Inactive-A Help with Spyware/Malware removal.

dVOURE · Aug 31, 2013

C:\Users\Jones\AppData\Local\Temp\{10822F7E-B57A-414F-8825-3403C4F283F6}\ISBEW64.exe
C:\Users\Jones\AppData\Local\Temp\_MEI34882\kernel32.dll
C:\Users\Jones\AppData\Local\Temp\_MEI34882\mfc90.dll
C:\Users\Jones\AppData\Local\Temp\_MEI34882\mfc90u.dll
C:\Users\Jones\AppData\Local\Temp\_MEI34882\mfcm90.dll
C:\Users\Jones\AppData\Local\Temp\_MEI34882\mfcm90u.dll
C:\Users\Jones\AppData\Local\Temp\_MEI34882\psapi.dll
C:\Users\Jones\AppData\Local\Temp\_MEI34882\python27.dll
C:\Users\Jones\AppData\Local\Temp\_MEI34882\pythoncom27.dll
C:\Users\Jones\AppData\Local\Temp\_MEI34882\PyWinTypes27.dll
C:\Users\Jones\AppData\Local\Temp\_MEI34882\shell32.dll
C:\Users\Jones\AppData\Local\Temp\_MEI34882\wxbase294u_net_vc90.dll
C:\Users\Jones\AppData\Local\Temp\_MEI34882\wxbase294u_vc90.dll
C:\Users\Jones\AppData\Local\Temp\_MEI34882\wxmsw294u_adv_vc90.dll
C:\Users\Jones\AppData\Local\Temp\_MEI34882\wxmsw294u_core_vc90.dll
C:\Users\Jones\AppData\Local\Temp\_MEI34882\wxmsw294u_html_vc90.dll
C:\Users\Jones\AppData\Local\Temp\_MEI34882\wxmsw294u_webview_vc90.dll
C:\Users\Jones\AppData\Local\Temp\_ir_sf_temp_0\npCouponPrinter.dll
C:\Users\Jones\AppData\Local\Temp\_ir_sf_temp_0\npMozCouponPrinter.dll
C:\Users\Jones\AppData\Local\Temp\x86\HPWarrantyIDDll.dll
C:\Users\Jones\AppData\Local\Temp\x64\HPWarrantyIDDll.dll
C:\Users\Jones\AppData\Local\Temp\tmplriv6x\googledrivesync.exe
C:\Users\Jones\AppData\Local\Temp\Temp1_AutoTalkerXPro17.zip\AutoTalker X Pro 17.exe
C:\Users\Jones\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_.exe
C:\Users\Jones\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_Desktop.exe
C:\Users\Jones\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_Resource_en.dll
C:\Users\Jones\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_Service.exe
C:\Users\Jones\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_StaticRes.dll
C:\Users\Jones\AppData\Local\Temp\TeamViewer\Version7\tv_w32.dll
C:\Users\Jones\AppData\Local\Temp\TeamViewer\Version7\tv_w32.exe
C:\Users\Jones\AppData\Local\Temp\TeamViewer\Version7\tv_x64.dll
C:\Users\Jones\AppData\Local\Temp\TeamViewer\Version7\tv_x64.exe
C:\Users\Jones\AppData\Local\Temp\nsrDB75.tmp\setup.exe
C:\Users\Jones\AppData\Local\Temp\nsm294C.tmp\InstallOptions.dll
C:\Users\Jones\AppData\Local\Temp\nsm294C.tmp\System.dll
C:\Users\Jones\AppData\Local\Temp\nsl3A99.tmp\DropboxNSISTools.dll
C:\Users\Jones\AppData\Local\Temp\nsl3A99.tmp\UAC.dll
C:\Users\Jones\AppData\Local\Temp\nsg3977.tmp\UAC.dll
C:\Users\Jones\AppData\Local\Temp\IXP000.TMP\BBSetup.exe
C:\Users\Jones\AppData\Local\Temp\is-P6PEB.tmp\_isetup\_shfoldr.dll
C:\Users\Jones\AppData\Local\Temp\IDC4.tmp\installer.exe
C:\Users\Jones\AppData\Local\Temp\IDC2.tmp\installer.exe
C:\Users\Jones\AppData\Local\Temp\HpUpdate\26489\HPPCShorCutCreator_5810_000_002_hpu.exe
C:\Users\Jones\AppData\Local\Temp\HpUpdate\25919\CIOUMUpdate_3545_000_009_hpu.exe
C:\Users\Jones\AppData\Local\Temp\HpUpdate\25545\hpusetup.exe
C:\Users\Jones\AppData\Local\Temp\HpUpdate\21598\CPE_SLP_NETWORKMSI_hpu_000_006.exe
C:\Users\Jones\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
C:\Users\Jones\AppData\Local\Temp\Ceement\src\setup.exe
C:\Users\Jones\AppData\Local\Temp\CCIS\ccsqlh.exe
C:\Users\Jones\AppData\Local\Temp\CCIS\sqlite3.dll
C:\Users\Jones\AppData\Local\Temp\avg_a06148\avg-secure-search-installer.exe
C:\Users\Jones\AppData\Local\Temp\avg_a06148\ProgFiles\AVG SafeGuard toolbar\lip.exe
C:\Users\Jones\AppData\Local\Temp\avg_a06148\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
C:\Users\Jones\AppData\Local\Temp\avg_a06148\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
C:\Users\Jones\AppData\Local\Temp\avg_a06148\ProgFiles\AVG SafeGuard toolbar\vprot.exe
C:\Users\Jones\AppData\Local\Temp\avg_a06148\ProgFiles\AVG SafeGuard toolbar\15.2.0.5\AVG SafeGuard toolbar_toolbar.dll
C:\Users\Jones\AppData\Local\Temp\avg_a06148\ConfigFiles\avguidx.dll
C:\Users\Jones\AppData\Local\Temp\avg_a06148\ConfigFiles\MachineIdCreator.exe
C:\Users\Jones\AppData\Local\Temp\avg_a06148\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll
C:\Users\Jones\AppData\Local\Temp\avg_a06148\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll
C:\Users\Jones\AppData\Local\Temp\avg_a06148\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
C:\Users\Jones\AppData\Local\Temp\avg_a06148\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
C:\Users\Jones\AppData\Local\Temp\avg_a06148\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll
C:\Users\Jones\AppData\Local\Temp\avg_a06148\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
C:\Users\Jones\AppData\Local\Temp\avg_a06148\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll
C:\Users\Jones\AppData\Local\Temp\avg_a06148\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
C:\Users\Jones\AppData\Local\Temp\avg_a06148\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll
C:\Users\Jones\AppData\Local\Temp\avg_a04292\avg-secure-search-installer.exe
C:\Users\Jones\AppData\Local\Temp\avg_a04292\ProgFiles\AVG SafeGuard toolbar\lip.exe
C:\Users\Jones\AppData\Local\Temp\avg_a04292\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
C:\Users\Jones\AppData\Local\Temp\avg_a04292\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
C:\Users\Jones\AppData\Local\Temp\avg_a04292\ProgFiles\AVG SafeGuard toolbar\vprot.exe
C:\Users\Jones\AppData\Local\Temp\avg_a04292\ProgFiles\AVG SafeGuard toolbar\15.1.0.2\AVG SafeGuard toolbar_toolbar.dll
C:\Users\Jones\AppData\Local\Temp\avg_a04292\ConfigFiles\avguidx.dll
C:\Users\Jones\AppData\Local\Temp\avg_a04292\ConfigFiles\MachineIdCreator.exe
C:\Users\Jones\AppData\Local\Temp\avg_a04292\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll
C:\Users\Jones\AppData\Local\Temp\avg_a04292\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll
C:\Users\Jones\AppData\Local\Temp\avg_a04292\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
C:\Users\Jones\AppData\Local\Temp\avg_a04292\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
C:\Users\Jones\AppData\Local\Temp\avg_a04292\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll
C:\Users\Jones\AppData\Local\Temp\avg_a04292\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
C:\Users\Jones\AppData\Local\Temp\avg_a04292\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll
C:\Users\Jones\AppData\Local\Temp\avg_a04292\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
C:\Users\Jones\AppData\Local\Temp\avg_a04292\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll
C:\Users\Jones\AppData\Local\Temp\Adobe\Shockwave 12\gcapi_dll.dll
C:\Users\Jones\AppData\Local\Temp\Adobe\Shockwave 12\gi.dll
C:\Users\Jones\AppData\Local\Temp\Adobe\Shockwave 12\gtapi.dll
C:\Users\Jones\AppData\Local\Temp\Adobe\Shockwave 12\LaunchGoogleChrome.exe
C:\Users\Jones\AppData\Local\Temp\Adobe\Shockwave 12\SymCCIS.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\hpzc3212.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\hpzids01.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\HPZIDS40.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\hpzsetup.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\HPZstub.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\Setup.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\pdu\HPPDU.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ndu\HPHNDU_3053.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\cfgedt\hpbcfgap.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\cfgedt\hpbcfgre.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\cfgedt\hpbcfgui.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\cfgedt\HPBDMC32.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\cfgedt\HPCDMC32.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\cfgedt\hpcdmc64.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\CCC_Uninstaller.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\hpqrrx08.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\WindowsInstaller-KB884016-v2-x86.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\trk\Q283787_w2k_sp3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\trk\WindowsXP-KB822603-x86-TRK.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\sve\Q283787_w2k_sp3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\sve\WindowsXP-KB822603-x86-SVE.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\rus\Q283787_w2k_sp3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\rus\WindowsXP-KB822603-x86-RUS.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\ptb\Q283787_W2K_SP3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\ptb\WindowsXP-KB822603-x86-PTB.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\plk\Q283787_w2k_sp3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\plk\WindowsXP-KB822603-x86-PLK.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\nob\Q283787_w2k_sp3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\nob\WindowsXP-KB822603-x86-NOR.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\nld\Q283787_W2K_SP3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\nld\WindowsXP-KB822603-x86-NLD.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\kor\Q283787_W2K_SP3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\kor\WindowsXP-KB822603-x86-KOR.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\jpn\Q283787_W2K_sp3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\jpn\WindowsXP-KB822603-x86-JPN.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\ita\Q283787_w2k_sp3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\ita\WindowsXP-KB822603-x86-ITA.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\hun\Q283787_w2k_sp3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\hun\WindowsXP-KB822603-x86-HUN.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\fra\Q283787_w2k_sp3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\fra\WindowsXP-KB822603-x86-FRA.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\fin\Q283787_w2k_sp3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\fin\WindowsXP-KB822603-x86-FIN.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\esn\Q283787_w2k_sp3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\esn\WindowsXP-KB822603-x86-ESN.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\esm\Q283787_w2k_sp3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\enu\Q283787_W2K_SP3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\enu\WindowsXP-KB822603-x86-ENU.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\ell\Q283787_w2k_sp3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\ell\WindowsXP-KB822603-x86-ELL.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\DeviceInfo.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\HpAppEgn.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\HpSdUi.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\HPSysDig.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\logging.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\systeminfo.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\zlib.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\tu\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\tc\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\sw\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\sp\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\sc\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\ru\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\pol\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\po\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\no\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\ko\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\ja\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\it\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\hu\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\gr\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\ge\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\fr\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\fi\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\en\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\du\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\da\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\diagnostics\loc\cz\HpSdRes.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\deu\Q283787_W2K_sp3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\deu\WindowsXP-KB822603-x86-DEU.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\dan\Q283787_w2k_sp3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\dan\WindowsXP-KB822603-x86-DAN.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\csy\Q283787_w2k_sp3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\csy\WindowsXP-KB822603-x86-CSY.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\cht\Q283787_W2K_SP3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\cht\WindowsXP-KB822603-x86-CHT.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\chs\Q283787_W2K_SP3_x86.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\util\ccc\chs\WindowsXP-KB822603-x86-CHS.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\BlockSysUserInstall.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\ConvAPIPlugin.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\DelNwPrinter.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\DeviceDisconnect.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\difxapi.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\DOT4_Plugin.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPCommunication.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\hpdot4chk.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPeDiag.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPeSupport.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\hpnwchk.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\hpprtchk.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\hpqbhp01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\hpqrrx08.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPScripting.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\hpwlpd01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\hpxpschk.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZarp01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZcdl01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZchk01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZdui01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZdui40.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\hpzfwx01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZgat01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZmsi01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZnop01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\hpznui01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZnui40.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\hpznuiprn01.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\hpznuiprn40.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZpnp01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZpnp40.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZprl01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZprl40.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZpsc01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZpsl01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZrcn01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZrcv01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZrein01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZscr01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZscr40.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZshl01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZshl40.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZSWP01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZtim01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZwis01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZwrp01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\HPZwup01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\InstallMetrics.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\InternetUtil.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\msxml3.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\msxml3a.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\msxml3r.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\RulesEngine.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\TwainFix.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\usbready.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\yahoo\YTBInstallWrapper-win32.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\yahoo\YTBInstallWrapper-x64.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\yahoo\ytb_7.2.2.0_1.5.4_mail_bts_pub_uber_rev_setup_2008.11.25.01.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\yahoo\y_hp_intl_detect.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\x64\difxapi.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\wis\Win2K_XP\instmsi.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx86\ATL90.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx86\hpqNwDr01.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx86\hpzscb01.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx86\hpzscbi0SmrtK.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx86\hpzscbi1BPDUSB.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx86\hpzscbi257usw.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx86\hpzscbi259Nop.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx86\hpzscbi2Snmp.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx86\mfc90.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx86\mfc90u.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx86\mfcm90.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx86\mfcm90u.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx86\msvcm90.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx86\msvcp90.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx86\msvcr90.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx64\ATL90.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx64\hpqNwDr40.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx64\hpzscb01.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx64\hpzscbi0SmrtK.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx64\hpzscbi1BPDUSB.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx64\hpzscbi257usw.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx64\hpzscbi259Nop.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx64\hpzscbi2Snmp.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx64\mfc90.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx64\mfc90u.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx64\mfcm90.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx64\mfcm90u.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx64\msvcm90.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx64\msvcp90.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\networkx64\msvcr90.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\msn\InstallManager_IP2_IP2.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\msn\QP_Launcher.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\msn\ToolbarInstallWrapper-win32.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\msn\ToolbarInstallWrapper-x64.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\msn\OEM\Packages\default\DefaultManagerSetup.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\msn\OEM\Packages\default\SearchEnhancementPackSetup.EXE
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\msn\OEM\Packages\default\Silverlight.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\dpinst_x64\DPInst.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\setup\dpinst_x32\DPInst.exe
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\drivers\dot4\win2000\difxapi.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\drivers\dot4\win2000\hppldcoi.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\drivers\dot4\win2000\hpzc3212.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\drivers\dot4\amd64\winxp\difxapi.dll
C:\Users\Jones\AppData\Local\Temp\7zS4EE9\OJ6000vE609_Full_14\drivers\dot4\amd64\winxp\hppldcoi.dll
C:\Users\Jones\AppData\Local\Temp\7zS4728\bootstrap-ojp.exe
C:\Users\Jones\AppData\Local\Temp\7zS46F1\Dot4Scrubber.exe
C:\Users\Jones\AppData\Local\Temp\7zS46F1\ExecuteProcess.exe
C:\Users\Jones\AppData\Local\Temp\7zS46F1\HPeDiag.dll
C:\Users\Jones\AppData\Local\Temp\6D55D4D203024036BC6462FE82BC282C\IP2TDFJewel\7.1.361\JewelExtension.dll
C:\Users\Jones\AppData\Local\Temp\6D55D4D203024036BC6462FE82BC282C\IP2TDFButton1\7.1.361\JewelExtension.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-08-22 00:10

==================== End Of Log ============================

dVOURE · Aug 31, 2013

ComboFix 13-08-31.01 - Jones 08/31/2013 21:40:35.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5602.3647 [GMT -4:00]
Running from: c:\users\Jones\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20130829224212.232870
c:\programdata\boost_interprocess\20130829224212.232870\GpReceiverName
c:\users\Jones\AppData\Local\BcsKtYcHW.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((((( Files Created from 2013-08-01 to 2013-09-01 )))))))))))))))))))))))))))))))
.
.
2013-09-01 01:54 . 2013-09-01 01:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-01 01:14 . 2013-09-01 01:14 -------- d-----w- C:\FRST
2013-08-31 23:47 . 2013-09-01 00:57 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-31 19:43 . 2013-08-31 19:43 -------- d-----w- c:\users\Jones\AppData\Roaming\Malwarebytes
2013-08-31 19:43 . 2013-08-31 19:43 -------- d-----w- c:\programdata\Malwarebytes
2013-08-31 19:43 . 2013-08-31 19:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-31 19:43 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-30 23:47 . 2013-08-31 15:30 -------- d-----w- c:\users\Jones\AppData\Roaming\Open Download Manager
2013-08-30 23:47 . 2013-09-01 01:49 -------- d-----w- c:\programdata\boost_interprocess
2013-08-30 23:47 . 2013-08-30 23:47 -------- d-----w- c:\programdata\GorillaPrice
2013-08-21 18:51 . 2013-08-21 19:51 17737608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-15 02:12 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-10 01:23 . 2013-08-15 23:13 -------- d-----w- c:\users\Jones\AppData\Roaming\Skype
2013-08-10 01:23 . 2013-08-10 01:23 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-08-10 01:23 . 2013-08-23 08:59 -------- d-----r- c:\program files (x86)\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 19:51 . 2012-04-20 01:00 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 19:51 . 2012-04-20 01:00 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-15 13:40 . 2012-08-29 20:33 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-08-14 20:33 . 2013-05-25 04:33 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-07-13 20:18 . 2013-06-13 05:20 45056 ----a-r- c:\users\Jones\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\UNINST_Uninstall_C_EBD1846850A64C858760A659B987DCFF.exe
2013-07-13 20:18 . 2013-06-13 05:20 45056 ----a-r- c:\users\Jones\AppData\Roaming\Microsoft\Installer\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}\ARPPRODUCTICON.exe
2013-07-13 19:58 . 2013-07-13 19:58 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-13 19:58 . 2012-08-11 03:45 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-13 19:58 . 2012-08-11 03:45 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-09 04:45 . 2013-08-15 02:12 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-03 15:47 . 2013-07-03 15:47 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-07-03 15:47 . 2013-07-03 15:47 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-07-03 15:47 . 2013-07-03 15:47 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-07-03 15:47 . 2013-07-03 15:47 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-07-03 15:47 . 2013-07-03 15:47 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-07-03 15:47 . 2013-07-03 15:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-07-03 15:47 . 2013-07-03 15:47 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-07-03 15:47 . 2013-07-03 15:47 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-07-03 15:47 . 2013-07-03 15:47 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-07-03 15:47 . 2013-07-03 15:47 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-07-03 15:47 . 2013-07-03 15:47 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-07-03 15:47 . 2013-07-03 15:47 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-07-03 15:47 . 2013-07-03 15:47 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-07-03 15:47 . 2013-07-03 15:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-07-03 15:47 . 2013-07-03 15:47 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-07-03 15:47 . 2013-07-03 15:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-07-03 15:47 . 2013-07-03 15:47 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-07-03 15:47 . 2013-07-03 15:47 216064 ----a-w- c:\windows\system32\msls31.dll
2013-07-03 15:47 . 2013-07-03 15:47 197120 ----a-w- c:\windows\system32\msrating.dll
2013-07-03 15:47 . 2013-07-03 15:47 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-07-03 15:47 . 2013-07-03 15:47 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-07-03 15:47 . 2013-07-03 15:47 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-07-03 15:47 . 2013-07-03 15:47 81408 ----a-w- c:\windows\system32\icardie.dll
2013-07-03 15:47 . 2013-07-03 15:47 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-07-03 15:47 . 2013-07-03 15:47 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-07-03 15:47 . 2013-07-03 15:47 441856 ----a-w- c:\windows\system32\html.iec
2013-07-03 15:47 . 2013-07-03 15:47 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-07-03 15:47 . 2013-07-03 15:47 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-07-03 15:47 . 2013-07-03 15:47 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-07-03 15:47 . 2013-07-03 15:47 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-07-03 15:47 . 2013-07-03 15:47 235008 ----a-w- c:\windows\system32\url.dll
2013-07-03 15:47 . 2013-07-03 15:47 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-07-03 15:47 . 2013-07-03 15:47 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-07-03 15:47 . 2013-07-03 15:47 102912 ----a-w- c:\windows\system32\inseng.dll
2013-07-03 15:47 . 2013-07-03 15:47 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-07-03 15:47 . 2013-07-03 15:47 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-07-03 15:47 . 2013-07-03 15:47 144896 ----a-w- c:\windows\system32\wextract.exe
2013-07-03 15:47 . 2013-07-03 15:47 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-07-03 15:47 . 2013-07-03 15:47 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-07-03 15:47 . 2013-07-03 15:47 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-07-03 15:47 . 2013-07-03 15:47 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-07-03 15:47 . 2013-07-03 15:47 149504 ----a-w- c:\windows\system32\occache.dll
2013-07-03 15:47 . 2013-07-03 15:47 13824 ----a-w- c:\windows\system32\mshta.exe
2013-07-03 15:47 . 2013-07-03 15:47 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-07-03 15:47 . 2013-07-03 15:47 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-07-03 15:47 . 2013-07-03 15:47 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-07-03 15:47 . 2013-07-03 15:47 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-07-03 15:47 . 2013-07-03 15:47 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-07-03 15:47 . 2013-07-03 15:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-07-03 15:46 . 2013-07-03 15:46 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-07-03 15:46 . 2013-07-03 15:46 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-07-03 15:46 . 2013-07-03 15:46 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-07-03 15:46 . 2013-07-03 15:46 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-07-03 15:46 . 2013-07-03 15:46 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-07-03 15:46 . 2013-07-03 15:46 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-07-03 15:46 . 2013-07-03 15:46 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-07-03 15:46 . 2013-07-03 15:46 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-07-03 15:46 . 2013-07-03 15:46 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-07-03 15:46 . 2013-07-03 15:46 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-07-03 15:46 . 2013-07-03 15:46 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-07-03 15:46 . 2013-07-03 15:46 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-07-03 15:46 . 2013-07-03 15:46 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-07-03 15:46 . 2013-07-03 15:46 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-07-03 15:46 . 2013-07-03 15:46 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-07-03 15:46 . 2013-07-03 15:46 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-07-03 15:46 . 2013-07-03 15:46 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-07-03 15:46 . 2013-07-03 15:46 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-07-03 15:46 . 2013-07-03 15:46 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-07-03 15:46 . 2013-07-03 15:46 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-07-03 15:46 . 2013-07-03 15:46 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-07-03 15:46 . 2013-07-03 15:46 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-07-03 15:46 . 2013-07-03 15:46 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-07-03 15:46 . 2013-07-03 15:46 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-08-28 1811880]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-09-04 896912]
"AppEx Accelerator UI"="c:\program files\AMD Quick Stream\AppexAcceleratorUI.exe" [2012-05-22 1000288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-12 642216]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
R0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
R0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 GorillaPrice;GorillaPrice;c:\program files (x86)\GorillaPrice\GorillaPrice.exe;c:\program files (x86)\GorillaPrice\GorillaPrice.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\drivers\amdiox64.sys;c:\windows\SYSNATIVE\drivers\amdiox64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys;c:\windows\SYSNATIVE\drivers\Smb_driver.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TrueService;TrueAPI Service component;c:\program files\Common Files\AuthenTec\TrueService.exe;c:\program files\Common Files\AuthenTec\TrueService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass\TrueSuiteService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 WatGorp;WatGorp;c:\programdata\GorillaPrice\WatGorp.exe;c:\programdata\GorillaPrice\WatGorp.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys;c:\windows\SYSNATIVE\drivers\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys;c:\windows\SYSNATIVE\drivers\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 19:51]
.
2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 18:55]
.
2013-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 18:55]
.
2013-08-31 c:\windows\Tasks\HPCeeScheduleForJones.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-06 1425408]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\Jones\AppData\Roaming\Mozilla\Firefox\Profiles\wczi21wh.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={EAC2F7FE-41DB-491D-896F-3BF198D9D324}&mid=cde2f2c3faf047d3a29cf9db0cf82692-0f3e6c02e693a2a5d56b9002d885acec440f3a59&lang=en&ds=AVG&pr=fr&d=2013-08-26 11:01&v=15.6.1.2&pid=safeguard&sg=0&sap=hp
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=U039DF&PC=U039&dt=071313&q=
FF - ExtSQL: 2013-08-09 21:23; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-08-26 11:01; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.6.1.2
FF - ExtSQL: !HIDDEN! 2012-10-15 18:49; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file)
Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file)
WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Xilisoft AVI to DVD Converter - c:\program files (x86)\Xilisoft\AVI to DVD Converter\Uninstall.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2013-08-31 22:12:38 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-01 02:12
.
Pre-Run: 511,976,194,048 bytes free
Post-Run: 514,741,755,904 bytes free
.
- - End Of File - - 5695CEAF1A1114FC0643DD7416BA09AE
A36C5E4F47E84449FF07ED3517B43A31

dVOURE · Aug 31, 2013

How much longer will you be awake? I have some errands I have to run and was wondering if you'd still be able to help when I get back.

Broni · Aug 31, 2013

I should be around for couple more hours.

You can reinstall AVG now.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

dVOURE · Sep 1, 2013

I'm back, will be sending all the logs ASAP.

dVOURE · Sep 1, 2013

# AdwCleaner v3.001 - Report created 01/09/2013 at 01:10:38
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jones - JONES-HP
# Running from : C:\Users\Jones\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Jones\AppData\Local\Conduit
Folder Deleted : C:\Users\Jones\AppData\Local\cre
Folder Deleted : C:\Users\Jones\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jones\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Jones\AppData\LocalLow\Toolbar4
File Deleted : C:\Users\Jones\AppData\Roaming\Mozilla\Firefox\Profiles\wczi21wh.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Jones\AppData\Roaming\Mozilla\Firefox\Profiles\wczi21wh.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

*************************

AdwCleaner[R0].txt - [10823 octets] - [01/09/2013 01:09:49]
AdwCleaner[S0].txt - [10351 octets] - [01/09/2013 01:10:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10412 octets] ##########

dVOURE · Sep 1, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.6 (08.30.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jones on Sun 09/01/2013 at 1:17:17.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3220468
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3282134
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1949D522-5E6E-4D27-98B0-6EEC20C66534}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B072F062-28D5-4EEC-A34C-252238B85B7E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{1949D522-5E6E-4D27-98B0-6EEC20C66534}

~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho4447.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE167.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoE1CA.tmp

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Jones\appdata\local\{72404BFE-F49A-4DDC-ACFC-0C160CC9964D}
Successfully deleted: [Empty Folder] C:\Users\Jones\appdata\local\{C4C0402A-07D4-4635-8AA5-9A5C65D606F9}
Successfully deleted: [Empty Folder] C:\Users\Jones\appdata\local\{DC268CBE-FD63-48A6-9B03-84A471616005}

~~~ FireFox

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{c7ae725d-fa5c-4027-bb4c-787ef9f8248a}
Successfully deleted the following from C:\Users\Jones\AppData\Roaming\mozilla\firefox\profiles\wczi21wh.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://mysearch.avg.com/?cid={EAC2F7FE-41DB-491D-896F-3BF198D9D324}&mid=cde2f2c3faf047d3a29cf9db0cf82692-0f3e6c02e693a2a5d56b9002d885ace
Emptied folder: C:\Users\Jones\AppData\Roaming\mozilla\firefox\profiles\wczi21wh.default\minidumps [9 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 09/01/2013 at 1:25:52.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

dVOURE · Sep 1, 2013

OTL logfile created on: 9/1/2013 1:43:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jones\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.47 Gb Total Physical Memory | 3.63 Gb Available Physical Memory | 66.34% Memory free
10.94 Gb Paging File | 8.62 Gb Available in Paging File | 78.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576.32 Gb Total Space | 483.73 Gb Free Space | 83.93% Space Free | Partition Type: NTFS
Drive D: | 19.55 Gb Total Space | 2.12 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
Drive F: | 99.00 Mb Total Space | 83.44 Mb Free Space | 84.28% Space Free | Partition Type: FAT32

Computer Name: JONES-HP | User Name: Jones | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/01 01:02:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jones\Desktop\OTL.exe
PRC - [2013/08/28 17:47:18 | 001,811,880 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/08/28 17:47:18 | 000,563,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/08/24 15:26:02 | 000,120,832 | ---- | M] () -- C:\ProgramData\GorillaPrice\WatGorp.exe
PRC - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/07/25 13:40:02 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2013/02/07 09:20:20 | 001,641,768 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
PRC - [2013/02/07 09:20:08 | 003,695,912 | ---- | M] (AuthenTec Inc.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe
PRC - [2013/02/07 09:19:54 | 004,073,768 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
PRC - [2012/11/05 17:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2012/08/31 10:02:03 | 007,553,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/08/31 10:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/08/31 09:55:18 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/03/05 16:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 16:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/02/21 17:03:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/19 17:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

========== Modules (No Company Name) ==========

MOD - [2013/08/28 17:47:20 | 001,120,680 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/08/21 18:18:28 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/08/15 19:30:05 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\9e38ddbb3a90cc3e782a0640788b1fcb\System.Core.ni.dll
MOD - [2013/08/15 19:21:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/15 19:21:52 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 19:21:30 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\439eb22c3f6967beb8a3364626883423\System.Xml.ni.dll
MOD - [2013/08/15 19:21:22 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/07 15:31:06 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/07/10 03:51:26 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/07/10 03:43:14 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/14 19:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 19:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 19:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/02/07 09:19:54 | 004,073,768 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
MOD - [2010/11/20 23:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/07 23:31:42 | 000,401,856 | ---- | M] (AuthenTec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\AuthenTec\TrueService.exe -- (TrueService)
SRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/09/12 17:20:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/03/21 20:36:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/03/06 00:04:18 | 000,314,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/08/28 17:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/08/24 15:26:02 | 000,120,832 | ---- | M] () [Auto | Running] -- C:\ProgramData\GorillaPrice\WatGorp.exe -- (WatGorp)
SRV - [2013/08/21 15:51:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/16 22:56:09 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/25 13:40:02 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/07/25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/07 09:20:20 | 001,641,768 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/31 10:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/03/05 16:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/10 01:32:38 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/24 13:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/11 14:41:29 | 000,428,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/06/23 06:23:38 | 000,199,008 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/19 20:41:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/04/19 20:41:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/21 21:04:24 | 010,826,240 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/21 19:35:26 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/10 00:41:16 | 000,685,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/03/08 15:43:14 | 000,293,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/03/06 21:31:26 | 002,808,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/06 00:04:18 | 000,536,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/03/01 21:39:36 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/02 04:54:56 | 000,031,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2012/02/01 20:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/14 08:05:54 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/12/13 08:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/12/13 08:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/12/06 07:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/26 15:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/10/26 15:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{1949D522-5E6E-4D27-98B0-6EEC20C66534}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/I.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/I.html?_nkw={searchTerms}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2950632259-3785651587-3554629336-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U039&ocid=U039DHP&dt=071313
IE - HKU\S-1-5-21-2950632259-3785651587-3554629336-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2950632259-3785651587-3554629336-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/I.html?_nkw={searchTerms}
IE - HKU\S-1-5-21-2950632259-3785651587-3554629336-1001\..\SearchScopes\CC867947F04F4DF2A41C4E90DC6DF7BA: "URL" = http://mysearch.avg.com/search?cid=...cec440f3a59&lang=en&ds=AVG&pr=fr&d=2013-05-25 00:33:18&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2950632259-3785651587-3554629336-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2950632259-3785651587-3554629336-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..extensions.enabledAddons: %7Ba131ab52-77f3-4bd7-acc7-e2dfdfd298f0%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=U039DF&PC=U039&dt=071313&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@authentec.com/ffwloplugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Jones\AppData\Roaming\CATALI~3\NPBCSK~2.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/15 18:49:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}: C:\Users\Jones\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi [2013/08/13 13:21:26 | 000,003,752 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/15 18:49:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/07/13 19:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jones\AppData\Roaming\Mozilla\Extensions
[2012/09/03 21:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jones\AppData\Roaming\Mozilla\Firefox\extensions
[2012/09/03 21:59:10 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Jones\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/08/31 13:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jones\AppData\Roaming\Mozilla\Firefox\Profiles\wczi21wh.default\extensions
[2013/07/13 19:54:12 | 000,002,402 | ---- | M] () -- C:\Users\Jones\AppData\Roaming\Mozilla\Firefox\Profiles\wczi21wh.default\searchplugins\bingp.xml
[2013/08/26 11:01:28 | 000,003,723 | ---- | M] () -- C:\Users\Jones\AppData\Roaming\Mozilla\Firefox\Profiles\wczi21wh.default\searchplugins\safeguard-secure-search.xml
[2013/08/16 22:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/23 04:59:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/16 22:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/23 04:59:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/16 22:56:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/08/13 13:21:26 | 000,003,752 | ---- | M] () (No name found) -- C:\USERS\JONES\APPDATA\ROAMING\MOZILLA\FIREFOX\{A131AB52-77F3-4BD7-ACC7-E2DFDFD298F0}.XPI

O1 HOSTS File: ([2013/08/31 21:58:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
O3 - HKU\S-1-5-21-2950632259-3785651587-3554629336-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2950632259-3785651587-3554629336-1001..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe (AppEx Networks Corporation)
O4 - HKU\S-1-5-21-2950632259-3785651587-3554629336-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2950632259-3785651587-3554629336-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2950632259-3785651587-3554629336-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2950632259-3785651587-3554629336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2950632259-3785651587-3554629336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/sto...sPage&SiteID=hpappli&Locale=en_US&keywords=%w
O7 - HKU\S-1-5-21-2950632259-3785651587-3554629336-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Marketplace (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

dVOURE · Sep 1, 2013

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5FF702D-1DFA-4A5A-AC70-4501DD0E1545}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/01 01:17:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/01 01:09:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/01 01:05:52 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\AVG2013
[2013/09/01 01:05:02 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\TuneUp Software
[2013/09/01 01:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/01 01:03:42 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/09/01 01:02:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jones\Desktop\OTL.exe
[2013/09/01 01:02:24 | 001,027,511 | ---- | C] (Thisisu) -- C:\Users\Jones\Desktop\JRT.exe
[2013/09/01 01:00:03 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Local\MFAData
[2013/09/01 01:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/08/31 21:58:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/08/31 21:38:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/31 21:38:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/31 21:38:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/31 21:38:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/31 21:38:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/31 21:18:48 | 011,850,200 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Jones\Desktop\AppRemover.exe
[2013/08/31 21:14:23 | 000,000,000 | ---D | C] -- C:\FRST
[2013/08/31 21:13:57 | 001,589,860 | ---- | C] (Farbar) -- C:\Users\Jones\Desktop\FRST64.exe
[2013/08/31 21:12:27 | 005,115,930 | R--- | C] (Swearware) -- C:\Users\Jones\Desktop\ComboFix.exe
[2013/08/31 19:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/08/31 19:45:57 | 000,000,000 | ---D | C] -- C:\Users\Jones\Desktop\mbar
[2013/08/31 19:34:57 | 000,000,000 | ---D | C] -- C:\Users\Jones\Desktop\RK_Quarantine
[2013/08/31 15:43:04 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\Malwarebytes
[2013/08/31 15:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/31 15:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/31 15:43:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/31 15:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/31 15:25:46 | 000,000,000 | ---D | C] -- C:\Users\Jones\Documents\pay 4_files
[2013/08/31 15:25:34 | 000,000,000 | ---D | C] -- C:\Users\Jones\Documents\pay 3_files
[2013/08/31 15:25:15 | 000,000,000 | ---D | C] -- C:\Users\Jones\Documents\pay 2_files
[2013/08/31 15:25:00 | 000,000,000 | ---D | C] -- C:\Users\Jones\Documents\pay 1_files
[2013/08/30 19:47:48 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\Open Download Manager
[2013/08/30 19:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\GorillaPrice
[2013/08/16 22:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/09 21:23:21 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\Skype
[2013/08/09 21:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/08/09 21:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/08/09 21:23:14 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/01 01:40:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/01 01:20:39 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/01 01:20:39 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/01 01:19:25 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/01 01:19:25 | 000,660,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/01 01:19:25 | 000,121,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/01 01:13:35 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/01 01:12:50 | 110,907,391 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/01 01:05:02 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/09/01 01:02:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jones\Desktop\OTL.exe
[2013/09/01 01:02:25 | 001,027,511 | ---- | M] (Thisisu) -- C:\Users\Jones\Desktop\JRT.exe
[2013/09/01 01:01:58 | 000,994,642 | ---- | M] () -- C:\Users\Jones\Desktop\adwcleaner.exe
[2013/09/01 00:57:48 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/01 00:57:37 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/31 21:58:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/31 21:18:52 | 011,850,200 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Jones\Desktop\AppRemover.exe
[2013/08/31 21:13:57 | 001,589,860 | ---- | M] (Farbar) -- C:\Users\Jones\Desktop\FRST64.exe
[2013/08/31 21:12:27 | 005,115,930 | R--- | M] (Swearware) -- C:\Users\Jones\Desktop\ComboFix.exe
[2013/08/31 15:43:02 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/31 15:25:46 | 000,039,340 | ---- | M] () -- C:\Users\Jones\Documents\pay 4.htm
[2013/08/31 15:25:34 | 000,039,340 | ---- | M] () -- C:\Users\Jones\Documents\pay 3.htm
[2013/08/31 15:25:16 | 000,039,339 | ---- | M] () -- C:\Users\Jones\Documents\pay 2.htm
[2013/08/31 15:25:01 | 000,039,338 | ---- | M] () -- C:\Users\Jones\Documents\pay 1.htm
[2013/08/31 12:36:24 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJones.job
[2013/08/31 11:29:09 | 000,000,024 | ---- | M] () -- C:\Users\Jones\random.dat
[2013/08/30 19:25:18 | 000,000,044 | ---- | M] () -- C:\Users\Jones\jagex_cl_oldschool_LIVE.dat
[2013/08/19 22:30:08 | 000,000,044 | ---- | M] () -- C:\Users\Jones\jagex_cl_runescape_LIVE.dat
[2013/08/16 13:08:16 | 578,086,321 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/14 16:33:01 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/08/12 16:50:27 | 000,893,239 | ---- | M] () -- C:\Users\Jones\AppData\Local\a.zip
[2013/08/09 21:23:15 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/01 01:05:02 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/09/01 01:01:58 | 000,994,642 | ---- | C] () -- C:\Users\Jones\Desktop\adwcleaner.exe
[2013/08/31 21:38:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/31 21:38:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/31 21:38:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/31 21:38:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/31 21:38:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/31 15:43:02 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/31 15:25:46 | 000,039,340 | ---- | C] () -- C:\Users\Jones\Documents\pay 4.htm
[2013/08/31 15:25:34 | 000,039,340 | ---- | C] () -- C:\Users\Jones\Documents\pay 3.htm
[2013/08/31 15:25:15 | 000,039,339 | ---- | C] () -- C:\Users\Jones\Documents\pay 2.htm
[2013/08/31 15:25:00 | 000,039,338 | ---- | C] () -- C:\Users\Jones\Documents\pay 1.htm
[2013/08/09 21:23:15 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/29 18:40:22 | 000,000,044 | ---- | C] () -- C:\Users\Jones\jagex_cl_oldschool_LIVE.dat
[2013/06/13 01:20:15 | 000,893,239 | ---- | C] () -- C:\Users\Jones\AppData\Local\a.zip
[2012/11/24 03:41:13 | 000,000,045 | ---- | C] () -- C:\Users\Jones\jagex_cl_runescape_LIVE1.dat
[2012/10/15 18:45:42 | 000,223,096 | ---- | C] () -- C:\Windows\hpwins24.dat
[2012/10/15 18:45:42 | 000,001,758 | ---- | C] () -- C:\Windows\hpwmdl24.dat
[2012/10/12 19:09:21 | 000,000,049 | ---- | C] () -- C:\Users\Jones\jagex_cl_runescape_LIVE_BETA.dat
[2012/09/03 23:55:04 | 000,049,569 | -HS- | C] () -- C:\Users\Jones\AlbumArt_{7050783A-0BD9-40A6-B30C-A81144905190}_Large.jpg
[2012/09/03 23:55:04 | 000,009,495 | -HS- | C] () -- C:\Users\Jones\AlbumArt_{7050783A-0BD9-40A6-B30C-A81144905190}_Small.jpg
[2012/09/03 23:54:52 | 000,049,569 | -HS- | C] () -- C:\Users\Jones\Folder.jpg
[2012/09/03 23:54:52 | 000,009,495 | -HS- | C] () -- C:\Users\Jones\AlbumArtSmall.jpg
[2012/09/03 23:53:56 | 000,093,801 | ---- | C] () -- C:\Users\Jones\_____padding_file_11_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:52 | 000,165,920 | ---- | C] () -- C:\Users\Jones\_____padding_file_9_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:48 | 000,064,351 | ---- | C] () -- C:\Users\Jones\_____padding_file_1_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:42 | 000,219,592 | ---- | C] () -- C:\Users\Jones\_____padding_file_7_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:42 | 000,174,793 | ---- | C] () -- C:\Users\Jones\_____padding_file_2_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:42 | 000,153,887 | ---- | C] () -- C:\Users\Jones\_____padding_file_5_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:22 | 000,216,921 | ---- | C] () -- C:\Users\Jones\_____padding_file_13_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:15 | 000,242,360 | ---- | C] () -- C:\Users\Jones\_____padding_file_8_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:07 | 000,195,439 | ---- | C] () -- C:\Users\Jones\_____padding_file_10_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:05 | 000,085,919 | ---- | C] () -- C:\Users\Jones\_____padding_file_3_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:52:57 | 000,020,944 | ---- | C] () -- C:\Users\Jones\_____padding_file_4_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:52:54 | 000,194,320 | ---- | C] () -- C:\Users\Jones\_____padding_file_12_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:52:53 | 000,240,018 | ---- | C] () -- C:\Users\Jones\_____padding_file_6_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:52:40 | 000,204,744 | ---- | C] () -- C:\Users\Jones\_____padding_file_0_if you see this file, please update to BitComet 0.85 or above____
[2012/08/10 23:47:14 | 000,000,044 | ---- | C] () -- C:\Users\Jones\jagex_cl_runescape_LIVE.dat
[2012/08/10 23:47:14 | 000,000,024 | ---- | C] () -- C:\Users\Jones\random.dat
[2012/08/10 00:35:36 | 000,017,408 | ---- | C] () -- C:\Users\Jones\AppData\Local\WebpageIcons.db
[2012/07/16 10:28:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/19 21:05:33 | 000,773,940 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/21 19:58:00 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/21 19:58:00 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/13 10:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/10 12:58:58 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/06/10 12:58:58 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/07/28 21:56:57 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\AnvSoft
[2013/09/01 01:05:52 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\AVG2013
[2012/12/01 16:50:12 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Catalina Marketing Corp
[2013/02/25 19:52:06 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Catalina Marketing France
[2013/06/13 01:20:14 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Catalina – Print Savings
[2013/05/25 00:23:27 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Dropbox
[2013/07/13 20:17:28 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\DVDVideoSoft
[2013/01/22 04:59:35 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\IDT
[2012/09/17 21:30:55 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\LolClient
[2013/08/31 11:30:51 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Open Download Manager
[2013/05/25 03:12:05 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Riot Games
[2012/08/09 20:56:13 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Synaptics
[2013/05/28 12:20:01 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\TeamViewer
[2012/09/17 18:24:47 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\TP
[2013/09/01 01:05:02 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\TuneUp Software
[2013/09/01 01:14:29 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\uTorrent
[2012/11/17 23:51:45 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\WildTangent
[2012/08/09 20:57:48 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Windows Live Writer
[2013/07/28 21:43:44 | 000,000,000 | ---D | M] -- C:\Users\Jones\AppData\Roaming\Xilisoft

========== Purity Check ==========

< End of report >

dVOURE · Sep 1, 2013

OTL Extras logfile created on: 9/1/2013 1:43:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jones\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.47 Gb Total Physical Memory | 3.63 Gb Available Physical Memory | 66.34% Memory free
10.94 Gb Paging File | 8.62 Gb Available in Paging File | 78.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576.32 Gb Total Space | 483.73 Gb Free Space | 83.93% Space Free | Partition Type: NTFS
Drive D: | 19.55 Gb Total Space | 2.12 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
Drive F: | 99.00 Mb Total Space | 83.44 Mb Free Space | 84.28% Space Free | Partition Type: FAT32

Computer Name: JONES-HP | User Name: Jones | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2950632259-3785651587-3554629336-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CC1C6D-FB8B-4DB7-99E1-DF6CD7E53F9F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{01106055-D45E-4705-BC95-6361D0F20111}" = rport=139 | protocol=6 | dir=out | app=system |
"{24289FF0-F881-474C-BD8A-67A6A2DA3921}" = lport=10243 | protocol=6 | dir=in | app=system |
"{268CDA8E-5A0C-42A6-840F-C52EAC9F4D32}" = rport=137 | protocol=17 | dir=out | app=system |
"{3725A35A-BE76-4201-9EB1-DB7C6DC5423C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3BCC8C42-591B-441D-83AC-51FB439EF550}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3BD1ACA3-1400-45FD-AE61-489F9F02EAB5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41814D89-813F-40B8-A476-9012D8D91803}" = lport=445 | protocol=6 | dir=in | app=system |
"{597B7C8F-04A6-4622-85BA-F7B227380DFE}" = rport=445 | protocol=6 | dir=out | app=system |
"{610C74CB-049D-4163-A694-1EBE7DF71C9F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87100131-41B7-436A-9A84-EC6C293EE822}" = rport=10243 | protocol=6 | dir=out | app=system |
"{88B6CA6B-766E-4B17-A822-0BDCC2CF8EBF}" = rport=138 | protocol=17 | dir=out | app=system |
"{8D8C0C9C-54A5-4E6A-8093-C931AD39CAD7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B68BFF2F-AE44-4B96-A664-45AAEA917674}" = lport=137 | protocol=17 | dir=in | app=system |
"{BDA11C85-6E45-4A52-B956-97AE91454726}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BEB3A1BA-118F-4C6D-A9E6-99FC36D0928D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BF5D94B1-E60D-449C-8700-25D619B063D8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C6957E17-F258-4AF6-970A-0F9FB019A51C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CADBA08A-3D58-4603-BE60-9131694C8CA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE09A218-276F-4C63-96BF-73561221DD81}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D39CE194-93A5-440B-8DA8-D8E333696EBF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC6A8310-FA42-489A-9AD8-13F97C506F29}" = lport=139 | protocol=6 | dir=in | app=system |
"{E08325F5-F736-4A14-BCED-90E9586BD701}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E3A43689-829F-4BC4-93F4-B869BE7E7673}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F0FB9C07-2D35-496C-B3F6-B1664D1AE9F5}" = lport=138 | protocol=17 | dir=in | app=system |
"{FA334842-93E3-4C4E-A7FB-CB6B376009F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034D8360-B6D8-4039-93A0-C43F37E63156}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{03A4AB92-466C-4BF4-ACE2-68446182E6FD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{04B4492D-2F40-4E44-9E3C-E4E075EF1A59}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |

dVOURE · Sep 1, 2013

"{098BDD1B-E5F7-4D93-90BC-232B2784D02F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{0B9911E3-5A31-42DB-91EB-5B67618D8AB5}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{0E9EFB6A-9EEE-4ABA-94D6-20810166CD78}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{11123D50-DFF5-49F8-8290-A49B60E9ABEE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{12BD7573-3B20-4C2B-846F-831E774C2CAE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1AC7B2C3-B17D-44A5-B4D3-3BE5D2A02A4C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1F8F71DD-712F-4E70-A1B6-07D2ED5F38F0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{1FE8BFA9-C866-4B5F-8FD9-31D20D306F39}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{2286540F-033A-4982-B4BD-51A0BB02DBCC}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{22B656DA-DB3B-4D51-A980-FCEDFDCA87F5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{25041BC5-0868-4F5D-B2A4-3B6AA20644A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mtj_89\counter-strike source\hl2.exe |
"{277B039B-6F4A-4248-B897-C512578CE0BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{27E8458F-3B7B-4DAE-94A6-3AF210417D7F}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{2ACD944A-7245-4B99-9173-A811AB1F440F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2AD10E9E-8D20-450F-9BA7-D3E6840E915B}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2B5DDE3D-D273-4025-88A0-2DB18284599D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E8878BC-E5C7-43D3-8FD3-8AB866365071}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3220A3B7-7943-41A8-A115-DB5F614311F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{3412D68F-5F19-4D92-9F04-2341256BDC22}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{406C44CE-41A7-4C82-89D5-596BFA3309FF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{40C08F89-820E-43D8-BA49-FF675DF8EE0C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{43D4872B-C888-4E2F-9F99-A9603097C1E4}" = protocol=6 | dir=out | app=system |
"{451C0661-6466-4D38-9EF6-DC27396F1831}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{452E73E6-464B-45A3-9143-5705BF632D44}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{468C4525-76D7-4C4A-BC65-7838830C52C9}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{479FE281-3414-4FF2-82D6-E53F970103ED}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{5B7A6A8C-DE53-4B48-A2A5-673CEFD1E0EB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{5E684427-112E-4A1C-AFF9-78E49BB230D6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe |
"{61E9CC02-F10A-40F8-8992-5D75F580A82F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{668096EE-8B79-4D36-9E6E-E85DC83A36B2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6870BAE3-375B-40C9-9007-092CA011E67C}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe |
"{69F063E5-D68B-4C59-BD22-FC49DC3B28A4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mtj_89\counter-strike\hl.exe |
"{6BF26DB0-B730-43D6-A1E6-22BA7CE60463}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6D56F8C7-3CF4-4CB3-B68F-7530BD07E9A9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{75BFED39-F724-4B31-B601-D98189CD1D48}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{7C4B30EF-F421-4C29-B84E-E25C8E41B9A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C797A7B-B8EC-4ACC-B8E6-291FE974EECB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7FFBB1FB-22FF-4423-A310-C131A11FC2EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{810BC50C-B208-433B-A3F5-061BB2C2F93A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{81283B3A-101F-4203-A3A1-9D4BBDAFDABA}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{86CA538B-2C68-4EB5-806B-BEB39B5B0ADB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{8A4BBBA2-350F-4DE7-8250-68AEFF9AC8AA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{99CB4913-B517-4307-8881-C4ABEC71585F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mtj_89\counter-strike\hl.exe |
"{9B0AF128-648A-4AE3-BD68-7EFFE811CE83}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{9B5E6BBD-5685-4600-A698-71FE6553DEAF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mtj_89\counter-strike source\hl2.exe |
"{A37B621D-D6A7-47BA-A969-F32FE8D5CB69}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A9E8521D-7055-4E34-BEBD-2B24673D36F0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B1A1666E-9773-4BEF-982C-3400E2A2F19C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B38B3689-89A7-4555-BDFE-7DEA12BC6929}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{B38D7376-33D2-4B37-97FF-F4CC0B4E3A22}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B6C6D917-1B36-4A5F-9F9E-407CEE3AD7C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{BAD6B7B3-E005-4D80-9C31-E69609268FE7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{C11E824D-E305-4979-87FB-407676DBA522}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C286E0FE-2927-4FD8-B1E8-DCC17125D3CE}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C74C9B12-6FAE-4AAF-B248-B1E98AEFBE0F}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{CC1AB3C2-F38A-45E1-B4C1-3C88E1109D23}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{CCC7AEC4-E6B4-4132-958A-E096A059B62D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D0D1495B-EA6F-41DB-ABE1-DCDFE70A36BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D18183BB-118A-412C-BA56-1ADC9A443742}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{DBF5EECC-29A1-43D2-8A9D-280151C96F7B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DC06BCC1-0C22-45CF-AC2D-D5E087AD1B87}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{DF56B43A-1645-41E3-9834-5E4C0C837AC0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe |
"{E7265420-9A37-466B-ABEE-1DE63933B051}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E8133ED7-C243-4728-B2E0-312C124A4512}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E8CBA7FA-7D8C-406C-841D-064B43A513D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EDF5DA6D-EE0E-488F-9260-1A35C2A09FD7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EDFB3784-E532-4769-B765-82CF4BE68F5A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EE90C3BC-CDFC-4FF6-B479-78B28C875376}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{F227B39B-3DAF-4B20-BB35-1D1F408EC4C9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{F5FD72FF-89FE-4948-99D8-D520F3B5BE7E}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{F6DFDF93-59EA-406B-ABA3-19BEFE9EDCFF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{F9A20EC2-7906-4F59-9432-08D937DFBBCD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FB2BA599-9B0F-4F11-AC04-813739754383}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{FCD32CC6-FDDA-4A9F-909F-F5050355E026}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FCDF72D7-A072-4452-B498-F797188ED3EC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{FD1BB72F-BE68-4679-8F02-E1FADC244F75}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{61539919-6D3F-4701-BB87-36E066109F81}C:\program files (x86)\steam\steamapps\d3tached\source sdk base 2007\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\d3tached\source sdk base 2007\hl2.exe |
"TCP Query User{7940AA3B-0666-481C-9AEA-AF2B0FDE2812}C:\program files (x86)\steam\steamapps\d3tached\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\d3tached\counter-strike source\hl2.exe |
"TCP Query User{800E09DB-180A-4E5D-932A-B40323EDF9E9}C:\users\jones\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jones\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{D9203C1B-5B8E-4D68-AF2A-9DC62E699735}C:\program files (x86)\steam\steamapps\mtj_89\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\mtj_89\counter-strike source\hl2.exe |
"UDP Query User{074FD739-7587-43F6-90F1-2E0901145B25}C:\program files (x86)\steam\steamapps\d3tached\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\d3tached\counter-strike source\hl2.exe |
"UDP Query User{45140C43-7809-404B-A96B-10B7E9B1E856}C:\program files (x86)\steam\steamapps\d3tached\source sdk base 2007\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\d3tached\source sdk base 2007\hl2.exe |
"UDP Query User{7892969F-046F-457A-9C1E-B227C24DF549}C:\users\jones\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jones\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{9F2F6736-F642-43E0-8B82-3F04CC20802A}C:\program files (x86)\steam\steamapps\mtj_89\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\mtj_89\counter-strike source\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CE7EBAF-157D-4111-9146-057CB2A4023E}" = HP Application Assistant
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1AB4DB8C-4123-45DC-B896-C67990F76DA4}" = HP Deskjet 1050 J410 series Product Improvement Study
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{21C069A6-6934-4EF1-92C9-CC6CFF1416A0}" = Catalina Savings Printer
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}" = HP Deskjet 1050 J410 series Basic Device Software
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}" = AVG 2013
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}" = HP 3D DriveGuard
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5E015E15-F7AD-3379-523F-AD63C0CB9E71}" = AMD Steady Video Plug-In
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6B02D047-A56D-4994-B1F1-53DA6B9885AB}" = AVG 2013
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7791308C-85FB-43B9-93F2-7DE9CB7D5C4A}" = HP Officejet 6000 E609 Series
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95009A04-13FD-75A8-7D9A-AB5B228F9E58}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B585F99A-8B0A-5A9F-9DBC-FA316125E352}" = AMD Fuel
"{B5C18BDD-E8B1-DCAC-49C6-22EDB83C3052}" = AMD Catalyst Install Manager
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D8360C56-B89D-47AA-91A5-8D27A20844FB}" = Validity WBF DDK
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E9E59F77-4A98-BAD9-2B65-0AB24E6A7085}" = AMD Accelerated Video Transcoding
"{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream
"{EBC0CC3F-B7A1-4FC8-8014-4C7BFD3925E8}" = AuthenTec TrueAPI 64-bit
"{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}" = HP Security Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AVG" = AVG 2013
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{019E7B07-15F1-4108-0270-A5F1E70E9446}" = AMD VISION Engine Control Center
"{01C72DC9-CC10-9D05-2365-51153230172F}" = CCC Help Chinese Traditional
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D83FCDE-8CAF-45E6-907D-6AF8E2A5EE01}" = HP Documentation
"{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding
"{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}" = HP CoolSense
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BDC277E-DD29-9F9F-96B6-5DB9E95B0DD6}" = CCC Help Spanish
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FC5B3C5-B333-8E1A-3949-3F3D1885986E}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34C821CA-6B55-44A0-8A9B-2EF471D6019E}" = HP SimplePass
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{3EC62F67-DDFA-434C-9610-1FDF71B8F1D4}" = BPDSoftware_Ini
"{3ECDC580-D67C-BB45-29A3-865071DEE145}" = CCC Help Norwegian
"{3F120E2E-D643-EC07-C86E-BE652E8B8625}" = Catalyst Control Center Localization All
"{438363A8-F486-4C37-834C-4955773CB3D3}" = HP Setup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{4F34A145-8CF3-400C-B5DB-2B1BF604304D}" = ESU for Microsoft Windows 7 SP1
"{4F7953DD-CE63-F731-69C9-1A90B094E74E}" = CCC Help French
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5CF87D29-E15F-CAEA-AD71-E66EA24C0596}" = CCC Help Turkish
"{5F6262FF-846F-2300-98E2-8219C0E22432}" = CCC Help Thai
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{675D093B-815D-47FD-AB2C-192EC751E8E2}" = HP Software Framework
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{709FA951-97D1-E966-5B9E-2DA3B2C8F36F}" = CCC Help English
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71465FBA-A9CE-CD08-26EC-1327E0426A1D}" = CCC Help Danish
"{71CEED82-6D60-4DB7-A351-3564A87F7C96}" = 6000E609_eDocs
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87D90029-F238-73CB-962D-0D94905B472B}" = CCC Help Finnish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A417182-D417-2CAF-27A0-8053D2800D04}" = CCC Help German
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D2F7DB2-C8A0-7A69-6266-F9B748E4FC1B}" = CCC Help Dutch
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D9E1089-F642-5845-E8DA-EDD29B4CEF8D}" = CCC Help Polish
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive
"{C366F693-0FD8-1F4D-6A4B-775E35AD74B3}" = CCC Help Japanese
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C42516FF-6519-3923-498B-4E654745E697}" = CCC Help Hungarian
"{C5822A33-E656-D87A-7230-A8FF936C8F01}" = CCC Help Greek
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C809442E-31F0-418C-A929-74453B741A7B}" = ProductContext
"{C8174A6E-4EF6-4696-FCD2-FF973BC2BC06}" = CCC Help Italian
"{CBE7EB3D-FBD9-4c74-8156-082D055C0354}" = BPDSoftware
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFE97F56-C907-A2B5-C8A3-A3A138726F77}" = CCC Help Czech
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D39DC70A-A743-6ED4-1185-78C5A98B8826}" = CCC Help Portuguese
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D465F44F-29FF-4A7A-A114-427E44C355DE}" = 6000E609n
"{DA0F8B56-B0F5-E3DD-A15F-91DF106023C7}" = Catalyst Control Center InstallProxy
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E453D9D4-155E-7739-E726-B758CBFA5349}" = CCC Help Chinese Standard
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F102CB97-AB7D-46DD-5ED3-71B5F2C88D63}" = CCC Help Korean
"{F3E4EE33-42E2-17E9-569F-E1405053CDA9}" = CCC Help Russian
"{F4BD608A-8296-43DA-A400-1E8432AB1304}" = 6000E609_Help
"{F71D194E-9E99-616D-835E-9A764788182B}" = CCC Help Swedish
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCD6D60F-AF2B-49E3-ABC4-A4C96B56225D}" = Blio
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Any Video Converter_is1" = Any Video Converter 5.0.7
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"Coupon Printer for Windows5.0.0.3" = Coupon Printer for Windows
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GorillaPrice" = GorillaPrice
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"League of Legends 3.0.0" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Steam App 10" = Counter-Strike
"Steam App 218" = Source SDK Base 2007
"Steam App 240" = Counter-Strike: Source
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 745" = Counter-Strike: Global Offensive - SDK
"TeamViewer 7" = TeamViewer 7
"uTorrent" = µTorrent
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-1199984f-1891-46cf-9a8a-b9a7f6590774" = Dora's World Adventure
"WTA-2581c017-4c8b-4b1e-bfff-ed383ebe3023" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-3a1d7667-8464-4868-8316-685279ee343c" = Plants vs. Zombies - Game of the Year
"WTA-4e5b2817-ca6c-49c3-a53b-83d23ca77b5a" = Cradle of Rome 2
"WTA-4fc6b925-34b7-4dda-afc5-54cf8f4e24ba" = Jewel Match 3
"WTA-51c4d273-0fdc-4612-b520-2426f6353f2f" = Zuma's Revenge
"WTA-54772427-16a4-41b4-ae27-cff0ee1f9143" = Blackhawk Striker 2
"WTA-565512b8-3ff3-4a61-bb35-7a2d23e5e31d" = Poker Superstars III
"WTA-66d03af4-a54b-4a80-bc29-37fcf3970ddf" = Torchlight
"WTA-7746358d-1e3d-4ca9-8c8f-9f1ac482fcad" = RollerCoaster Tycoon 3: Platinum
"WTA-797ebfe2-2d94-40e5-a8a7-94b232db161e" = Farmscapes
"WTA-84d62483-666e-4853-bb85-735985cf4f46" = Polar Bowler
"WTA-864ade01-ee96-4b8c-ba45-be96cee06666" = Hoyle Card Games
"WTA-898e3280-b5cd-4fa5-b701-d750be0d3a55" = Bejeweled 3
"WTA-8aa4dec2-f210-49a7-9429-bacf4ce3b661" = Final Drive Fury
"WTA-947134b7-1607-480d-9219-ca5ef0da959d" = Luxor HD
"WTA-a47741f5-db3b-4619-a654-b3bf68ac2436" = Penguins!
"WTA-b6697d08-9c32-4527-bb60-6354790361ed" = Chuzzle Deluxe
"WTA-b6a60022-2103-48c3-a7ce-8dfe79178603" = Virtual Villagers 4 - The Tree of Life
"WTA-c054b585-0e66-460a-a5db-1f0f23b43016" = Mah Jong Medley
"WTA-d8aba20e-9961-43e8-9659-2358eb0d9543" = John Deere Drive Green
"WTA-ea5d95ce-25b9-45a1-b50c-5326a67ebd81" = Polar Golfer
"WTA-fbb61cdb-3bea-4eb1-a3cc-bb93f14427a1" = Farm Frenzy
"Xilisoft AVI to DVD Converter" = Xilisoft AVI to DVD Converter

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]
Error - 11/23/2012 12:19:50 PM | Computer Name = Jones-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
5600 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/23/2012 12:19:50 PM | Computer Name = Jones-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
5600 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/23/2012 12:19:52 PM | Computer Name = Jones-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
5600 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/23/2012 12:19:53 PM | Computer Name = Jones-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
5600 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/23/2012 12:19:57 PM | Computer Name = Jones-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
5600 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/23/2012 12:49:28 PM | Computer Name = Jones-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
5600 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/23/2012 3:52:11 PM | Computer Name = Jones-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
5600 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/23/2012 4:07:46 PM | Computer Name = Jones-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
5600 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/23/2012 4:07:46 PM | Computer Name = Jones-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
5600 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)

Error - 11/23/2012 4:07:46 PM | Computer Name = Jones-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261HPSF.exe at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Message: Object reference not set to an instance of an object. StackTrace:
at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
includeIgnored) Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01
Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
5600 Ram Utilization: 40 TargetSite: Void loadActiveCheckResult(Boolean)

[ HP Software Framework Events ]
Error - 8/31/2012 5:45:34 PM | Computer Name = Jones-HP | Source = CaslSmBios | ID = 5
Description = 2012/08/31 17:45:32.926|000005B0|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

[ System Events ]
Error - 9/1/2013 1:41:43 AM | Computer Name = Jones-HP | Source = Service Control Manager | ID = 7000
Description = The GorillaPrice service failed to start due to the following error:
%%2

Error - 9/1/2013 1:42:48 AM | Computer Name = Jones-HP | Source = Service Control Manager | ID = 7000
Description = The GorillaPrice service failed to start due to the following error:
%%2

Error - 9/1/2013 1:43:53 AM | Computer Name = Jones-HP | Source = Service Control Manager | ID = 7000
Description = The GorillaPrice service failed to start due to the following error:
%%2

Error - 9/1/2013 1:44:58 AM | Computer Name = Jones-HP | Source = Service Control Manager | ID = 7000
Description = The GorillaPrice service failed to start due to the following error:
%%2

Error - 9/1/2013 1:46:03 AM | Computer Name = Jones-HP | Source = Service Control Manager | ID = 7000
Description = The GorillaPrice service failed to start due to the following error:
%%2

Error - 9/1/2013 1:47:08 AM | Computer Name = Jones-HP | Source = Service Control Manager | ID = 7000
Description = The GorillaPrice service failed to start due to the following error:
%%2

Error - 9/1/2013 1:48:13 AM | Computer Name = Jones-HP | Source = Service Control Manager | ID = 7000
Description = The GorillaPrice service failed to start due to the following error:
%%2

Error - 9/1/2013 1:49:18 AM | Computer Name = Jones-HP | Source = Service Control Manager | ID = 7000
Description = The GorillaPrice service failed to start due to the following error:
%%2

Error - 9/1/2013 1:50:23 AM | Computer Name = Jones-HP | Source = Service Control Manager | ID = 7000
Description = The GorillaPrice service failed to start due to the following error:
%%2

Error - 9/1/2013 1:51:28 AM | Computer Name = Jones-HP | Source = Service Control Manager | ID = 7000
Description = The GorillaPrice service failed to start due to the following error:
%%2

< End of report >

Broni · Sep 1, 2013

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O3 - HKLM\..\Toolbar: (Coupons.com CouponBar) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll File not found
O3 - HKU\S-1-5-21-2950632259-3785651587-3554629336-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans....

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

dVOURE · Sep 2, 2013

After the fix, for some reason I can't find the text file as it exited once the computer rebooted. It closed itself. But it did say all processes killed and had a list of processes. I didn't have enough time to copy it before it closed.

Broni · Sep 2, 2013

Re-run the fix

dVOURE · Sep 2, 2013

Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (23.0.1)
Google Chrome 29.0.1547.62
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

dVOURE · Sep 2, 2013

This is the fix log:

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ not found.
Registry value HKEY_USERS\S-1-5-21-2950632259-3785651587-3554629336-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ not found.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ not found.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ not found.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jones
->Temp folder emptied: 1173776 bytes
->Temporary Internet Files folder emptied: 54602 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15532897 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 492 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9790 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 16.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Jones
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jones
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 09022013_001347

Files\Folders moved on Reboot...
C:\Users\Jones\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\Jones\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

dVOURE · Sep 2, 2013

Farbar Service Scanner Version: 28-08-2013
Ran by Jones (administrator) on 02-09-2013 at 00:19:42
Running from "C:\Users\Jones\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

dVOURE · Sep 2, 2013

Doing the ESET scan now. Looked at my programs list and Gorilla Price is still there. Is this right?

Broni · Sep 2, 2013

When done with Eset post fresh OTL log.

dVOURE · Sep 2, 2013

Is ESET free version better than AVG's?

dVOURE · Sep 2, 2013

Fresh OTL log as in another fix log? or another scan?

Broni · Sep 2, 2013

Another scan.

Eset doesn't have free AV program running in real time.

dVOURE · Sep 2, 2013

OTL logfile created on: 9/2/2013 8:54:22 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jones\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.47 Gb Total Physical Memory | 3.25 Gb Available Physical Memory | 59.43% Memory free
10.94 Gb Paging File | 8.51 Gb Available in Paging File | 77.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576.32 Gb Total Space | 481.71 Gb Free Space | 83.58% Space Free | Partition Type: NTFS
Drive D: | 19.55 Gb Total Space | 2.12 Gb Free Space | 10.85% Space Free | Partition Type: NTFS
Drive F: | 99.00 Mb Total Space | 83.44 Mb Free Space | 84.28% Space Free | Partition Type: FAT32

Computer Name: JONES-HP | User Name: Jones | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/01 01:02:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jones\Desktop\OTL.exe
PRC - [2013/08/24 15:26:02 | 000,120,832 | ---- | M] () -- C:\ProgramData\GorillaPrice\WatGorp.exe
PRC - [2013/08/21 15:51:21 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/08/16 22:56:09 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/07/25 13:40:02 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/12 17:46:20 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2013/02/19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2012/08/31 10:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/03/05 16:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

========== Modules (No Company Name) ==========

MOD - [2013/08/21 15:51:21 | 016,166,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/08/16 22:56:09 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2013/01/07 23:31:42 | 000,401,856 | ---- | M] (AuthenTec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\AuthenTec\TrueService.exe -- (TrueService)
SRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/09/12 17:20:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/03/21 20:36:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/03/06 00:04:18 | 000,314,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/08/28 17:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/08/24 15:26:02 | 000,120,832 | ---- | M] () [Auto | Running] -- C:\ProgramData\GorillaPrice\WatGorp.exe -- (WatGorp)
SRV - [2013/08/21 15:51:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/16 22:56:09 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/25 13:40:02 | 001,432,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/07/25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/07 09:20:20 | 001,641,768 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/31 10:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/03/05 16:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/10 01:32:38 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/20 11:07:38 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/01/10 15:08:16 | 000,139,768 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2013/01/10 15:08:14 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/09/24 13:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/11 14:41:29 | 000,428,304 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/06/23 06:23:38 | 000,199,008 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/19 20:41:30 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/04/19 20:41:30 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/21 21:04:24 | 010,826,240 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/21 19:35:26 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/10 00:41:16 | 000,685,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/03/08 15:43:14 | 000,293,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/03/06 21:31:26 | 002,808,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/06 00:04:18 | 000,536,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/03/01 21:39:36 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/02 04:54:56 | 000,031,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)
DRV:64bit: - [2012/02/01 20:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/14 08:05:54 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/12/13 08:52:44 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/12/13 08:52:44 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/12/06 07:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/10/26 15:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/10/26 15:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/28 12:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{1949D522-5E6E-4D27-98B0-6EEC20C66534}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/I.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/I.html?_nkw={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U039&ocid=U039DHP&dt=071313
IE - HKCU\..\SearchScopes,DefaultScope = CC867947F04F4DF2A41C4E90DC6DF7BA
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-3...://www.ebay.com/sch/I.html?_nkw={searchTerms}
IE - HKCU\..\SearchScopes\CC867947F04F4DF2A41C4E90DC6DF7BA: "URL" = http://mysearch.avg.com/search?cid=...cec440f3a59&lang=en&ds=AVG&pr=fr&d=2013-05-25 00:33:18&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=U039DF&PC=U039&dt=071313&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@authentec.com/ffwloplugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Jones\AppData\Roaming\CATALI~3\NPBCSK~2.DLL (Catalina Marketing Corporation)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2013/09/02 00:25:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/15 18:49:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}: C:\Users\Jones\AppData\Roaming\Mozilla\FireFox\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi [2013/08/13 13:21:26 | 000,003,752 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013/09/02 00:25:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/10/15 18:49:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/07/13 19:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jones\AppData\Roaming\Mozilla\Extensions
[2012/09/03 21:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jones\AppData\Roaming\Mozilla\Firefox\extensions
[2012/09/03 21:59:10 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Jones\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/08/31 13:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jones\AppData\Roaming\Mozilla\Firefox\Profiles\wczi21wh.default\extensions
[2013/07/13 19:54:12 | 000,002,402 | ---- | M] () -- C:\Users\Jones\AppData\Roaming\Mozilla\Firefox\Profiles\wczi21wh.default\searchplugins\bingp.xml
[2013/08/26 11:01:28 | 000,003,723 | ---- | M] () -- C:\Users\Jones\AppData\Roaming\Mozilla\Firefox\Profiles\wczi21wh.default\searchplugins\safeguard-secure-search.xml
[2013/08/16 22:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/23 04:59:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/16 22:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/23 04:59:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/16 22:56:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - Extension: Google Docs = C:\Users\Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Website Logon = C:\Users\Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof\6.0.100_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Users\Jones\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/31 21:58:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe (AppEx Networks Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/sto...sPage&SiteID=hpappli&Locale=en_US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Marketplace (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing

dVOURE · Sep 2, 2013

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5FF702D-1DFA-4A5A-AC70-4501DD0E1545}: DhcpNameServer = 65.32.5.111 65.32.5.112
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/02 00:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013/09/02 00:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/09/02 00:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/09/02 00:22:57 | 001,415,824 | ---- | C] (ESET) -- C:\Users\Jones\Desktop\eset_nod32_antivirus_live_installer.exe
[2013/09/02 00:20:26 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Jones\Desktop\TFC.exe
[2013/09/02 00:18:59 | 000,358,571 | ---- | C] (Farbar) -- C:\Users\Jones\Desktop\FSS(1).exe
[2013/09/01 23:45:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/01 22:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/09/01 22:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/09/01 01:17:12 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/01 01:09:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/01 01:05:52 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\AVG2013
[2013/09/01 01:05:02 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\TuneUp Software
[2013/09/01 01:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/09/01 01:03:42 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/09/01 01:02:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jones\Desktop\OTL.exe
[2013/09/01 01:02:24 | 001,027,511 | ---- | C] (Thisisu) -- C:\Users\Jones\Desktop\JRT.exe
[2013/09/01 01:00:03 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Local\MFAData
[2013/09/01 01:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/08/31 21:58:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/08/31 21:38:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/31 21:38:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/31 21:38:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/31 21:38:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/31 21:38:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/31 21:18:48 | 011,850,200 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Jones\Desktop\AppRemover.exe
[2013/08/31 21:13:57 | 001,589,860 | ---- | C] (Farbar) -- C:\Users\Jones\Desktop\FRST64.exe
[2013/08/31 21:12:27 | 005,115,930 | R--- | C] (Swearware) -- C:\Users\Jones\Desktop\ComboFix.exe
[2013/08/31 19:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/08/31 19:45:57 | 000,000,000 | ---D | C] -- C:\Users\Jones\Desktop\mbar
[2013/08/31 19:34:57 | 000,000,000 | ---D | C] -- C:\Users\Jones\Desktop\RK_Quarantine
[2013/08/31 15:43:04 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\Malwarebytes
[2013/08/31 15:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/31 15:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/31 15:43:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/31 15:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/31 15:25:46 | 000,000,000 | ---D | C] -- C:\Users\Jones\Documents\pay 4_files
[2013/08/31 15:25:34 | 000,000,000 | ---D | C] -- C:\Users\Jones\Documents\pay 3_files
[2013/08/31 15:25:15 | 000,000,000 | ---D | C] -- C:\Users\Jones\Documents\pay 2_files
[2013/08/31 15:25:00 | 000,000,000 | ---D | C] -- C:\Users\Jones\Documents\pay 1_files
[2013/08/30 19:47:48 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\Open Download Manager
[2013/08/30 19:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\GorillaPrice
[2013/08/21 14:51:17 | 017,737,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/08/16 22:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/15 09:49:58 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/15 09:49:58 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/15 09:49:57 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/15 09:49:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/15 09:49:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/15 09:49:57 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/15 09:49:57 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/15 09:49:56 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/15 09:49:56 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/15 09:49:56 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/15 09:49:56 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/15 09:49:54 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/15 09:49:54 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/15 09:49:54 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/15 09:49:53 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/14 22:12:58 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 22:12:58 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 22:12:58 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 22:12:46 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 22:12:46 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/14 22:12:46 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/14 22:12:43 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/14 22:12:42 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/14 22:12:42 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/14 22:12:41 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/14 22:12:40 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/14 22:12:40 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/14 22:12:40 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/14 22:12:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/14 22:12:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/14 22:12:40 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/09 21:23:21 | 000,000,000 | ---D | C] -- C:\Users\Jones\AppData\Roaming\Skype
[2013/08/09 21:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/08/09 21:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/08/09 21:23:14 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype

========== Files - Modified Within 30 Days ==========

[2013/09/02 08:51:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/02 08:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/02 08:46:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/02 00:22:57 | 001,415,824 | ---- | M] (ESET) -- C:\Users\Jones\Desktop\eset_nod32_antivirus_live_installer.exe
[2013/09/02 00:22:51 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/02 00:22:51 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/02 00:21:16 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/02 00:21:16 | 000,660,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/02 00:21:16 | 000,121,408 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/02 00:20:26 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Jones\Desktop\TFC.exe
[2013/09/02 00:18:59 | 000,358,571 | ---- | M] (Farbar) -- C:\Users\Jones\Desktop\FSS(1).exe
[2013/09/02 00:15:59 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/02 00:15:18 | 110,907,391 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/02 00:06:25 | 000,891,144 | ---- | M] () -- C:\Users\Jones\Desktop\SecurityCheck.exe
[2013/09/01 23:58:16 | 000,002,283 | ---- | M] () -- C:\Users\Jones\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/01 22:24:21 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/09/01 22:22:16 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/01 20:44:51 | 000,000,024 | ---- | M] () -- C:\Users\Jones\random.dat
[2013/09/01 14:56:40 | 000,000,044 | ---- | M] () -- C:\Users\Jones\jagex_cl_oldschool_LIVE.dat
[2013/09/01 14:56:13 | 000,000,044 | ---- | M] () -- C:\Users\Jones\jagex_cl_runescape_LIVE.dat
[2013/09/01 01:05:02 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/09/01 01:02:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jones\Desktop\OTL.exe
[2013/09/01 01:02:25 | 001,027,511 | ---- | M] (Thisisu) -- C:\Users\Jones\Desktop\JRT.exe
[2013/09/01 01:01:58 | 000,994,642 | ---- | M] () -- C:\Users\Jones\Desktop\adwcleaner.exe
[2013/08/31 21:58:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/31 21:18:52 | 011,850,200 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Jones\Desktop\AppRemover.exe
[2013/08/31 21:13:57 | 001,589,860 | ---- | M] (Farbar) -- C:\Users\Jones\Desktop\FRST64.exe
[2013/08/31 21:12:27 | 005,115,930 | R--- | M] (Swearware) -- C:\Users\Jones\Desktop\ComboFix.exe
[2013/08/31 15:43:02 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/31 15:25:46 | 000,039,340 | ---- | M] () -- C:\Users\Jones\Documents\pay 4.htm
[2013/08/31 15:25:34 | 000,039,340 | ---- | M] () -- C:\Users\Jones\Documents\pay 3.htm
[2013/08/31 15:25:16 | 000,039,339 | ---- | M] () -- C:\Users\Jones\Documents\pay 2.htm
[2013/08/31 15:25:01 | 000,039,338 | ---- | M] () -- C:\Users\Jones\Documents\pay 1.htm
[2013/08/31 12:36:24 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJones.job
[2013/08/21 15:51:21 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/08/21 15:51:21 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/21 15:51:13 | 017,737,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/08/16 13:08:16 | 578,086,321 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/14 16:33:01 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/08/12 16:50:27 | 000,893,239 | ---- | M] () -- C:\Users\Jones\AppData\Local\a.zip
[2013/08/09 21:23:15 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2013/09/02 00:06:25 | 000,891,144 | ---- | C] () -- C:\Users\Jones\Desktop\SecurityCheck.exe
[2013/09/01 22:24:21 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/09/01 22:22:16 | 000,002,283 | ---- | C] () -- C:\Users\Jones\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/01 22:22:15 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/01 01:05:02 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/09/01 01:01:58 | 000,994,642 | ---- | C] () -- C:\Users\Jones\Desktop\adwcleaner.exe
[2013/08/31 21:38:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/31 21:38:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/31 21:38:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/31 21:38:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/31 21:38:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/31 15:43:02 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/31 15:25:46 | 000,039,340 | ---- | C] () -- C:\Users\Jones\Documents\pay 4.htm
[2013/08/31 15:25:34 | 000,039,340 | ---- | C] () -- C:\Users\Jones\Documents\pay 3.htm
[2013/08/31 15:25:15 | 000,039,339 | ---- | C] () -- C:\Users\Jones\Documents\pay 2.htm
[2013/08/31 15:25:00 | 000,039,338 | ---- | C] () -- C:\Users\Jones\Documents\pay 1.htm
[2013/08/09 21:23:15 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/29 18:40:22 | 000,000,044 | ---- | C] () -- C:\Users\Jones\jagex_cl_oldschool_LIVE.dat
[2013/06/13 01:20:15 | 000,893,239 | ---- | C] () -- C:\Users\Jones\AppData\Local\a.zip
[2012/11/24 03:41:13 | 000,000,045 | ---- | C] () -- C:\Users\Jones\jagex_cl_runescape_LIVE1.dat
[2012/10/15 18:45:42 | 000,223,096 | ---- | C] () -- C:\Windows\hpwins24.dat
[2012/10/15 18:45:42 | 000,001,758 | ---- | C] () -- C:\Windows\hpwmdl24.dat
[2012/10/12 19:09:21 | 000,000,049 | ---- | C] () -- C:\Users\Jones\jagex_cl_runescape_LIVE_BETA.dat
[2012/09/03 23:55:04 | 000,049,569 | -HS- | C] () -- C:\Users\Jones\AlbumArt_{7050783A-0BD9-40A6-B30C-A81144905190}_Large.jpg
[2012/09/03 23:55:04 | 000,009,495 | -HS- | C] () -- C:\Users\Jones\AlbumArt_{7050783A-0BD9-40A6-B30C-A81144905190}_Small.jpg
[2012/09/03 23:54:52 | 000,049,569 | -HS- | C] () -- C:\Users\Jones\Folder.jpg
[2012/09/03 23:54:52 | 000,009,495 | -HS- | C] () -- C:\Users\Jones\AlbumArtSmall.jpg
[2012/09/03 23:53:56 | 000,093,801 | ---- | C] () -- C:\Users\Jones\_____padding_file_11_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:52 | 000,165,920 | ---- | C] () -- C:\Users\Jones\_____padding_file_9_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:48 | 000,064,351 | ---- | C] () -- C:\Users\Jones\_____padding_file_1_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:42 | 000,219,592 | ---- | C] () -- C:\Users\Jones\_____padding_file_7_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:42 | 000,174,793 | ---- | C] () -- C:\Users\Jones\_____padding_file_2_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:42 | 000,153,887 | ---- | C] () -- C:\Users\Jones\_____padding_file_5_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:22 | 000,216,921 | ---- | C] () -- C:\Users\Jones\_____padding_file_13_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:15 | 000,242,360 | ---- | C] () -- C:\Users\Jones\_____padding_file_8_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:07 | 000,195,439 | ---- | C] () -- C:\Users\Jones\_____padding_file_10_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:53:05 | 000,085,919 | ---- | C] () -- C:\Users\Jones\_____padding_file_3_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:52:57 | 000,020,944 | ---- | C] () -- C:\Users\Jones\_____padding_file_4_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:52:54 | 000,194,320 | ---- | C] () -- C:\Users\Jones\_____padding_file_12_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:52:53 | 000,240,018 | ---- | C] () -- C:\Users\Jones\_____padding_file_6_if you see this file, please update to BitComet 0.85 or above____
[2012/09/03 23:52:40 | 000,204,744 | ---- | C] () -- C:\Users\Jones\_____padding_file_0_if you see this file, please update to BitComet 0.85 or above____
[2012/08/10 23:47:14 | 000,000,044 | ---- | C] () -- C:\Users\Jones\jagex_cl_runescape_LIVE.dat
[2012/08/10 23:47:14 | 000,000,024 | ---- | C] () -- C:\Users\Jones\random.dat
[2012/08/10 00:35:36 | 000,017,408 | ---- | C] () -- C:\Users\Jones\AppData\Local\WebpageIcons.db
[2012/07/16 10:28:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/19 21:05:33 | 000,773,940 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/21 19:58:00 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/21 19:58:00 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/13 10:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Broni · Sep 2, 2013

What about Eset scan log?

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
PRC - [2013/08/24 15:26:02 | 000,120,832 | ---- | M] () -- C:\ProgramData\GorillaPrice\WatGorp.exe
SRV - [2013/08/24 15:26:02 | 000,120,832 | ---- | M] () [Auto | Running] -- C:\ProgramData\GorillaPrice\WatGorp.exe -- (WatGorp)
[2013/08/30 19:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\GorillaPrice


:Services

:Reg

:Files
C:\FRST
C:\ProgramData\GorillaPrice

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Inactive-A Help with Spyware/Malware removal.

Posts: 41 +0

Posts: 41 +0

Posts: 41 +0

Posts: 56,041 +516

Posts: 41 +0

Posts: 41 +0

Posts: 41 +0

Posts: 41 +0

Posts: 41 +0

Posts: 41 +0

Posts: 41 +0

Posts: 56,041 +516

Posts: 41 +0

Posts: 56,041 +516

Posts: 41 +0

Posts: 41 +0

Posts: 41 +0

Posts: 41 +0

Posts: 56,041 +516

Posts: 41 +0

Posts: 41 +0

Posts: 56,041 +516

Posts: 41 +0

Posts: 41 +0

Posts: 56,041 +516

Similar threads