason Software Company Inc.) C:\Users\Owner-1\AppData\Roaming\Reason\Boost\boost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon3\Bin\Maxthon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2680344 2014-09-05] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1864448044-3865198937-871872176-1005\...\Run: [Google Update] => C:\Users\Owner-1\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-03] (Google Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istart123...0325AS_5VENN5AH
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istart123...q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {B4DB94BC-3512-4409-8E79-07D1ADC37C30} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {79A430CD-F74B-4E4B-A58F-64BE68948606} URL = http://www.facebook....q={searchTerms}
SearchScopes: HKCU - {B4DB94BC-3512-4409-8E79-07D1ADC37C30} URL =
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\3.2.0\ViProtocol.dll (AVG Secure Search)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.65

FireFox:
========
FF ProfilePath: C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\3.2.0\\npsitesafety.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Photosynth,version=2.0 -> C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.11.0 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.11 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.11.0 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Owner-1\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner-1\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Owner-1\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Owner-1\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner-1\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner-1\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\searchplugins\duckduckgo.xml
FF Extension: Avira Browser Safety - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-09-08]
FF Extension: Pocket - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-11]
FF Extension: LastPass - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-04]
FF Extension: YouTube Unblocker - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-06]
FF Extension: Remove It Permanently - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322} [2014-09-10]
FF Extension: Evernote Web Clipper - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2014-08-11]
FF Extension: Add to Search Bar - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-11]
FF Extension: DuckDuckGo Plus - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-11]
FF Extension: Perfect View - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\[email protected] [2014-08-06]
FF Extension: All-in-One Sidebar - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2014-08-11]
FF Extension: FlashGot - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-08-06]
FF Extension: PictuTools - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{41e00859-3a98-4c4c-8292-2de820be3ffa}.xpi [2014-08-06]
FF Extension: FB Gamer - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{5ff60652-3079-4d1a-8328-3126890eae58}.xpi [2014-08-06]
FF Extension: RightToClick - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2014-08-06]
FF Extension: Red Cats (blue flavor) - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\le7ztt4j.default-1407191572707\Extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi [2014-08-04]
FF HKLM-x32\...\Firefox\Extensions: [{1DD9AC48-0855-4AE7-9934-159B4377FFA2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-06-21]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\Owner-1\AppData\Roaming\Mozilla\Firefox\Profiles\5app42vp.default\extensions\[email protected]

Chrome:
=======
CHR Profile: C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Art Project, powered by Google) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aafjiaooblldgcephecfcafbmckcfeep [2013-11-28]
CHR Extension: (Bejeweled) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2013-11-28]
CHR Extension: (Kicksend - Share Photos) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeknnigbopacbbcnnphalkgflgdlnoon [2014-09-29]
CHR Extension: (Theme Creator) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2013-11-28]
CHR Extension: (Worlize) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoleedjgbljpnebkobbongneigoelmnb [2013-11-28]
CHR Extension: (UJAM - Make your music.) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdiogojbmdncjdpljocafnigiokgmci [2013-11-28]
CHR Extension: (BeFunky Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfkepiiddolifkgjmfdgpnipgnfejab [2013-11-28]
CHR Extension: (ezFractal - Strange Attractors App) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\befeejacabkplbgddjbhbbbbogmlomhg [2013-11-28]
CHR Extension: (Fotor Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf [2014-09-29]
CHR Extension: (Simple Image Resizer) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bficingcnodlbbildpbnjdgcmbipgnbi [2014-09-25]
CHR Extension: (Loupe Collage) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhaonknplhhecdgjpphnooeomecgipkc [2013-11-28]
CHR Extension: (Pulsate) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjilkkfelgjefpjbjfnfdhmmoglpbhli [2013-11-28]
CHR Extension: (Genie Jackpots) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnaafakedmhapgnckdkkadbjmoakikki [2013-11-28]
CHR Extension: (Cash of the Titans) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkbkhakepfeehemdjcegjlmcehjckid [2013-11-28]
CHR Extension: (Tarot Reading (FREE)) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegplnibkbhflhkcbohabjbmmokildob [2014-09-25]
CHR Extension: (Camera360网页版) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfojbadjlaaiddllnogeohfgamgedcfd [2014-09-29]
CHR Extension: (Pixsta) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijncchffkmlnfdbnkkfclcbnjcoegjc [2014-09-29]
CHR Extension: (Amigo's Gold) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnfmlpgjkhndffmipbeemgbbdihoeihg [2013-11-28]
CHR Extension: (Weebly - Website Builder) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnocophcbjfiimmnhlhleaooedeheifb [2013-11-28]
CHR Extension: (Panda Poet) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\daicmhhkdcccfobnkidlhnieapcikadf [2013-11-28]
CHR Extension: (ColorMandala) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbafebdejmcgpbfkppndjeajebpppnei [2013-11-28]
CHR Extension: (Gaia Online) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcejlakbncmhdpijmpdepcjfjodfeljj [2013-11-28]
CHR Extension: (Fun Switcher) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddeoimiimmmfddbiggnbipkjomlalanb [2013-11-28]
CHR Extension: (PiXditor - Photo Effects) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddfflkeppghppjmfikeachhdbmpjiacj [2014-09-29]
CHR Extension: (CasinoRPG - Poker, Slots, Tycoon, MMORPG) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfadcimibgpdemlpghdofndlapaiciel [2014-09-25]
CHR Extension: (rotoscope) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhimnnhmaanmanmmokfpijgambokcpni [2014-09-29]
CHR Extension: (PicMonkey Extension) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhipmoghimfdldnocmopeoanjmoolofl [2013-11-28]
CHR Extension: (Denki Word Quest) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibnbdoaalhdbddheelckdbghjhgkahn [2014-09-25]
CHR Extension: (Word Search) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnjkggjhcbohgnikmegjkodmakmimlkj [2013-11-28]
CHR Extension: (Free Casino Slots) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnomkmpkegpcpakppphmmaphjeabjkcp [2014-09-25]
CHR Extension: (Sumo Paint) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod [2013-11-28]
CHR Extension: (ClanShot - Social Image Gallery) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkonmnepckfdddbbmjbnmgjagehnjde [2014-09-29]
CHR Extension: (Mahjongg) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegpopcingfghbompjfejakfeaolmbop [2013-11-28]
CHR Extension: (Cop the Lot) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efgjbkonhellpgfomncmljjdjejbocnc [2013-11-28]
CHR Extension: (Best Entertainment Apps) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efngbgpefbbmjdekcljbnpgdjaegljpn [2013-11-28]
CHR Extension: (500px) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\egpociadnldbkfkjpmjoaibnbcoeplja [2014-09-29]
CHR Extension: (King Solomons) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehlombkifoagifleccjfpbhfbjibpkfj [2014-09-25]
CHR Extension: (Box - 10GB of FREE storage) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2013-11-28]
CHR Extension: (Fairest of Them All) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\elakbdjgendoliaogejfmnhdjchdkboc [2013-11-28]
CHR Extension: (Krishna 3D) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\feadgpcllehmhnikijnojlfccolbllge [2013-11-28]
CHR Extension: (PicMonkey) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2014-09-29]
CHR Extension: (Stupeflix Video Maker) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem [2013-11-28]
CHR Extension: (Avira Browser Safety) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-07-31]
CHR Extension: (C++ Tutorial) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpkdcihamnidijdfmjeckahccaphlofi [2014-09-25]
CHR Extension: (Best Apps) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekkkgddoohlaojggcdmihoeahbnlomf [2013-11-28]
CHR Extension: (Picadilo) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\geljjpapbfokifgnlnpdbiplebdhlein [2014-09-29]
CHR Extension: (Wallpaper Backgrounds - Free Wallpapers) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gggpfgbncdijopafhadglgjglomiaoba [2013-11-28]
CHR Extension: (Planetarium) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp [2013-11-28]
CHR Extension: (Autodesk 123D Catch) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjmccldlkdbjakaebbpiojpfbambiphj [2013-11-28]
CHR Extension: (Heart) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnfkpbienbblndialjooaiaociigepn [2013-11-28]
CHR Extension: (Save to Google Drive) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2014-09-25]
CHR Extension: (Free Slots) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gncgkjfgbkncmgekiidabkngldhokoio [2014-09-25]
CHR Extension: (ImageBot Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngdfkmfhlbimnaglgofeloikojnnaka [2013-11-28]
CHR Extension: (Hippo Paint) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gocgkkkalgjbolohhjmbekcemffhijbf [2013-11-28]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-11-28]
CHR Extension: (FabCam) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hejilffmihldhlfocnabcgndjjpgadfl [2013-11-28]
CHR Extension: (Atavi bookmarks) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfephclnnkjfkfnmmcjampphpfgijgae [2014-09-25]
CHR Extension: (The Elementals) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfhfehlnocjpbnbcabcjjnemkkkghaak [2013-11-28]
CHR Extension: (Leprechaun's Luck) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhgkfjhkjijkebohallibampichdppc [2013-11-28]
CHR Extension: (Vimeo Couch Mode) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjkdhkejcnlmkfdodbkdkelefnkobfif [2014-09-25]
CHR Extension: (Mystery Case Files: Madame Fate ®) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjhpnaodhjkfpbhmjjakbngblomampb [2013-11-28]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2014-09-26]
CHR Extension: (Wild Gambler) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmkmbgbgljpggoifoncmahpbdpholjgo [2013-11-28]
CHR Extension: (Quotes Book) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfjeadhjbcepmknoanimdbemlobmlpe [2014-09-25]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-11-29]
CHR Extension: (Pixlr Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2013-11-28]
CHR Extension: (RealPlayer Downloader) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-07-31]
CHR Extension: (Lunapic Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifimmnanlabnljjnaegjmgnelmdmjabn [2013-11-28]
CHR Extension: (Twinoo Brain Training - Test your Brain) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\igippnbkniajgjmfiklnjokigepheabp [2013-11-28]
CHR Extension: (Qbox - Wisdom of the Ages) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfnimbehfhlelledoaemompbeihbhfb [2013-11-28]
CHR Extension: (iPiccy Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh [2013-11-28]
CHR Extension: (Memrise) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipanemchpnjhopmgcmmjhjcniogmoooc [2013-11-28]
CHR Extension: (Fish Tales 2) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaghkmcgmmageapicnkmimibjenkldkc [2013-11-28]
CHR Extension: (Cut the Rope) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbadlndcminbkfojhlimnkgaackjmdo [2014-09-25]
CHR Extension: (Psykogif) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkjoklgdmjnffhmmllncmleongbhpdok [2014-01-01]
CHR Extension: (Lucky Free Slots) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklflojhcplaifoheemkildbmcjfhlij [2013-11-28]
CHR Extension: (Pixlr Touch Up) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2014-09-29]
CHR Extension: (Alice's Wonderland) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\khdhgjjadoofeaeajlpanbfgigchpgph [2013-11-28]
CHR Extension: (MakeGIF) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiibohfpiojejdooomkpmhhilobdkkle [2014-09-29]
CHR Extension: (Sand 2) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\klicmgamjpclmbhppmdeamffedflmkcn [2013-11-28]
CHR Extension: (Adblock Super) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2014-09-25]
CHR Extension: (Little Alchemy) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-11-28]
CHR Extension: (Until AM Web App) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk [2013-11-28]
CHR Extension: (Rango: The WORLD) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ladlgddeghalkmimaamlhbfaglfcdiep [2013-11-28]
CHR Extension: (Picozu) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajpehananomepaahgohcnmgkgmkhogf [2013-11-28]
CHR Extension: (Pix: Pixel Mixer) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbjiacdnbellpbhocabghholhnlboibg [2014-09-25]
CHR Extension: (Best Game Apps) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcedphmnlpmkcmhmpejeoalaeljdogia [2013-11-28]
CHR Extension: (Webcam Toy) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-11-28]
CHR Extension: (Comic Webcam) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffhmndpldceogndeognocbpmlgdemi [2014-09-29]
CHR Extension: (Picasa Extension (by Google)) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhhlohbbihddnfcehbijmlnpkafmmkfp [2013-11-28]
CHR Extension: (Vegas World) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkfngbagahkfkhdkaelphbgkaalajhim [2014-09-25]
CHR Extension: (Hottest Apps) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\maceojlogikadmomgoojfcgbbmnjggje [2013-11-28]
CHR Extension: (SMS Quotes) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\maipobjfmhedpebidmfcpajlegghgmpk [2014-09-29]
CHR Extension: (Madalin - Casino) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbiiphkhamhjhlefjichkpdjncmmokje [2013-11-28]
CHR Extension: (Pocket) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2014-09-25]
CHR Extension: (PixFiltre - Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nebhanlkihgdilmhiaiaclanodcalglc [2014-09-29]
CHR Extension: (Drive) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo [2014-09-26]
CHR Extension: (TextNow) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkjdngkmnogclafejjgbgjjegoaahihg [2014-09-25]
CHR Extension: (Google Wallet) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-19]
CHR Extension: (Hover Zoom) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-09-26]
CHR Extension: (GIFPAL) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch [2013-11-28]
CHR Extension: (piZap Photo Editor) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\occpjibghkbopohbefbejkklnfdkdmok [2013-11-28]
CHR Extension: (Foto Rulez) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\odahhdimpaeigjcdbgcnhemlkejclmmk [2014-09-29]
CHR Extension: (Picky Wallpapers) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj [2013-11-28]
CHR Extension: (Scribble - stickies on steroids) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\offpaifnchmpbnjhjbhpdffahlofdkfb [2013-11-28]
CHR Extension: (Picasa) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-09-25]
CHR Extension: (Bastion) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohphhdkahjlioohbalmicpokoefkgid [2013-11-28]
CHR Extension: (Rollip - Photo Effects) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooikhmcdpofogemaldinihdhidaokcmp [2014-09-29]
CHR Extension: (Falling Sand Game) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdknckljjbdpkhgmcokoahffbdinafbo [2013-11-28]
CHR Extension: (Psykopaint) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2013-11-28]
CHR Extension: (Harry Trotter) - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnfmgchcbgfcjhefffockipipfofamid [2013-11-28]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [iekjmlcgpmcjigljdiagaibfjfaideal] - C:\Users\Owner\AppData\Local\CRE\iekjmlcgpmcjigljdiagaibfjfaideal.crx [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-06-10]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Owner-1\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-08-04]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S3 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 1999-12-31] (Realsil Microelectronics Inc.) [File not signed]
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-06-10] ()
S3 RealPlayer Cloud Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1141848 2014-06-21] (RealNetworks, Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 1999-12-31] (IDT, Inc.) [File not signed]
S3 vToolbarUpdater3.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\3.2.0\ToolbarUpdater.exe [1843736 2014-09-01] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-01] (AVG Technologies)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2013-03-05] (MediaMall Technologies, Inc.)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 usbkey; C:\Windows\System32\DRIVERS\USBKey64.sys [40288 2013-11-07] ()
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 cpuz134; \??\C:\Users\Owner-1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 15:46 - 2014-10-22 15:46 - 00007259 _____ () C:\Users\Owner-1\Desktop\Fixlist.txt
2014-10-22 15:34 - 2014-10-22 15:41 - 00000000 ____D () C:\Users\Owner-1\Desktop\runassystem
2014-10-22 15:33 - 2014-10-22 15:33 - 00126083 _____ () C:\Users\Owner-1\Desktop\runassystem.zip
2014-10-22 15:26 - 2014-10-22 15:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DPLACE-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-10-22 15:24 - 2014-10-22 15:24 - 00000000 ____D () C:\RegBackup
2014-10-22 15:23 - 2014-10-22 15:23 - 00002195 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-10-22 15:23 - 2014-10-22 15:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-10-22 15:23 - 2014-10-22 15:23 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-10-22 15:19 - 2014-10-22 15:19 - 04215584 _____ () C:\Users\Owner-1\Desktop\tweaking.com_registry_backup_setup.exe
2014-10-20 16:19 - 2014-10-20 16:19 - 00008424 _____ () C:\Users\Owner-1\Desktop\Vinking AntiVirus Security Warning.htm
2014-10-20 16:19 - 2014-10-20 16:19 - 00000000 ____D () C:\Users\Owner-1\Desktop\Vinking AntiVirus Security Warning_files
2014-10-18 12:38 - 2014-10-18 12:38 - 00002761 _____ () C:\Users\Owner-1\Desktop\FSS.txt
2014-10-18 12:36 - 2014-10-18 12:36 - 00415232 _____ (Farbar) C:\Users\Owner-1\Desktop\FSS.exe
2014-10-17 20:52 - 2014-10-17 20:54 - 00049393 _____ () C:\Users\Owner-1\Desktop\Addition.txt
2014-10-17 20:49 - 2014-10-22 17:13 - 00034921 _____ () C:\Users\Owner-1\Desktop\FRST.txt
2014-10-17 20:49 - 2014-10-22 17:13 - 00000000 ____D () C:\FRST
2014-10-17 20:47 - 2014-10-17 20:47 - 02112000 _____ (Farbar) C:\Users\Owner-1\Desktop\FRST64.exe
2014-10-17 20:45 - 2014-10-17 20:45 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\Avg2015
2014-10-17 19:46 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 19:46 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 19:46 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 19:46 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 19:46 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 19:46 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 19:46 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 19:46 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 19:46 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 19:46 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 19:46 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 19:46 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 19:46 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 19:46 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 19:46 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 19:46 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-17 19:46 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-17 19:46 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-17 19:46 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-17 19:46 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-17 19:46 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-17 19:46 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-17 19:46 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-17 19:46 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-17 19:46 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-17 19:46 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-17 19:46 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-17 19:45 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 19:45 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 19:45 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 19:45 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 19:45 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 19:45 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 19:45 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 19:45 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 19:45 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 19:45 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 19:45 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 19:45 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 19:45 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 19:45 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 19:45 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 19:45 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 19:45 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 19:45 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 19:45 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 19:45 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 19:45 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 19:45 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 19:45 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 19:45 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 19:45 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 19:45 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 19:45 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 19:45 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 19:45 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 19:45 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 19:45 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 19:45 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 19:45 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 19:45 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 19:45 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 19:45 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 19:45 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 19:45 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 19:45 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 19:45 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 19:45 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 19:43 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 19:43 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 19:43 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 19:43 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 19:43 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 19:43 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 19:43 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 19:41 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 19:41 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 19:40 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 19:40 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 19:40 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 19:40 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 19:39 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 19:39 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-17 19:39 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 19:39 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 19:39 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 19:39 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 19:39 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 19:39 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 19:39 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 19:39 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 19:39 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-17 19:39 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-17 19:39 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 19:39 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 19:39 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 19:39 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-12 05:02 - 2014-10-12 05:18 - 00079182 _____ () C:\Users\Owner-1\Desktop\Extras.Txt
2014-10-12 05:00 - 2014-10-12 05:00 - 00120358 _____ () C:\Users\Owner-1\Desktop\OTL.Txt
2014-10-12 04:39 - 2014-10-12 04:39 - 00602112 _____ (OldTimer Tools) C:\Users\Owner-1\Desktop\OTL.exe
2014-10-12 04:19 - 2014-10-12 04:19 - 00008847 _____ () C:\Users\Owner-1\Documents\newlist.txt
2014-10-11 15:34 - 2014-10-11 15:34 - 00000000 ____D () C:\ProgramData\.mono
2014-10-10 11:44 - 2014-10-10 11:44 - 12200491 _____ () C:\Users\Owner-1\Desktop\attachments.zip
2014-10-06 00:22 - 2014-10-06 00:22 - 00000000 ____D () C:\ProgramData\Intenium
2014-10-05 23:54 - 2014-10-05 23:54 - 00000000 ____D () C:\ProgramData\n7-89-o9-3r-4t-r9
2014-10-02 12:09 - 2014-10-02 12:09 - 00002002 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Center.lnk
2014-10-02 12:09 - 2014-10-02 12:09 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-02 12:09 - 2014-10-02 12:09 - 00001413 _____ () C:\Users\Owner-1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-01 19:05 - 2014-10-01 19:05 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\{7510169C-3D9E-45E0-B3C5-2A07F8D0CAC5}
2014-10-01 05:20 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 05:20 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-29 22:54 - 2014-09-29 22:54 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\{24FF32C3-A238-43DA-AB94-3D6118AD377A}
2014-09-29 16:21 - 2014-09-29 16:21 - 00000000 ____D () C:\Users\Owner-1\Documents\Any Video Converter
2014-09-29 13:03 - 2014-09-29 13:03 - 00000973 _____ () C:\Users\Owner-1\Desktop\Daum Potplayer-64 Bits.lnk
2014-09-29 09:14 - 2014-09-29 09:16 - 00000000 ____D () C:\Users\Owner-1\Desktop\New folder
2014-09-29 09:04 - 2014-09-29 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photosynth
2014-09-29 09:04 - 2014-09-29 09:04 - 00000000 ____D () C:\Program Files (x86)\Photosynth
2014-09-29 07:04 - 2014-09-29 07:04 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\{9B6E8402-CBF0-413E-AFF0-E39525B3B8B7}
2014-09-29 06:52 - 2014-09-29 06:52 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\Microsoft_Corporation
2014-09-29 06:38 - 2014-09-29 06:38 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\Autodesk
2014-09-29 04:18 - 2014-09-29 04:18 - 00000000 ____D () C:\Users\Owner-1\AppData\Roaming\OpenSoftwareUpdater
2014-09-29 04:16 - 2014-09-29 04:16 - 00000000 _____ () C:\nsw27C6.tmp
2014-09-29 04:16 - 2014-09-29 04:16 - 00000000 _____ () C:\nsr27A6.tmp
2014-09-29 04:07 - 2014-09-29 04:11 - 230403216 _____ (COMODO) C:\Users\Owner-1\Downloads\cispremium_installer_5997_92.exe
2014-09-29 00:27 - 2014-10-20 13:05 - 00002143 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-29 00:22 - 2014-09-29 00:22 - 00001870 _____ () C:\Users\Public\Desktop\Pixlr .lnk
2014-09-29 00:22 - 2014-09-29 00:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
2014-09-29 00:21 - 2014-09-29 00:21 - 00000000 ____D () C:\Program Files (x86)\Autodesk
2014-09-29 00:18 - 2014-09-29 00:18 - 00000000 ____D () C:\Users\Owner-1\AppData\Roaming\Autodesk
2014-09-29 00:18 - 2014-09-29 00:18 - 00000000 ____D () C:\ProgramData\Autodesk
2014-09-29 00:17 - 2014-09-29 00:17 - 00000000 ____D () C:\Autodesk
2014-09-27 03:59 - 2014-09-27 04:01 - 00000000 ____D () C:\Users\Owner-1\Documents\Malware bytes support history complete cases
2014-09-27 03:59 - 2014-09-27 03:59 - 00000000 _____ () C:\Users\Owner-1\Documents\New Text Document.txt
2014-09-26 23:01 - 2014-09-28 11:03 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-26 23:01 - 2014-09-26 23:01 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-26 22:57 - 2014-09-28 11:03 - 00000000 ____D () C:\Users\Owner-1\Desktop\mbar
2014-09-26 22:28 - 2014-09-30 04:12 - 00000000 ____D () C:\Users\Owner-1\Downloads\portable browsers
2014-09-26 10:35 - 2014-09-26 10:35 - 00000000 ____D () C:\Users\Owner-1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-26 10:27 - 2014-09-26 10:27 - 11846283 _____ () C:\Users\Owner-1\Downloads\oneclick.crx
2014-09-26 10:25 - 2014-10-01 05:43 - 00000000 ____D () C:\Users\Owner-1\Downloads\chrome extension
2014-09-26 08:06 - 2014-09-26 12:37 - 00000000 ____D () C:\Users\Owner-1\Documents\t. WA law..limitations
2014-09-25 09:51 - 2014-09-25 09:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-24 08:51 - 2014-09-24 08:51 - 06891512 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_16.mp4
2014-09-24 08:51 - 2014-09-24 08:51 - 02819822 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_13.mp4
2014-09-24 08:51 - 2014-09-24 08:51 - 02739497 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_14.mp4
2014-09-24 08:51 - 2014-09-24 08:51 - 02316650 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_15.mp4
2014-09-24 08:51 - 2014-09-24 08:51 - 01631371 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_12.mp4
2014-09-24 08:51 - 2014-09-24 08:51 - 00950840 _____ () C:\Users\Owner-1\Desktop\1738079_218960804980062_2017555973_n.mp4
2014-09-24 08:49 - 2014-09-24 08:49 - 02736439 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_7(1).mp4
2014-09-24 08:40 - 2014-09-24 08:40 - 06450961 _____ () C:\Users\Owner-1\Desktop\10518475_254095261466616_910788609_n.mp4
2014-09-24 08:40 - 2014-09-24 08:40 - 02188153 _____ () C:\Users\Owner-1\Desktop\10491573_256173664592109_879986958_n.mp4
2014-09-24 08:39 - 2014-09-24 08:39 - 02736439 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_7.mp4
2014-09-24 08:39 - 2014-09-24 08:39 - 01436983 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_8.mp4
2014-09-24 08:37 - 2014-09-24 08:37 - 07552254 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_4.mp4
2014-09-24 08:35 - 2014-09-24 08:35 - 09507406 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_1(1).mp4
2014-09-24 08:34 - 2014-09-24 08:34 - 01392613 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_2(1).mp4
2014-09-24 08:33 - 2014-09-24 08:33 - 09507406 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_1.mp4
2014-09-24 08:33 - 2014-09-24 08:33 - 00499106 _____ () C:\Users\Owner-1\Desktop\10654293_270598823149593_1871693183_n.mp4
2014-09-24 08:29 - 2014-09-24 08:29 - 09507406 _____ () C:\Users\Owner-1\Desktop\(99) Tristen Cate_2.mp4
2014-09-24 08:14 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-24 08:14 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-22 23:34 - 2014-09-22 23:34 - 03591820 _____ () C:\Users\Owner-1\Desktop\(99) Facebook_1.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-22 17:04 - 2011-12-17 01:42 - 01292643 _____ () C:\Windows\WindowsUpdate.log
2014-10-22 16:43 - 2014-06-03 13:00 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA.job
2014-10-22 16:41 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 16:41 - 2009-07-13 21:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 16:36 - 2014-06-21 09:40 - 00003234 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1864448044-3865198937-871872176-1005
2014-10-22 16:34 - 2013-11-13 20:34 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-22 16:34 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-22 16:27 - 2013-11-13 20:34 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 16:21 - 2013-04-27 01:27 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-22 15:37 - 2014-01-06 01:32 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA.job
2014-10-22 15:22 - 2013-11-13 20:34 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-22 15:22 - 2013-11-13 20:34 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 14:53 - 2014-08-30 06:00 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-20 12:49 - 2014-08-27 11:59 - 00000000 ____D () C:\Users\Owner-1\AppData\Roaming\BitTorrent
2014-10-20 12:45 - 2014-06-03 13:00 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core.job
2014-10-20 00:58 - 2014-01-06 01:32 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core.job
2014-10-19 22:21 - 2013-11-25 13:39 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOwner-1
2014-10-19 22:21 - 2013-11-25 13:39 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForOwner-1.job
2014-10-18 12:38 - 2014-06-03 13:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005UA
2014-10-18 12:38 - 2014-06-03 13:00 - 00003498 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1864448044-3865198937-871872176-1005Core
2014-10-17 20:36 - 2009-07-13 21:45 - 00430568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 20:21 - 2013-08-01 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 20:02 - 2013-05-01 23:01 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-12 04:26 - 2013-12-05 06:07 - 00000000 ___RD () C:\Users\Owner-1\Dropbox
2014-10-12 00:41 - 2013-11-16 18:57 - 00000000 ____D () C:\Users\Owner-1
2014-10-10 20:44 - 2014-02-07 19:25 - 00000000 ____D () C:\Users\Owner-1\Desktop\My Shared Folder
2014-10-10 20:44 - 2013-12-23 00:14 - 00000000 ____D () C:\Users\Owner-1\Games
2014-10-09 15:10 - 2013-11-26 22:36 - 00000000 ____D () C:\Users\Owner-1\AppData\Roaming\Mozilla
2014-10-06 21:07 - 2013-12-01 18:02 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\CrashDumps
2014-10-06 00:20 - 2013-11-16 18:58 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\VirtualStore
2014-10-05 21:42 - 2013-12-23 23:44 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\Last.fm
2014-10-02 12:35 - 2014-04-24 11:26 - 00000000 ___RD () C:\Users\Owner-1\blocklist..host file
2014-10-01 08:53 - 2014-08-27 11:29 - 00000000 ____D () C:\Users\Owner-1\AppData\Roaming\GetPrivate
2014-10-01 05:42 - 2014-08-30 22:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-01 05:41 - 2014-08-31 06:33 - 00000000 ____D () C:\Users\Owner-1\AppData\Local\Avg
2014-09-29 11:15 - 2013-12-03 06:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-29 04:54 - 2014-09-15 16:56 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-09-29 04:47 - 2013-11-16 18:58 - 00109920 _____ () C:\Users\Owner-1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-28 21:54 - 2013-04-27 00:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-26 22:57 - 2014-08-29 02:36 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-26 12:38 - 2011-10-14 23:22 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-09-25 08:28 - 2013-04-27 01:27 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-25 08:28 - 2009-07-13 22:08 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-25 06:21 - 2013-04-27 01:27 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-25 06:21 - 2011-10-14 23:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-10 12:19

==================== End Of Log ============================
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP