cellochick

Thanks VERY VERY MUCH for your prompt help and advice.

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16514 BrowserJavaVersion: 10.25.2 Run by Joey at 15:44:09 on 2013-10-20 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4036.2154 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files\Lenovo\LBAI\LBAEvent.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\SysWOW64\NLSSRV32.EXE C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files (x86)\Glary Utilities 3\Integrator.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [Voobly] "C:\Program Files (x86)\Voobly\voobly.exe" --startup uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [Power Manager Startup Utility] C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\Joey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 208.67.222.222 208.67.220.220 208.67.220.222 TCP: Interfaces\{152B66CB-2253-4753-A664-E71EC9B2EDB5} : DHCPNameServer = 208.67.222.222 208.67.220.220 208.67.220.222 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Users\Joey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-10-2 16152] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-25 984144] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-25 370288] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-2 204288] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-12-25 25232] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-25 71600] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-25 44808] R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-10-2 169776] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-2 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-2 161560] R2 LBAEvent;Lenovo LBA Event Service;C:\Program Files\Lenovo\LBAI\LBAEvent.exe [2012-10-2 15520] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-10-2 58224] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-10-2 61296] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-9 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-9 701512] R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-5-24 69640] R2 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe [2012-10-2 70968] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-2 363800] R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-19 84080] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-10-2 93712] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-10-2 356120] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-10-2 787736] R3 LBAI;Lenovo application interface driver;C:\Windows\System32\drivers\LBAI.sys [2012-10-2 9600] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-9 25928] R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168] S3 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-10-2 70416] S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.exe [2012-10-2 165176] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-27 1255736] . =============== Created Last 30 ================ . 2074-05-11 23:09:06 11393848 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe 2013-10-20 18:34:58 -------- d-----w- C:\_OTL 2013-10-20 15:27:28 -------- d-----w- C:\Windows\ERUNT 2013-10-20 15:15:29 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{629EA284-9508-4C22-AABF-2B4DD2BFA4FE}\mpengine.dll 2013-10-20 14:56:32 -------- d-----w- C:\Windows\System32\MRT 2013-10-20 14:52:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2013-10-20 14:51:04 3155968 ----a-w- C:\Windows\System32\win32k.sys 2013-10-20 14:51:02 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-10-20 14:50:59 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys 2013-10-20 14:50:59 42496 ----a-w- C:\Windows\System32\drivers\usbscan.sys 2013-10-20 14:50:59 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys 2013-10-20 14:50:58 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2013-10-20 14:50:58 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2013-10-20 14:50:57 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2013-10-20 14:50:57 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2013-10-20 14:50:57 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2013-10-20 14:50:51 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-10-20 14:50:50 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-10-20 14:50:49 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-10-20 14:50:49 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-10-20 14:47:55 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-10-20 13:42:34 -------- d-----w- C:\Users\Joey\AppData\Local\Apps 2013-10-20 13:37:05 -------- d-----w- C:\Program Files (x86)\AnalyseThis 2013-10-10 23:13:12 -------- d-----w- C:\Windows\SysWow64\directx 2013-10-10 23:13:09 -------- d-----w- C:\Games 2013-10-10 00:06:59 -------- d-----w- C:\Users\Joey\AppData\Roaming\Malwarebytes 2013-10-10 00:06:57 -------- d-----w- C:\ProgramData\Malwarebytes 2013-10-10 00:06:56 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-10-10 00:06:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-09 23:17:25 -------- d-----r- C:\Users\Joey\Dropbox 2013-10-09 23:16:30 -------- d-----w- C:\Users\Joey\AppData\Roaming\Dropbox 2013-10-08 23:51:47 -------- d-----w- C:\Program Files (x86)\SweetPacks_A5 2013-10-08 23:51:22 -------- d-----w- C:\Windows\System32\ljkb 2013-10-08 23:51:20 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll 2013-10-08 23:51:20 1761584 ----a-w- C:\Windows\System32\dmwu.exe 2013-10-07 00:15:31 -------- d-----w- C:\Windows\SysWow64\searchplugins 2013-10-07 00:15:31 -------- d-----w- C:\Windows\SysWow64\Extensions 2013-10-05 13:01:07 -------- d-----w- C:\Users\Joey\AppData\Roaming\LolClient 2013-10-05 11:39:07 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll 2013-10-05 11:39:07 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll 2013-10-05 11:39:07 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll 2013-10-05 11:39:07 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll 2013-10-05 11:39:07 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll 2013-10-05 11:38:49 -------- d-----w- C:\Riot Games 2013-10-05 11:38:19 -------- d-----w- C:\Users\Joey\AppData\Local\PMB Files 2013-10-05 11:38:16 -------- d-----w- C:\ProgramData\PMB Files 2013-10-05 11:38:12 -------- d-----w- C:\Program Files (x86)\Pando Networks 2013-10-05 11:37:21 -------- d-----w- C:\Users\Joey\AppData\Roaming\Riot Games 2013-09-21 22:00:50 -------- d-----w- C:\Windows\SysWow64\modules 2013-09-21 22:00:50 -------- d-----w- C:\Windows\SysWow64\js 2013-09-21 22:00:50 -------- d-----w- C:\Windows\SysWow64\images 2013-09-21 22:00:50 -------- d-----w- C:\Windows\SysWow64\html 2013-09-21 22:00:50 -------- d-----w- C:\Windows\SysWow64\css 2013-09-21 22:00:50 -------- d-----w- C:\Users\Joey\AppData\Local\avgchrome 2013-09-21 22:00:26 -------- d-----w- C:\ProgramData\DSearchLink 2013-09-21 22:00:00 -------- d-----w- C:\Program Files (x86)\OpenDownloaderManager . ==================== Find3M ==================== . 2013-10-09 00:05:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-09 00:05:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-22 14:42:33 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-09-22 14:33:53 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-09-22 14:33:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-09-22 14:23:30 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-09-22 14:21:21 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-09-22 14:15:47 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-09-22 10:22:59 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-09-22 10:14:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-09-22 10:13:22 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-09-22 10:08:41 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-09-22 10:06:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-09-22 10:03:18 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-09-13 08:32:10 117024 ----a-w- C:\Windows\System32\BootDefrag.exe 2013-09-09 07:57:00 829264 ----a-w- C:\Windows\System32\msvcr100.dll 2013-09-09 07:57:00 608080 ----a-w- C:\Windows\System32\msvcp100.dll 2013-09-03 19:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-08-27 09:01:59 1143296 ----a-w- C:\Windows\System32\FntCache.dll 2013-08-27 09:01:47 1545728 ----a-w- C:\Windows\System32\DWrite.dll 2013-08-27 08:21:36 1077760 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll 2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL . ============= FINISH: 15:44:48.82 ===============

All processes killed ========== PROCESSES ========== ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}\ not found. Registry value HKEY_USERS\S-1-5-21-3454010157-2486133756-499389311-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}\ not found. ========== FILES ========== File\Folder C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Jeff User: Joey ->Temp folder emptied: 4776403 bytes ->Temporary Internet Files folder emptied: 1613492 bytes ->Java cache emptied: 1876002 bytes ->FireFox cache emptied: 59418914 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 59920 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 401462 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 115129654 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50551 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 175.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Jeff User: Joey ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYJAVA] User: All Users User: Default User: Default User User: Jeff User: Joey ->Java cache emptied: 0 bytes User: Public Total Java Files Cleaned = 0.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.69.0 log created on 10202013_152621 Files\Folders moved on Reboot... C:\Users\Joey\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. C:\Windows\temp\FXSAPIDebugLogFile.txt moved successfully. C:\Windows\temp\FXSTIFFDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... No strange search engines showing up in firefox search engine box. No strange add-ons in the add-ons list. So far so good.

BlitzBlank 1.0.0.32 File/Registry Modification Engine native application MoveDirectoryOnReboot: sourceDirectory = "\??\c:\program files (x86)\gorillaprice", destinationDirectory = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: sourceDirectory = "\??\c:\program files (x86)\gorillaprice\ChromeAddon", destinationDirectory = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\gorillaprice\ChromeAddon\128.png", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\gorillaprice\ChromeAddon\bg.html", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\gorillaprice\ChromeAddon\bg.js", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\gorillaprice\ChromeAddon\content.js", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\gorillaprice\ChromeAddon\manifest.json", destinationFile = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: sourceDirectory = "\??\c:\program files (x86)\gorillaprice\ChromeAddon\plugin", destinationDirectory = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\gorillaprice\ChromeAddon\plugin\npsimple.dll", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\gorillaprice\gpdll.dll", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\gorillaprice\GPHelper.dll", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\gorillaprice\GPHelper64.dll", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\gorillaprice\GPI64Tool.exe", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\program files (x86)\gorillaprice\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi", destinationFile = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: sourceDirectory = "\??\c:\programdata\gorillaprice", destinationDirectory = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: sourceDirectory = "\??\c:\programdata\gorillaprice\ChromeAddon", destinationDirectory = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\programdata\gorillaprice\ChromeAddon\128.png", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\programdata\gorillaprice\ChromeAddon\bg.html", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\programdata\gorillaprice\ChromeAddon\bg.js", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\programdata\gorillaprice\ChromeAddon\content.js", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\programdata\gorillaprice\ChromeAddon\manifest.json", destinationFile = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: sourceDirectory = "\??\c:\programdata\gorillaprice\ChromeAddon\plugin", destinationDirectory = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\programdata\gorillaprice\ChromeAddon\plugin\npsimple.dll", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\programdata\gorillaprice\config.dat", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\programdata\gorillaprice\GorillaPrice.exe", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\programdata\gorillaprice\gpdll.dll", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\programdata\gorillaprice\GPHelper.dll", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\programdata\gorillaprice\GPHelper64.dll", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\programdata\gorillaprice\GPI64Tool.exe", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\programdata\gorillaprice\helper.exe", destinationFile = "(null)", replaceWithDummy = 0 MoveFileOnReboot: sourceFile = "\??\c:\programdata\gorillaprice\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi", destinationFile = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: sourceDirectory = "\??\c:\users\all users\gorillaprice", destinationDirectory = "(null)", replaceWithDummy = 0 MoveDirectoryOnReboot: ZwCreateFile(sourceDirectory) failed: status = c0000034

Ran the second fix. It hangs on "moving file: ....GorillaPrice.." for ten minutes or more. The first script/fix requires pushing the "continue" button every ten seconds.

It hangs on "restore point."

Okay...but then I get this error message: It looks like the script you are running is taking longer than normal. Continue or end script?

Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.10.17.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Joey :: BUDDY [administrator] Protection: Enabled 10/20/2013 1:24:30 PM mbam-log-2013-10-20 (13-24-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 217915 Time elapsed: 2 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

OTL logfile created on: 10/20/2013 1:16:06 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joey\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.94 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 55.75% Memory free 7.88 Gb Paging File | 5.67 Gb Available in Paging File | 71.95% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 916.37 Gb Total Space | 688.44 Gb Free Space | 75.13% Space Free | Partition Type: NTFS Drive Q: | 13.67 Gb Total Space | 3.49 Gb Free Space | 25.55% Space Free | Partition Type: NTFS Computer Name: BUDDY | User Name: Joey | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Joey\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Glary Utilities 3\Integrator.exe (Glarysoft Ltd) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.) PRC - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Lenovo) PRC - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation) PRC - C:\Program Files\Lenovo\LBAI\LBAEvent.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.EXE (Lenovo Group Limited) PRC - C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe (Lenovo) PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe (Lenovo) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6e3778958a8bfd03bf0f2f60c4e25623\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d4493b0e5a5c6faf89cfeaa5f2a21034\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\40b43527d6fdbeb6e905a7b6123f3a42\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dd8f4efb7e81c75fe444a180f6f1aacf\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll () MOD - C:\Users\Joey\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Glary Utilities 3\zlib1.dll () MOD - C:\Users\Joey\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (LENOVO.TPKNRSVC) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) SRV:64bit: - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) SRV:64bit: - (LBAEvent) -- C:\Program Files\Lenovo\LBAI\LBAEvent.exe (Lenovo) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.) SRV - (VIPAppService) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation) SRV - (PwmEWSvc) -- C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.exe (Lenovo Group Limited) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe (Lenovo) SRV - (FastbootService) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe (Lenovo) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.) DRV:64bit: - (LBAI) -- C:\Windows\SysNative\drivers\LBAI.sys (Lenovo) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo Information Product(ShenZhen China) Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (Secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {79B3003A-A0F7-4008-8274-29860CE44FA0} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentre [binary data] IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre [binary data] IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\..\URLSearchHook: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - No CLSID value found IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\..\SearchScopes,DefaultScope = {79B3003A-A0F7-4008-8274-29860CE44FA0} IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS516 IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.com/" FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2 FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0 FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Joey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/25 09:00:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012/10/02 20:03:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP2X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012/10/02 20:03:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Users\Joey\AppData\Local\GreatArcadeHits\gahff.xpi FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/25 08:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Extensions [2013/10/20 13:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions [2012/12/25 22:29:37 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013/10/08 18:52:20 | 000,000,000 | ---D | M] (GreatArcadeHits Add-on) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\gahff [2012/12/25 22:45:59 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\add-to-searchbox@maltekraus.de.xpi [2013/05/04 20:01:00 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\nosquint@urandom.ca.xpi [2012/12/25 22:57:09 | 000,002,452 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\searchplugins\daggett-montessori-library.xml [2012/12/25 22:41:16 | 000,000,931 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\searchplugins\dictionary.xml [2012/12/25 22:55:49 | 000,002,449 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\searchplugins\george-c-clarke-library-.xml [2012/12/25 22:57:44 | 000,002,430 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\searchplugins\paschal-library.xml [2012/12/25 22:41:21 | 000,001,539 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\searchplugins\thesaurus---referencecom.xml [2013/10/08 18:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions [2013/10/08 18:52:31 | 000,000,000 | ---D | M] (WordOv) -- C:\Program Files (x86)\Mozilla Firefox\Extensions\jzkenlkaloil@kctewplunsmgzuca.org [2013/09/19 08:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/09/19 08:24:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: http://www.google.com CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\egpbcfbaejlamdindjpaodjojjhnbipl\2.0.0.1_0\ CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\egpbcfbaejlamdindjpaodjojjhnbipl\2.0.0.1_0\egpbcfbaejlamdindjpaodjojjhnbipl\2.0.0.1_0\ CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnlcdpdncgchnamlmdhdhokahkaikhl\4.2.25.1\ CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\ CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [Power Manager Startup Utility] C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.EXE () O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3454010157-2486133756-499389311-1000..\Run: [Voobly] C:\Program Files (x86)\Voobly\voobly.exe (Voobly) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 208.67.220.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{152B66CB-2253-4753-A664-E71EC9B2EDB5}: DhcpNameServer = 208.67.222.222 208.67.220.220 208.67.220.222 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/12/14 21:05:40 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{51449a97-50fb-11e2-9100-0021862995d6}\Shell - "" = AutoRun O33 - MountPoints2\{51449a97-50fb-11e2-9100-0021862995d6}\Shell\AutoRun\command - "" = E:\EasySuite.exe O33 - MountPoints2\{51449a98-50fb-11e2-9100-0021862995d6}\Shell - "" = AutoRun O33 - MountPoints2\{51449a98-50fb-11e2-9100-0021862995d6}\Shell\AutoRun\command - "" = E:\EasySuite.exe O33 - MountPoints2\{51449a9a-50fb-11e2-9100-0021862995d6}\Shell - "" = AutoRun O33 - MountPoints2\{51449a9a-50fb-11e2-9100-0021862995d6}\Shell\AutoRun\command - "" = E:\EasySuite.exe O33 - MountPoints2\{d124b946-0cf2-11e2-9528-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d124b946-0cf2-11e2-9528-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011/12/14 21:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (BootDefrag.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [CREATERESTOREPOINT] Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013/10/20 10:43:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTL.exe [2013/10/20 10:27:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/10/20 10:25:51 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Joey\Desktop\JRT.exe [2013/10/20 10:05:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/10/20 10:05:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/10/20 10:05:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/10/20 10:05:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/10/20 10:05:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/10/20 10:05:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/10/20 10:05:24 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/10/20 10:05:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/10/20 10:05:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/10/20 10:05:23 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/10/20 10:05:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/10/20 10:05:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/10/20 10:05:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/10/20 10:05:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/10/20 10:05:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/10/20 09:58:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/10/20 09:56:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013/10/20 09:53:04 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/10/20 09:53:03 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/10/20 09:53:03 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/10/20 09:53:02 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013/10/20 09:53:02 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/10/20 09:53:01 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/10/20 09:53:00 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/10/20 09:53:00 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/10/20 09:53:00 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/10/20 09:53:00 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013/10/20 09:53:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/10/20 09:52:59 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/10/20 09:52:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/10/20 09:52:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/10/20 09:52:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/10/20 09:52:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/10/20 09:52:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/10/20 09:52:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/10/20 09:52:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/10/20 09:52:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/10/20 09:52:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/10/20 09:52:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/10/20 09:52:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/10/20 09:52:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/10/20 09:52:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/10/20 09:52:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/10/20 09:52:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/10/20 09:52:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/10/20 09:52:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/10/20 09:52:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/10/20 09:52:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/10/20 09:52:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/10/20 09:52:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/10/20 09:52:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/10/20 09:52:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/10/20 09:52:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/10/20 09:52:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/10/20 09:52:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/10/20 09:52:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/10/20 09:52:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/10/20 09:52:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/10/20 09:52:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/10/20 09:52:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/10/20 09:52:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/10/20 09:52:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/10/20 09:52:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/10/20 09:52:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/10/20 09:52:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/10/20 09:52:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/10/20 09:52:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/10/20 09:52:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/10/20 09:52:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/10/20 09:52:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/10/20 09:52:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/10/20 09:52:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/10/20 09:52:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/10/20 09:52:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/10/20 09:52:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/10/20 09:52:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/10/20 09:52:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/10/20 09:52:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/10/20 09:52:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/10/20 09:52:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/10/20 09:52:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/10/20 09:52:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/10/20 09:52:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/10/20 09:52:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/10/20 09:52:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/10/20 09:52:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/10/20 09:52:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/10/20 09:52:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/10/20 09:52:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/10/20 09:52:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/10/20 09:52:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/10/20 09:52:52 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013/10/20 09:52:52 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll [2013/10/20 09:52:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/10/20 09:52:48 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013/10/20 09:52:48 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013/10/20 09:52:47 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013/10/20 09:52:16 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013/10/20 09:52:15 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013/10/20 09:50:59 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013/10/20 09:50:59 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys [2013/10/20 09:50:51 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013/10/20 09:50:50 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013/10/20 09:50:49 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013/10/20 09:50:49 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013/10/20 09:49:40 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013/10/20 09:49:29 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2013/10/20 09:49:29 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2013/10/20 09:49:18 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2013/10/20 09:49:17 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013/10/20 09:49:17 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013/10/20 09:49:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll [2013/10/20 09:49:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll [2013/10/20 09:49:16 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2013/10/20 09:49:16 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2013/10/20 09:49:16 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013/10/20 09:49:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013/10/20 09:49:15 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2013/10/20 09:49:14 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll [2013/10/20 09:49:14 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll [2013/10/20 09:49:13 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll [2013/10/20 09:49:13 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll [2013/10/20 09:49:10 | 001,545,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013/10/20 09:49:09 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/10/20 09:49:09 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/10/20 09:18:18 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Joey\Desktop\dds.com [2013/10/20 08:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis [2013/10/20 08:42:34 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\Apps [2013/10/20 08:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnalyseThis [2013/10/10 18:13:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013/10/10 18:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks [2013/10/10 18:13:09 | 000,000,000 | ---D | C] -- C:\Games [2013/10/09 19:28:53 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\Games [2013/10/09 19:06:59 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Malwarebytes [2013/10/09 19:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/10/09 19:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/10/09 19:06:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/10/09 19:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/10/09 18:17:25 | 000,000,000 | R--D | C] -- C:\Users\Joey\Dropbox [2013/10/09 18:16:50 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013/10/09 18:16:30 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Dropbox [2013/10/08 18:53:04 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WordOv [2013/10/08 18:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetPacks_A5 [2013/10/08 18:51:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ljkb [2013/10/08 18:51:20 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013/10/06 19:15:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013/10/06 19:15:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013/10/05 08:01:07 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\LolClient [2013/10/05 06:39:07 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2013/10/05 06:39:07 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2013/10/05 06:39:07 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2013/10/05 06:39:07 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2013/10/05 06:39:07 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2013/10/05 06:38:49 | 000,000,000 | ---D | C] -- C:\Riot Games [2013/10/05 06:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends [2013/10/05 06:38:19 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\PMB Files [2013/10/05 06:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013/10/05 06:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013/10/05 06:37:21 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Riot Games [2013/09/21 17:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\GorillaPrice [2013/09/21 17:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GorillaPrice [2013/09/21 17:00:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\modules [2013/09/21 17:00:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\js [2013/09/21 17:00:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\images [2013/09/21 17:00:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\html [2013/09/21 17:00:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\css [2013/09/21 17:00:50 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\avgchrome [2013/09/21 17:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DSearchLink [2013/09/21 17:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDownloaderManager [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/10/20 13:10:40 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/10/20 13:10:40 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/10/20 13:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/10/20 13:04:16 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job [2013/10/20 13:03:12 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013/10/20 13:03:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/10/20 13:02:59 | 3174,408,192 | -HS- | M] () -- C:\hiberfil.sys [2013/10/20 12:57:34 | 000,096,256 | ---- | M] () -- C:\Users\Joey\Desktop\SystemLook_x64.exe [2013/10/20 10:42:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTL.exe [2013/10/20 10:25:52 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Joey\Desktop\JRT.exe [2013/10/20 10:18:17 | 000,444,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/10/20 10:09:02 | 000,742,120 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/10/20 10:09:02 | 000,625,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/10/20 10:09:02 | 000,106,898 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/10/20 09:18:18 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Joey\Desktop\dds.com [2013/10/13 18:39:57 | 000,001,057 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/10/12 07:35:23 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\Need for Madness.lnk [2013/10/12 06:43:14 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk [2013/10/08 19:05:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/10/08 19:05:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/09/26 16:49:02 | 000,001,115 | ---- | M] () -- C:\Users\Joey\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk [2013/09/22 09:42:33 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/09/22 09:33:06 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/09/22 09:30:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/09/22 09:23:30 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/09/22 09:22:05 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/09/22 09:21:21 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/09/22 09:19:35 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/09/22 09:16:32 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/09/22 09:07:22 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/09/22 05:14:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/09/22 05:12:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/09/22 05:08:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/09/22 05:07:38 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/09/22 05:03:54 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/09/22 04:59:06 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/10/20 12:57:37 | 000,096,256 | ---- | C] () -- C:\Users\Joey\Desktop\SystemLook_x64.exe [2013/10/20 09:49:29 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013/10/12 07:35:23 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\Need for Madness.lnk [2013/10/10 18:13:11 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk [2013/10/09 18:16:59 | 000,001,057 | ---- | C] () -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/10/08 18:51:20 | 001,761,584 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe [2013/07/02 14:58:50 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI [2013/06/30 13:51:24 | 000,000,613 | ---- | C] () -- C:\Windows\eReg.dat [2013/06/03 13:56:36 | 000,000,769 | ---- | C] () -- C:\Windows\Edofma.INI [2012/12/26 11:14:04 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2012/12/26 10:21:50 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012/12/26 10:21:50 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012/12/25 08:28:18 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2012/10/02 19:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/10/02 19:35:27 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/10/02 19:35:27 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/10/02 19:35:27 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012/02/15 00:27:52 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2012/02/15 00:27:38 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011/12/08 18:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011/05/20 15:33:12 | 001,066,031 | ---- | C] () -- C:\Users\Joey\pig1.JPG [2011/02/02 18:15:14 | 000,006,893 | ---- | C] () -- C:\Users\Joey\drumswet.lxf [2010/12/11 14:37:13 | 000,109,889 | ---- | C] () -- C:\Users\Joey\Untitled17.lxf [2010/12/07 22:41:59 | 000,098,846 | ---- | C] () -- C:\Users\Joey\payment 12_2010.pdf [2010/10/12 21:49:17 | 009,730,754 | ---- | C] () -- C:\Users\Joey\submarine.skp [2010/10/07 20:24:34 | 000,155,833 | ---- | C] () -- C:\Users\Joey\wheel and axle.skb [2010/10/07 19:54:48 | 000,155,091 | ---- | C] () -- C:\Users\Joey\wheel and axle.skp [2010/10/07 19:32:57 | 000,815,796 | ---- | C] () -- C:\Users\Joey\inclined plane.skp [2010/09/30 00:01:01 | 000,121,911 | ---- | C] () -- C:\Users\Joey\rikki tikki bungalow.skb [2010/09/29 17:46:18 | 000,132,332 | ---- | C] () -- C:\Users\Joey\rikki tikki bungalow.skp [2010/09/28 19:39:56 | 000,394,006 | ---- | C] () -- C:\Users\Joey\cobra rikki tikki.skp [2010/09/24 21:38:55 | 000,277,773 | ---- | C] () -- C:\Users\Joey\house.skp [2010/09/24 21:13:33 | 000,231,687 | ---- | C] () -- C:\Users\Joey\house.skb [2010/09/23 20:29:58 | 007,793,439 | ---- | C] () -- C:\Users\Joey\APU.skp [2010/09/23 20:23:07 | 000,100,117 | ---- | C] () -- C:\Users\Joey\USA.skp [2010/04/26 00:47:55 | 000,035,102 | ---- | C] () -- C:\Users\Joey\The Persistent Puzzle of.jpg [2010/01/09 15:01:22 | 000,009,659 | ---- | C] () -- C:\Users\Joey\valentine.lxf [2009/10/15 16:58:04 | 000,252,845 | ---- | C] () -- C:\Users\Joey\10350814.potx ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < :Commands > < > < :processes > < killallprocesses > < :otl > < IE - HKLM\..\URLSearchHook: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - No CLSID value found > < IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\..\URLSearchHook: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - No CLSID value found > < :files > < C:\Program Files (x86)\GorillaPrice > < C:\ProgramData\GorillaPrice > < C:\Users\All Users\GorillaPrice > < C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} > < :commands > < [EMPTYTEMP] > < [EMPTYFLASH] > < [EMPTYJAVA] > < [RESETHOSTS] > < [REBOOT] > ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report >

SystemLook 04.09.10 by jpshortstuff Log created at 12:58 on 20/10/2013 by Joey Administrator - Elevation successful ========== filefind ========== Searching for "*GorillaPrice*" C:\ProgramData\GorillaPrice\GorillaPrice.exe --a---- 1137152 bytes [20:16 18/09/2013] [20:16 18/09/2013] 7F0794729458E403CE50E0FD1C4A3771 C:\Users\All Users\GorillaPrice\GorillaPrice.exe --a---- 1137152 bytes [20:16 18/09/2013] [20:16 18/09/2013] 7F0794729458E403CE50E0FD1C4A3771 ========== folderfind ========== Searching for "*GorillaPrice*" C:\Program Files (x86)\GorillaPrice d------ [22:00 21/09/2013] C:\ProgramData\GorillaPrice d------ [22:00 21/09/2013] C:\Users\All Users\GorillaPrice d------ [22:00 21/09/2013] ========== Regfind ========== Searching for "GorillaPrice"

When I enter control appwiz.cpl in the start menu search box, it says no items found. Then I went to programs and features, and it finds Gorilla Price. But when I click uninstall, it takes me to this: http://uninstaller.gorillaprice.com/uninstaller3.html and I don't want to download an uninstaller from them unless you tell me to. Do I do it?

HERE is the OLT file: OTL logfile created on: 10/20/2013 10:44:57 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joey\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.94 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 50.60% Memory free 7.88 Gb Paging File | 5.56 Gb Available in Paging File | 70.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 916.37 Gb Total Space | 689.00 Gb Free Space | 75.19% Space Free | Partition Type: NTFS Drive Q: | 13.67 Gb Total Space | 3.49 Gb Free Space | 25.55% Space Free | Partition Type: NTFS Computer Name: BUDDY | User Name: Joey | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Joey\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Glary Utilities 3\Integrator.exe (Glarysoft Ltd) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) PRC - C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) PRC - C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.) PRC - C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe (Lenovo) PRC - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation) PRC - C:\Program Files\Lenovo\LBAI\LBAEvent.exe (Lenovo) PRC - C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.EXE (Lenovo Group Limited) PRC - C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe (Lenovo) PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe (Lenovo) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Users\Joey\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Glary Utilities 3\zlib1.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll () MOD - C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll () MOD - C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll () MOD - C:\Users\Joey\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll () MOD - C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll () ========== Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV:64bit: - (LENOVO.TPKNRSVC) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) SRV:64bit: - (LENOVO.CAMMUTE) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) SRV:64bit: - (LBAEvent) -- C:\Program Files\Lenovo\LBAI\LBAEvent.exe (Lenovo) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NLSSRV32.EXE (Nalpeiron Ltd.) SRV - (VIPAppService) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe (Symantec Corporation) SRV - (PwmEWSvc) -- C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.exe (Lenovo Group Limited) SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe (Lenovo) SRV - (FastbootService) -- C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe (Lenovo) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo Information Product(ShenZhen China) Inc.) DRV:64bit: - (LBAI) -- C:\Windows\SysNative\drivers\LBAI.sys (Lenovo) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo Information Product(ShenZhen China) Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (Secdrv) -- C:\Windows\SysWOW64\drivers\SECDRV.SYS () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {79B3003A-A0F7-4008-8274-29860CE44FA0} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkcentre [binary data] IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/welcome/thinkcentre [binary data] IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\..\URLSearchHook: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - No CLSID value found IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\..\SearchScopes,DefaultScope = {79B3003A-A0F7-4008-8274-29860CE44FA0} IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS516 IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.com/" FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2 FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0 FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Joey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/12/25 09:00:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP1X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012/10/02 20:03:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\VIP2X@verisign.com: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012/10/02 20:03:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Users\Joey\AppData\Local\GreatArcadeHits\gahff.xpi FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/25 08:42:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Extensions [2013/10/20 09:04:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions [2012/12/25 22:29:37 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013/10/20 08:06:16 | 000,000,000 | ---D | M] (SweetPacks A5) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} [2013/10/08 18:52:20 | 000,000,000 | ---D | M] (GreatArcadeHits Add-on) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\gahff [2013/10/08 18:52:32 | 000,000,000 | ---D | M] (WordOv) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\jzkenlkaloil@kctewplunsmgzuca.org [2012/12/25 22:45:59 | 000,025,781 | ---- | M] () (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\add-to-searchbox@maltekraus.de.xpi [2013/05/04 20:01:00 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\nosquint@urandom.ca.xpi [2012/12/25 22:57:09 | 000,002,452 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\searchplugins\daggett-montessori-library.xml [2012/12/25 22:41:16 | 000,000,931 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\searchplugins\dictionary.xml [2012/12/25 22:55:49 | 000,002,449 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\searchplugins\george-c-clarke-library-.xml [2012/12/25 22:57:44 | 000,002,430 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\searchplugins\paschal-library.xml [2012/12/25 22:41:21 | 000,001,539 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\searchplugins\thesaurus---referencecom.xml [2013/10/08 18:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions [2013/10/08 18:52:31 | 000,000,000 | ---D | M] (WordOv) -- C:\Program Files (x86)\Mozilla Firefox\Extensions\jzkenlkaloil@kctewplunsmgzuca.org [2013/09/19 08:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/09/19 08:24:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: http://www.google.com CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\egpbcfbaejlamdindjpaodjojjhnbipl\2.0.0.1_0\ CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\egpbcfbaejlamdindjpaodjojjhnbipl\2.0.0.1_0\egpbcfbaejlamdindjpaodjojjhnbipl\2.0.0.1_0\ CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcnlcdpdncgchnamlmdhdhokahkaikhl\4.2.25.1\ CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\ CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: No name found = C:\Users\Joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3454010157-2486133756-499389311-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe (Lenovo) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iMSS] C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe (Lenovo, Inc.) O4 - HKLM..\Run: [Power Manager Startup Utility] C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.EXE () O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [uSB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3454010157-2486133756-499389311-1000..\Run: [Voobly] C:\Program Files (x86)\Voobly\voobly.exe (Voobly) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 208.67.220.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{152B66CB-2253-4753-A664-E71EC9B2EDB5}: DhcpNameServer = 208.67.222.222 208.67.220.220 208.67.220.222 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011/12/14 21:05:40 | 000,000,049 | -HS- | M] () - Q:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{51449a97-50fb-11e2-9100-0021862995d6}\Shell - "" = AutoRun O33 - MountPoints2\{51449a97-50fb-11e2-9100-0021862995d6}\Shell\AutoRun\command - "" = E:\EasySuite.exe O33 - MountPoints2\{51449a98-50fb-11e2-9100-0021862995d6}\Shell - "" = AutoRun O33 - MountPoints2\{51449a98-50fb-11e2-9100-0021862995d6}\Shell\AutoRun\command - "" = E:\EasySuite.exe O33 - MountPoints2\{51449a9a-50fb-11e2-9100-0021862995d6}\Shell - "" = AutoRun O33 - MountPoints2\{51449a9a-50fb-11e2-9100-0021862995d6}\Shell\AutoRun\command - "" = E:\EasySuite.exe O33 - MountPoints2\{d124b946-0cf2-11e2-9528-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d124b946-0cf2-11e2-9528-806e6f6e6963}\Shell\AutoRun\command - "" = Q:\LenovoQDrive.exe -- [2011/12/14 21:05:40 | 000,267,576 | -HS- | M] (Lenovo Group Limited) O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (BootDefrag.exe) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/10/20 10:43:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTL.exe [2013/10/20 10:27:28 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/10/20 10:25:51 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\Joey\Desktop\JRT.exe [2013/10/20 10:05:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/10/20 10:05:27 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/10/20 10:05:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/10/20 10:05:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/10/20 10:05:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/10/20 10:05:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/10/20 10:05:24 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/10/20 10:05:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/10/20 10:05:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/10/20 10:05:23 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/10/20 10:05:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/10/20 10:05:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/10/20 10:05:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/10/20 10:05:20 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/10/20 10:05:20 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/10/20 09:58:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/10/20 09:56:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013/10/20 09:53:04 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/10/20 09:53:03 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/10/20 09:53:03 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/10/20 09:53:02 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2013/10/20 09:53:02 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/10/20 09:53:01 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/10/20 09:53:00 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/10/20 09:53:00 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/10/20 09:53:00 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/10/20 09:53:00 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2013/10/20 09:53:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2013/10/20 09:52:59 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/10/20 09:52:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/10/20 09:52:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/10/20 09:52:59 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/10/20 09:52:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/10/20 09:52:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/10/20 09:52:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/10/20 09:52:59 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/10/20 09:52:59 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/10/20 09:52:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/10/20 09:52:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/10/20 09:52:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/10/20 09:52:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/10/20 09:52:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/10/20 09:52:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/10/20 09:52:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/10/20 09:52:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/10/20 09:52:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/10/20 09:52:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/10/20 09:52:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/10/20 09:52:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/10/20 09:52:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/10/20 09:52:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/10/20 09:52:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/10/20 09:52:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/10/20 09:52:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/10/20 09:52:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/10/20 09:52:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/10/20 09:52:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/10/20 09:52:56 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/10/20 09:52:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/10/20 09:52:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/10/20 09:52:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/10/20 09:52:56 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/10/20 09:52:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/10/20 09:52:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/10/20 09:52:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/10/20 09:52:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/10/20 09:52:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/10/20 09:52:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/10/20 09:52:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/10/20 09:52:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/10/20 09:52:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/10/20 09:52:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/10/20 09:52:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/10/20 09:52:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/10/20 09:52:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/10/20 09:52:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/10/20 09:52:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/10/20 09:52:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/10/20 09:52:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/10/20 09:52:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/10/20 09:52:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/10/20 09:52:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/10/20 09:52:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/10/20 09:52:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/10/20 09:52:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/10/20 09:52:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/10/20 09:52:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/10/20 09:52:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/10/20 09:52:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/10/20 09:52:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/10/20 09:52:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/10/20 09:52:52 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2013/10/20 09:52:52 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll [2013/10/20 09:52:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/10/20 09:52:48 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013/10/20 09:52:48 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2013/10/20 09:52:47 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013/10/20 09:52:16 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013/10/20 09:52:15 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013/10/20 09:50:59 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013/10/20 09:50:59 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys [2013/10/20 09:50:51 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013/10/20 09:50:50 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013/10/20 09:50:49 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013/10/20 09:50:49 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013/10/20 09:49:40 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013/10/20 09:49:29 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2013/10/20 09:49:29 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2013/10/20 09:49:18 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2013/10/20 09:49:17 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013/10/20 09:49:17 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013/10/20 09:49:17 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll [2013/10/20 09:49:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll [2013/10/20 09:49:16 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll [2013/10/20 09:49:16 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll [2013/10/20 09:49:16 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013/10/20 09:49:16 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013/10/20 09:49:15 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2013/10/20 09:49:14 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll [2013/10/20 09:49:14 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll [2013/10/20 09:49:13 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll [2013/10/20 09:49:13 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll [2013/10/20 09:49:10 | 001,545,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013/10/20 09:49:09 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/10/20 09:49:09 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/10/20 09:18:18 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Joey\Desktop\dds.com [2013/10/20 08:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis [2013/10/20 08:42:34 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\Apps [2013/10/20 08:37:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnalyseThis [2013/10/10 18:13:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013/10/10 18:13:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks [2013/10/10 18:13:09 | 000,000,000 | ---D | C] -- C:\Games [2013/10/09 19:28:53 | 000,000,000 | ---D | C] -- C:\Users\Joey\Desktop\Games [2013/10/09 19:06:59 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Malwarebytes [2013/10/09 19:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/10/09 19:06:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/10/09 19:06:56 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/10/09 19:06:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/10/09 18:17:25 | 000,000,000 | R--D | C] -- C:\Users\Joey\Dropbox [2013/10/09 18:16:50 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013/10/09 18:16:30 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Dropbox [2013/10/08 18:53:04 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WordOv [2013/10/08 18:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetPacks_A5 [2013/10/08 18:51:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ljkb [2013/10/08 18:51:20 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll [2013/10/06 19:15:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013/10/06 19:15:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013/10/05 08:01:07 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\LolClient [2013/10/05 06:39:07 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2013/10/05 06:39:07 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2013/10/05 06:39:07 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2013/10/05 06:39:07 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2013/10/05 06:39:07 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2013/10/05 06:38:49 | 000,000,000 | ---D | C] -- C:\Riot Games [2013/10/05 06:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends [2013/10/05 06:38:19 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\PMB Files [2013/10/05 06:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013/10/05 06:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013/10/05 06:37:21 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Roaming\Riot Games [2013/09/21 17:00:56 | 000,000,000 | ---D | C] -- C:\ProgramData\GorillaPrice [2013/09/21 17:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GorillaPrice [2013/09/21 17:00:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\modules [2013/09/21 17:00:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\js [2013/09/21 17:00:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\images [2013/09/21 17:00:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\html [2013/09/21 17:00:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\css [2013/09/21 17:00:50 | 000,000,000 | ---D | C] -- C:\Users\Joey\AppData\Local\avgchrome [2013/09/21 17:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\DSearchLink [2013/09/21 17:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDownloaderManager [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/10/20 10:42:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joey\Desktop\OTL.exe [2013/10/20 10:26:00 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/10/20 10:26:00 | 000,034,432 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/10/20 10:25:52 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\Joey\Desktop\JRT.exe [2013/10/20 10:22:21 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize 3.job [2013/10/20 10:21:21 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2013/10/20 10:18:17 | 000,444,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/10/20 10:17:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/10/20 10:17:45 | 3174,408,192 | -HS- | M] () -- C:\hiberfil.sys [2013/10/20 10:09:02 | 000,742,120 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/10/20 10:09:02 | 000,625,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/10/20 10:09:02 | 000,106,898 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/10/20 10:05:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/10/20 09:18:18 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Joey\Desktop\dds.com [2013/10/13 18:39:57 | 000,001,057 | ---- | M] () -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/10/12 07:35:23 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\Need for Madness.lnk [2013/10/12 06:43:14 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk [2013/10/08 19:05:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/10/08 19:05:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/09/26 16:49:02 | 000,001,115 | ---- | M] () -- C:\Users\Joey\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk [2013/09/22 09:42:33 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/09/22 09:33:06 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/09/22 09:30:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/09/22 09:23:30 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/09/22 09:22:05 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/09/22 09:21:21 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/09/22 09:19:35 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/09/22 09:16:32 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/09/22 09:07:22 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/09/22 05:14:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/09/22 05:12:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/09/22 05:08:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/09/22 05:07:38 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/09/22 05:03:54 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/09/22 04:59:06 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/10/20 09:49:29 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013/10/12 07:35:23 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\Need for Madness.lnk [2013/10/10 18:13:11 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk [2013/10/09 18:16:59 | 000,001,057 | ---- | C] () -- C:\Users\Joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/10/08 18:51:20 | 001,761,584 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe [2013/07/02 14:58:50 | 000,000,083 | ---- | C] () -- C:\Windows\wwp.INI [2013/06/30 13:51:24 | 000,000,613 | ---- | C] () -- C:\Windows\eReg.dat [2013/06/03 13:56:36 | 000,000,769 | ---- | C] () -- C:\Windows\Edofma.INI [2012/12/26 11:14:04 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin [2012/12/26 10:21:50 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012/12/26 10:21:50 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012/12/25 08:28:18 | 000,000,000 | ---- | C] () -- C:\Windows\firstboot.dat [2012/10/02 19:51:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012/10/02 19:35:27 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/10/02 19:35:27 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/10/02 19:35:27 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012/02/15 00:27:52 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2012/02/15 00:27:38 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011/12/08 18:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011/05/20 15:33:12 | 001,066,031 | ---- | C] () -- C:\Users\Joey\pig1.JPG [2011/02/02 18:15:14 | 000,006,893 | ---- | C] () -- C:\Users\Joey\drumswet.lxf [2010/12/11 14:37:13 | 000,109,889 | ---- | C] () -- C:\Users\Joey\Untitled17.lxf [2010/12/07 22:41:59 | 000,098,846 | ---- | C] () -- C:\Users\Joey\payment 12_2010.pdf [2010/10/12 21:49:17 | 009,730,754 | ---- | C] () -- C:\Users\Joey\submarine.skp [2010/10/07 20:24:34 | 000,155,833 | ---- | C] () -- C:\Users\Joey\wheel and axle.skb [2010/10/07 19:54:48 | 000,155,091 | ---- | C] () -- C:\Users\Joey\wheel and axle.skp [2010/10/07 19:32:57 | 000,815,796 | ---- | C] () -- C:\Users\Joey\inclined plane.skp [2010/09/30 00:01:01 | 000,121,911 | ---- | C] () -- C:\Users\Joey\rikki tikki bungalow.skb [2010/09/29 17:46:18 | 000,132,332 | ---- | C] () -- C:\Users\Joey\rikki tikki bungalow.skp [2010/09/28 19:39:56 | 000,394,006 | ---- | C] () -- C:\Users\Joey\cobra rikki tikki.skp [2010/09/24 21:38:55 | 000,277,773 | ---- | C] () -- C:\Users\Joey\house.skp [2010/09/24 21:13:33 | 000,231,687 | ---- | C] () -- C:\Users\Joey\house.skb [2010/09/23 20:29:58 | 007,793,439 | ---- | C] () -- C:\Users\Joey\APU.skp [2010/09/23 20:23:07 | 000,100,117 | ---- | C] () -- C:\Users\Joey\USA.skp [2010/04/26 00:47:55 | 000,035,102 | ---- | C] () -- C:\Users\Joey\The Persistent Puzzle of.jpg [2010/01/09 15:01:22 | 000,009,659 | ---- | C] () -- C:\Users\Joey\valentine.lxf [2009/10/15 16:58:04 | 000,252,845 | ---- | C] () -- C:\Users\Joey\10350814.potx ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report > HERE is the EXTRAS file: OTL Extras logfile created on: 10/20/2013 10:44:57 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joey\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.94 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 50.60% Memory free 7.88 Gb Paging File | 5.56 Gb Available in Paging File | 70.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 916.37 Gb Total Space | 689.00 Gb Free Space | 75.19% Space Free | Partition Type: NTFS Drive Q: | 13.67 Gb Total Space | 3.49 Gb Free Space | 25.55% Space Free | Partition Type: NTFS Computer Name: BUDDY | User Name: Joey | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3454010157-2486133756-499389311-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- Reg Error: Key error. https [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{063C85C0-A731-4B95-9D09-9545926AD408}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{11E7D1D9-5910-43D9-AF70-187917D4C838}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1D0D39A0-5634-41CB-B4B4-9595C62B9ED2}" = lport=137 | protocol=17 | dir=in | app=system | "{3086266E-90FB-4C38-A8CB-B8880D8A623F}" = lport=2869 | protocol=6 | dir=in | app=system | "{436F9ED2-782A-4F03-8AF5-A32BAC2583B0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{53B3AD8B-D855-46C2-98E2-3AC6F056AC0E}" = rport=445 | protocol=6 | dir=out | app=system | "{56832717-AEE5-4029-8E90-12559BDE1BB4}" = rport=137 | protocol=17 | dir=out | app=system | "{64EAAEC6-58DD-41F3-B4DF-99F43F1E7DBB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{67F0D8C0-B58B-458E-B600-D22DC2D833FE}" = lport=58253 | protocol=6 | dir=in | name=pando media booster | "{6B04A1FD-2287-4917-8271-3D9F6B4CF60B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{749F206C-B3F3-49F4-91CC-7C9E8C1F5345}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7AA852E1-7B6D-43C8-B33E-83B628B0A358}" = lport=138 | protocol=17 | dir=in | app=system | "{8CD37D27-7F71-4150-9B69-ECBEC8ADDFFC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8E851861-7E25-405A-86EC-4B4EE1E6764E}" = lport=58253 | protocol=6 | dir=in | name=pando media booster | "{9FECEF4B-FEFE-4E6D-A17E-12103AAA4925}" = lport=58253 | protocol=17 | dir=in | name=pando media booster | "{B2FA8A3F-CCD4-47B1-BDDA-F9A8031192F5}" = lport=10243 | protocol=6 | dir=in | app=system | "{B8313B6D-FCCB-41CD-A9D1-85E4DCAF280B}" = rport=139 | protocol=6 | dir=out | app=system | "{C78694D8-6158-4E0D-BB24-7726574BE98E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C8D04638-7B9B-4601-BEA7-3DF9F7A8FC09}" = rport=138 | protocol=17 | dir=out | app=system | "{D88760F6-7E24-41D5-AD05-8198710385AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E1E80220-806A-48BA-A466-F76479AF52F0}" = lport=139 | protocol=6 | dir=in | app=system | "{E3C58AB1-A730-4DF0-93C1-BB09A45EC895}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E3C69B32-97A1-43A6-8757-50F8DF1A8D94}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E6C03AF2-2BE8-4F0B-9F4F-D5A0C2152834}" = lport=445 | protocol=6 | dir=in | app=system | "{F15635AE-D98C-41F3-93AA-02447496FDBB}" = rport=10243 | protocol=6 | dir=out | app=system | "{F32D5140-0AA4-4400-B09C-196E3862C317}" = lport=58253 | protocol=17 | dir=in | name=pando media booster | "{F8D02143-85D2-4063-BACF-7526F78F8995}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00019E2F-D6B2-4274-ACF1-D5C91E854383}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{127BB0FD-03D7-48C8-9FFA-FD93B8066496}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{197CEC7B-D285-4FD9-BAEA-47ACF705426D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1BFD77F8-4DC4-4A3C-A1A1-2A740C52B4EA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{217A1ED4-5319-45A9-AD82-E7A2FE04F1B0}" = protocol=17 | dir=in | app=c:\users\joey\appdata\roaming\dropbox\bin\dropbox.exe | "{254A18C5-09CD-4995-92A0-76EFBA3209FC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{2ACECB8F-3D3F-4244-8FA9-687E531E1B22}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{2AF1DB60-CFB8-439E-A258-77F492AEA634}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{3133B9E7-815A-400C-B78E-29D4CAB48A8E}" = protocol=17 | dir=in | app=c:\program files (x86)\mount&blade warband\mb_warband.exe | "{31A4F1F3-073F-4C27-B105-86F653F636DB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{38B40BC3-9495-4CC1-8897-DE3274114D60}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | "{3B5D20CE-81F7-496C-B24E-4B5783C48DFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4413A55C-92B3-4B34-B26D-661484093379}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{49DFFBD1-2DF5-4F81-A5E2-2ECC103CFD2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4BBB0CEF-604A-4D98-8B51-CC3AA9B2B49C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4FA281EE-1260-44E4-96FC-9B2F17FD17A1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{58EBEDBE-A6CF-408E-BACF-2B4B08767FAB}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | "{5C9A68F2-B370-494C-AF47-BF3B51DB1500}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6516606F-B508-492B-86DA-641FC520C451}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{6EB83527-6A4E-4575-96A8-5766076E1C5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6FC9C6FF-C4AD-49D6-B782-FC8C130CA141}" = protocol=6 | dir=in | app=c:\program files (x86)\mount&blade warband\mb_warband.exe | "{7E250024-8152-4330-8538-8B99C806615B}" = protocol=6 | dir=in | app=c:\users\joey\appdata\roaming\dropbox\bin\dropbox.exe | "{86214966-B47C-410B-9078-D86676294E08}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | "{884F69F2-E967-4FD7-B71F-9AFEA74DDFAC}" = protocol=6 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{88B529D9-313C-4AD9-9190-02210FA84C85}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8ABBC59A-B2E5-44FF-951F-313DF3FF501C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9B0DD129-DBBA-4D63-9EE9-854A0698DBCF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A110921F-B485-4C2C-9DE0-CC5444F92D72}" = protocol=17 | dir=in | app=c:\program files (x86)\lenovo\system update\uncserver.exe | "{AC7B3005-11AF-4D31-9623-E7C83889786E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{AE47A8F1-1D22-44CF-962E-AD2DE11F41F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BFCB146D-0DF5-4E8A-855F-3E36BE999CD9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{C20736B0-F16C-46AA-8F68-2059E125C488}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C52F4DCD-D544-4446-AF0C-BC3C0483FF80}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe | "{C97AEB7F-C885-4F49-8E07-B3BEE5DDAE24}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{CA01E3EF-F07D-4985-A645-1825BA224595}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{D8BFA9B6-B78E-4AFF-93AC-FC9ACD80E6ED}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DAB3E717-3149-48D9-8A08-173356B1083F}" = protocol=6 | dir=out | app=system | "{DC99945A-928F-4357-8FB2-FD9C5AAAD808}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{E4D84D9E-1DE6-46E2-85F7-9424B53F7711}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{E59F7132-C054-4A54-B87F-C72FA4C8700B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ECEDD6A8-4E13-4DBB-A9C1-BB109E80AA0F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{F1E1882A-3DC8-4AB1-9CA2-E7481348CDF2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F30BE2FA-13FA-43A8-8EDD-B5F1A9CFC587}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F68E8FB5-EDAF-4CE6-B25A-0D142678F8E8}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{FC09D7B0-A38E-4079-8914-C9A572CF79BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FC5C2874-0D83-4B27-9781-0527838D0D78}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{FF6581E3-6ABD-4C04-8BBD-9F40544B5C2F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{36FA103E-4777-439B-B287-B30B98363B59}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | "TCP Query User{48AC2F93-B112-411B-B6BF-B27D8D663600}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | "TCP Query User{49299766-BC97-417D-AA2F-437B85E4F0F8}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x2.exe | "TCP Query User{5F108D77-EF03-4BB4-8F22-891FF9C82411}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{5F3F2F90-F998-4D96-9827-870010E92B5C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "TCP Query User{64FDD20E-E8D8-4B32-BCC0-0C29885B537B}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.icd | "TCP Query User{6E5AC88A-E26B-45F4-BDDD-4F03DA3A3663}C:\users\joey\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\joey\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{7A2331E7-566E-4779-B309-F0FFADD13329}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | "TCP Query User{8275D57B-CDDB-4CA9-9127-3489071671D7}C:\program files (x86)\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empiresx.exe | "TCP Query User{954AAA4C-A3DD-40CE-AE9A-ED90C14A1A15}C:\program files (x86)\mount&blade warband\mb_warband.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mount&blade warband\mb_warband.exe | "TCP Query User{9783B298-A455-4A07-AFC4-78610EC0AA2A}C:\users\public\desktop\need for madness\madness.exe" = protocol=6 | dir=in | app=c:\users\public\desktop\need for madness\madness.exe | "TCP Query User{EC8FE15D-BC96-4098-A48F-90E768B4A279}C:\program files (x86)\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\empires dawn of the modern world\empires_dmw.exe | "TCP Query User{ED746844-643D-4E80-8C9A-94A4248F20EE}C:\program files (x86)\voobly\voobly.exe" = protocol=6 | dir=in | app=c:\program files (x86)\voobly\voobly.exe | "TCP Query User{F541BAA6-D73F-4C42-8774-E6A8A680F215}C:\program files (x86)\city interactive\combat wings - battle of britain en\game.bin" = protocol=6 | dir=in | app=c:\program files (x86)\city interactive\combat wings - battle of britain en\game.bin | "UDP Query User{092CEE3E-9123-48DB-80CE-34D7D8DFE9E2}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe | "UDP Query User{143ED108-33F9-4F41-B7F7-BF2F4CDC5C94}C:\program files (x86)\activision\empires dawn of the modern world\empires_dmw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\empires dawn of the modern world\empires_dmw.exe | "UDP Query User{19B70BB3-45CB-40EA-BBF4-FA94D7C36F54}C:\program files (x86)\city interactive\combat wings - battle of britain en\game.bin" = protocol=17 | dir=in | app=c:\program files (x86)\city interactive\combat wings - battle of britain en\game.bin | "UDP Query User{60252592-DAAA-4B26-AC7E-CE0BBB245ED3}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | "UDP Query User{7ACF9CDD-38AE-41C6-BD73-F4FDF1EDF6F0}C:\users\joey\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\joey\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{822300AA-F426-4902-9FB4-DB3057CCE63C}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x2.exe | "UDP Query User{8282F57D-1FCF-47A3-959F-F847589C989C}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | "UDP Query User{8CED3C85-616E-4620-960F-50D55D1461D0}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.exe | "UDP Query User{A2052895-0758-4377-AFBF-12C9E06E20D9}C:\program files (x86)\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires\empiresx.exe | "UDP Query User{AC071583-C30D-4909-9373-DB5391959675}C:\program files (x86)\mount&blade warband\mb_warband.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mount&blade warband\mb_warband.exe | "UDP Query User{B6FA139D-C908-4B3C-9C8F-D567A0EF085C}C:\program files (x86)\voobly\voobly.exe" = protocol=17 | dir=in | app=c:\program files (x86)\voobly\voobly.exe | "UDP Query User{BDF2E5F9-C691-4C71-B7D9-213F025C610C}C:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\age2_x1\age2_x1.icd | "UDP Query User{C4A1045D-AFAA-47C2-8982-95B29635352C}C:\users\public\desktop\need for madness\madness.exe" = protocol=17 | dir=in | app=c:\users\public\desktop\need for madness\madness.exe | "UDP Query User{EC1B9377-9152-4E7D-AC6A-2C399742C34B}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0369F866-2CE0-4EB9-B426-88FA122C6E82}" = Lenovo Patch Utility 64 bit "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{2239633A-969C-39BF-B5C2-C172F44EC096}" = AMD Catalyst Install Manager "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{3849486C-FF09-4F5D-B491-3E179D58EE15}" = Message Center Plus "{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client "{6438A99C-A37E-4758-A0AE-95F8A63AAFF5}" = Intel® Network Connections 16.8.46.0 "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{C6254514-DD94-45E5-87C0-B9CB90A34C89}" = View Management Utility "{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}" = WinZip 17.5 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DD00F699-6861-4DCF-A19F-8CF61E5E28ED}" = Lenovo Solution Center "{E1F8138F-41E7-F39B-EA3E-735EC73F8889}" = ccc-utility64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "09839A9B5EDA69DA2DCC34637B5140AAF8A53B44" = Windows Driver Package - Intel System (01/11/2012 9.3.0.1020) "4D7E325B73136CE735F86BC465965BFECB76C1AD" = Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display (02/14/2012 8.913.1.0000) "5DE3700033F94FCFD8726BE46A6727E460254CD5" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/03/2012 6.0.1.6543) "7E26D65CA5110FF168A57B5C479134FA5450759B" = Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA (10/18/2011 7.12.0.7704) "97EE1802A0385A37DE6323FA39EC76BEB2D73E41" = Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) "9D7CD466F7FC8B18FF1B84943B7BB8648D17FCE8" = Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) "A7E82C89A6D6643325B95A4FEDAB3DB18640208F" = Windows Driver Package - Intel hdc (08/26/2011 9.3.0.1011) "CCleaner" = CCleaner "CutePDF Writer Installation" = CutePDF Writer 3.0 "D8EF6CACF49BD33CC1FACD124C8CC2B1A8E8AE35" = Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) "E6D02BAF356D0EEE96DE70D352026CE420321A16" = Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0) "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "monetomi" = monetomi 3.0.0 "PROSetDX" = Intel® Network Connections 16.8.46.0 "WinRAR archiver" = WinRAR 5.00 beta 8 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] " Heroes of Might and Magic III Armageddon's Blade" = Heroes of Might and Magic III Armageddon's Blade "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser "{036F7816-8EC9-22F9-1E43-7123DB870B30}" = CCC Help Danish "{0474AACF-1A71-7209-E6A6-C1F70C76EDAA}" = CCC Help Swedish "{0A3B7EBA-E498-253E-CAF0-D9821A29A470}" = CCC Help Greek "{13F59938-C595-479C-B479-F171AB9AF64F}" = Lenovo User Guide "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1E4ED7C6-74B9-EB9C-AB39-8FDBD8F5695F}" = CCC Help German "{1E943FE6-F628-08B4-DD29-A12101B042C1}" = CCC Help Spanish "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1" = World of Tanks "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver "{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{28101984-0BA6-40FD-9ABE-72F62F80C06C}" = Heroes of Might and Magic V "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29BD817E-1563-1746-EAD9-70291A2F2D4D}" = CCC Help Turkish "{2DC26D10-CC6A-494F-BEA3-B5BC21126D5E}" = Lenovo Welcome "{2F7C2130-B132-5236-1A12-E0301471D830}" = CCC Help Chinese Traditional "{3C592481-FC0C-EAF8-6EB2-3DEE01C36072}" = CCC Help Korean "{3DD2E9EA-0544-4162-B8BE-E21E994E9F3B}" = LEGO Racers 2 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F78AE55-4886-97C6-2CC9-AB177F523B26}" = CCC Help Dutch "{50076563-CF6F-6C29-09BA-8730A54DE9F9}" = CCC Help English "{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media "{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7 "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{619E87FD-26F9-B282-5E46-D17093AAA22D}" = CCC Help Finnish "{631DB5D7-36D5-861F-8970-85E6EDAC2E1E}" = Catalyst Control Center InstallProxy "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{65F7FB65-3BCC-0A39-9E7D-C3660E38C9CB}" = CCC Help Chinese Standard "{6707C034-ED6B-4B6A-B21F-969B3606FBDE}" = Lenovo Registration "{6A8139D8-B5D4-B778-4FEB-A3B720DB30E1}" = Catalyst Control Center "{6CF2CB52-46B6-FAE4-5921-BAB59D05CAE7}" = CCC Help Polish "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends "{7E9322C5-6C3E-4943-97E6-78D5DA6A33F3}" = Battle of Europe "{8743A446-E143-FDE1-BEC8-09A8B7F0A131}" = Catalyst Control Center Localization All "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C02C624-48D6-E6DE-52AF-0A88E0DB7D38}" = CCC Help Italian "{9D0091E0-8BB9-4440-98CC-E693283EB990}" = Need for Madness Multiplayer "{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™ "{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5 "{A637F36B-2B36-11D4-A322-0001020A6A3D}" = LEGO Creator Knights' Kingdom "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) "{AD372173-A8D6-6F21-3642-A05DE64E81CA}" = CCC Help Czech "{B627299E-DC01-B818-42C1-CF1CAEB82301}" = CCC Help Portuguese "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{B7B3E9B3-FB14-4927-894B-E9124509AF5A}" = Adobe Flash Player 10 ActiveX "{BEEED310-7C16-49F5-FDCE-4484F6F256D2}" = CCC Help Hungarian "{C5A03F82-CCFE-06B4-428D-0BEB66AFBE8F}" = CCC Help Japanese "{C5C91B7B-38A6-40B7-84D6-E44885E44B13}" = LBAI "{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga "{D79429AB-E078-CDD0-0F25-F7206BBC1713}" = CCC Help Norwegian "{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkVantage Power Manager "{DE1718B6-64F0-2F98-7FF2-7E4CA3526169}" = CCC Help French "{DFFABF09-4BD5-4258-B191-117B1B743732}" = Catalyst Control Center - Branding "{E763F193-D288-5854-791A-EA95D8858769}" = CCC Help Russian "{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access "{EC1DCD6C-3AE0-42CE-8EAA-6886CC4400DC}" = Drome Racers "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "{F6EB7E7B-F6E1-45F8-A0CD-7C65AE552223}" = SavetheChildren Reminder by We-Care.com v4.1.23.4 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FB50A7F5-2FF9-CEA4-6149-47F84D3E10B8}" = CCC Help Thai "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF60F8C4-5073-A43B-5BF4-A7BC3098C533}" = Catalyst Control Center Profiles Desktop "Adobe Acrobat 4.0" = Adobe Acrobat 4.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Age of Empires 2.0" = Microsoft Age of Empires II "Age of Empires Gold 1.0" = Microsoft Age of Empires Gold "Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion "Age of Mythology 1.0" = Age of Mythology "avast" = avast! Free Antivirus "Battle of Britain II" = Battle of Britain II "Combat Wings - Battle of Britain_is1" = Combat Wings - Battle of Britain (1.0) "Combat Wings_is1" = Combat Wings (1.0) "Empires Dawn of the Modern World" = Empires Dawn of the Modern World "Fastboot" = RapidBoot HDD Accelerator "Glary Utilities 3" = Glary Utilities 3.9.2 "Glary Utilities_is1" = Glary Utilities 2.56.0.1822 "GorillaPrice" = GorillaPrice "Heroes III The Shadow of Death" = Heroes of Might and Magic® III The Shadow of Death "InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition "InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition "InstallShield_{C6254514-DD94-45E5-87C0-B9CB90A34C89}" = View Management Utility "InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga "InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder "League of Legends 3.0.0" = League of Legends "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Mini Ninjas" = Mini Ninjas 1.0 "Mount&Blade" = Mount&Blade "Mount&Blade Warband" = Mount&Blade Warband "Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "New LEGO Digital Designer" = LEGO Digital Designer "Office14.SingleImage" = Microsoft Office Home and Student 2010 "OpenAL" = OpenAL "Picasa 3" = Picasa 3 "SEGAGenesisClassics" = SEGA Genesis Classics "SpywareBlaster_is1" = SpywareBlaster 5.0 "Typing Instructor Deluxe" = Typing Instructor Deluxe "Voobly_is1" = Voobly Game Data "Wings Over Europe" = Wings Over Europe "World War II - Pacific Heroes_is1" = World War II - Pacific Heroes (1.0) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3454010157-2486133756-499389311-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "UnityWebPlayer" = Unity Web Player

I ran the JRT file but forgot to run it as administrator. It deleted the first txt file that had saved to my desktop when I re-ran it as administrator. It had deleted several things but I now cannot locate the file to paste it. I am new to this. Please bear with me! Here is the file it posted the second time, although it doesn't tell anything: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:3) OS: Windows 7 Professional x64 Ran by Joey on Sun 10/20/2013 at 10:33:58.98 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared

I believe I am infected with Gorilla Price and maybe another hijacker for which I cannot find the name. MalwareBytes free version did not detect either one. Here are the logs. I do not see the checkbox for "immediate email notification." DDS.TXT DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.25.2 Run by Joey at 9:19:28 on 2013-10-20 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4036.1918 [GMT -5:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files\Lenovo\LBAI\LBAEvent.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe C:\Windows\SysWOW64\NLSSRV32.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Glary Utilities 3\Integrator.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe C:\Program Files (x86)\Lenovo\PowerMgr\SCHTASK.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wuauclt.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Glary Utilities 3\MemfilesService.exe C:\Program Files (x86)\Glary Utilities 3\x64\Win64ShellLink.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: SweetPacks A5 Toolbar: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - C:\Program Files (x86)\SweetPacks_A5\prxtbSwee.dll mURLSearchHooks: SweetPacks A5 Toolbar: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - C:\Program Files (x86)\SweetPacks_A5\prxtbSwee.dll mWinlogon: Userinit = userinit.exe, BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: SweetPacks A5 Toolbar: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - C:\Program Files (x86)\SweetPacks_A5\prxtbSwee.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll BHO: GreatArcadeHits Add-on: {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\Joey\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: SweetPacks A5 Toolbar: {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} - C:\Program Files (x86)\SweetPacks_A5\prxtbSwee.dll uRun: [Voobly] "C:\Program Files (x86)\Voobly\voobly.exe" --startup uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" mRun: [Power Manager Startup Utility] C:\Program Files (x86)\Lenovo\PowerMgr\DPMHost.exe mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\Joey\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Joey\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 208.67.222.222 208.67.220.220 208.67.220.222 TCP: Interfaces\{152B66CB-2253-4753-A664-E71EC9B2EDB5} : DHCPNameServer = 208.67.222.222 208.67.220.220 208.67.220.222 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll AppInit_DLLs= c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll SSODL: WebCheck - <orphaned> x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\ FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Users\Joey\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-10-08 18:51; {93ec97bf-fe43-4bca-a735-5c5d6a0a40c4}; C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\{93ec97bf-fe43-4bca-a735-5c5d6a0a40c4} FF - ExtSQL: 2013-10-08 18:52; jzkenlkaloil@kctewplunsmgzuca.org; C:\Users\Joey\AppData\Roaming\Mozilla\Firefox\Profiles\zanzli56.default\extensions\jzkenlkaloil@kctewplunsmgzuca.org . ---- FIREFOX POLICIES ---- FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - f03364bc0000000000000021862995d6 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15969 FF - user.js: extensions.delta.vrsn - 1.8.24.6 FF - user.js: extensions.delta.vrsni - 1.8.24.6 FF - user.js: extensions.delta.vrsnTs - 1.8.24.617:00:30 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.ffxUnstlRst - true FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta_i.babTrack - affID=123485&tsp=5012 FF - user.js: extensions.delta_i.babExt - FF - user.js: extensions.delta_i.srcExt - ss FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . ============= SERVICES / DRIVERS =============== . R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-10-2 16152] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-25 984144] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-25 370288] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-10-2 204288] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-12-25 25232] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-25 71600] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-25 44808] R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-10-2 169776] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-2 13592] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-2 161560] R2 LBAEvent;Lenovo LBA Event Service;C:\Program Files\Lenovo\LBAI\LBAEvent.exe [2012-10-2 15520] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-10-2 58224] R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-10-2 61296] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-9 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-9 701512] R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-5-24 69640] R2 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\Lenovo\PowerMgr\PWMDBSVC.exe [2012-10-2 70968] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-2 363800] R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-19 84080] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-10-2 93712] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-10-2 356120] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-10-2 787736] R3 LBAI;Lenovo application interface driver;C:\Windows\System32\drivers\LBAI.sys [2012-10-2 9600] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-9 25928] R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168] S3 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-10-2 70416] S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\Lenovo\PowerMgr\PWMEWSVC.exe [2012-10-2 165176] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-27 1255736] . =============== Created Last 30 ================ . 2074-05-11 23:09:06 11393848 ----a-w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe 2013-10-20 13:42:34 -------- d-----w- C:\Users\Joey\AppData\Local\Apps 2013-10-20 13:37:05 -------- d-----w- C:\Program Files (x86)\AnalyseThis 2013-10-10 23:13:13 -------- d--h--w- C:\Windows\msdownld.tmp 2013-10-10 23:13:12 -------- d-----w- C:\Windows\SysWow64\directx 2013-10-10 23:13:09 -------- d-----w- C:\Games 2013-10-10 00:06:59 -------- d-----w- C:\Users\Joey\AppData\Roaming\Malwarebytes 2013-10-10 00:06:57 -------- d-----w- C:\ProgramData\Malwarebytes 2013-10-10 00:06:56 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-10-10 00:06:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-09 23:17:25 -------- d-----r- C:\Users\Joey\Dropbox 2013-10-09 23:16:30 -------- d-----w- C:\Users\Joey\AppData\Roaming\Dropbox 2013-10-08 23:52:20 -------- d-----w- C:\Users\Joey\AppData\Local\GreatArcadeHits 2013-10-08 23:51:55 -------- d-----w- C:\Program Files (x86)\SearchProtect 2013-10-08 23:51:47 -------- d-----w- C:\Users\Joey\AppData\Local\Conduit 2013-10-08 23:51:47 -------- d-----w- C:\ProgramData\Conduit 2013-10-08 23:51:47 -------- d-----w- C:\Program Files (x86)\SweetPacks_A5 2013-10-08 23:51:47 -------- d-----w- C:\Program Files (x86)\Conduit 2013-10-08 23:51:41 -------- d-----w- C:\Users\Joey\AppData\Roaming\SearchProtect 2013-10-08 23:51:22 -------- d-----w- C:\Windows\SysWow64\jmdp 2013-10-08 23:51:22 -------- d-----w- C:\Windows\System32\ljkb 2013-10-08 23:51:20 33792 ----a-w- C:\Windows\System32\ImHttpComm.dll 2013-10-08 23:51:20 1761584 ----a-w- C:\Windows\System32\dmwu.exe 2013-10-08 23:51:20 -------- d-----w- C:\Windows\SysWow64\ARFC 2013-10-08 23:51:19 -------- d-----w- C:\Windows\SysWow64\WNLT 2013-10-07 00:15:31 -------- d-----w- C:\Windows\SysWow64\searchplugins 2013-10-07 00:15:31 -------- d-----w- C:\Windows\SysWow64\Extensions 2013-10-05 13:01:07 -------- d-----w- C:\Users\Joey\AppData\Roaming\LolClient 2013-10-05 11:39:07 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll 2013-10-05 11:39:07 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll 2013-10-05 11:39:07 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll 2013-10-05 11:39:07 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll 2013-10-05 11:39:07 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll 2013-10-05 11:38:51 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin 2013-10-05 11:38:49 -------- d-----w- C:\Riot Games 2013-10-05 11:38:19 -------- d-----w- C:\Users\Joey\AppData\Local\PMB Files 2013-10-05 11:38:16 -------- d-----w- C:\ProgramData\PMB Files 2013-10-05 11:38:12 -------- d-----w- C:\Program Files (x86)\Pando Networks 2013-10-05 11:37:21 -------- d-----w- C:\Users\Joey\AppData\Roaming\Riot Games 2013-09-21 22:00:58 -------- d-----w- C:\ProgramData\boost_interprocess 2013-09-21 22:00:56 -------- d-----w- C:\ProgramData\GorillaPrice 2013-09-21 22:00:53 -------- d-----w- C:\Program Files (x86)\GorillaPrice 2013-09-21 22:00:50 -------- d-----w- C:\Windows\SysWow64\modules 2013-09-21 22:00:50 -------- d-----w- C:\Windows\SysWow64\js 2013-09-21 22:00:50 -------- d-----w- C:\Windows\SysWow64\images 2013-09-21 22:00:50 -------- d-----w- C:\Windows\SysWow64\html 2013-09-21 22:00:50 -------- d-----w- C:\Windows\SysWow64\css 2013-09-21 22:00:50 -------- d-----w- C:\Users\Joey\AppData\Local\avgchrome 2013-09-21 22:00:26 -------- d-----w- C:\ProgramData\DSearchLink 2013-09-21 22:00:14 -------- d-----w- C:\ProgramData\Babylon 2013-09-21 22:00:00 -------- d-----w- C:\Program Files (x86)\OpenDownloaderManager . ==================== Find3M ==================== . 2013-10-09 00:05:09 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-09 00:05:09 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-13 08:32:10 117024 ----a-w- C:\Windows\System32\BootDefrag.exe 2013-09-09 07:57:00 829264 ----a-w- C:\Windows\System32\msvcr100.dll 2013-09-09 07:57:00 608080 ----a-w- C:\Windows\System32\msvcp100.dll . ============= FINISH: 9:19:48.16 =============== ATTACH.TXT . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/25/2012 7:28:06 AM System Uptime: 10/18/2013 6:39:31 AM (51 hours ago) . Motherboard: LENOVO | | MAHOBAY Processor: Intel® Core i7-3770 CPU @ 3.40GHz | SOCKET 0 | 3401/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 916 GiB total, 684.828 GiB free. D: is CDROM () E: is Removable Q: is FIXED (NTFS) - 14 GiB total, 3.493 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP111: 9/8/2013 4:17:16 PM - Scheduled Checkpoint RP112: 9/17/2013 5:17:59 PM - Scheduled Checkpoint RP113: 9/21/2013 5:01:14 PM - Installed WeatherBug RP114: 9/29/2013 9:43:57 AM - Scheduled Checkpoint RP115: 10/5/2013 6:38:26 AM - Installed League of Legends RP116: 10/5/2013 6:39:00 AM - Installed DirectX RP117: 10/12/2013 7:34:39 AM - Installed Need for Madness Multiplayer RP118: 10/12/2013 11:45:49 AM - Removed Age of Empires III - The Asian Dynasties RP119: 10/12/2013 11:51:26 AM - Removed Age of Empires III - The WarChiefs RP120: 10/12/2013 11:52:38 AM - Removed Age of Empires III . ==== Installed Programs ====================== . Heroes of Might and Magic III Armageddon's Blade Adobe Acrobat 4.0 Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) Adobe Shockwave Player 12.0 Age of Mythology AMD APP SDK Runtime AMD Catalyst Install Manager Apple Application Support Apple Mobile Device Support Apple Software Update avast! Free Antivirus Battle of Britain II Battle of Europe Bonjour Burn.Now 4.5 Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center InstallProxy Catalyst Control Center Localization All Catalyst Control Center Profiles Desktop ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Combat Wings - Battle of Britain (1.0) Combat Wings (1.0) Corel Burn.Now Lenovo Edition Corel DVD MovieFactory 7 Corel DVD MovieFactory Lenovo Edition Create Recovery Media CutePDF Writer 3.0 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Direct DiscRecorder Drome Racers Dropbox Empires Dawn of the Modern World Glary Utilities 2.56.0.1822 Glary Utilities 3.9.2 GorillaPrice GreatArcadeHits Heroes of Might and Magic V Heroes of Might and Magic® III The Shadow of Death iCloud Intel® Control Center Intel® Management Engine Components Intel® Network Connections 16.8.46.0 Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intel® Trusted Connect Service Client iTunes Java 7 Update 25 Java Auto Updater LBAI League of Legends LEGO Creator Knights' Kingdom LEGO Digital Designer LEGO Racers 2 LEGO® Star Wars™: The Complete Saga Lenovo Patch Utility 64 bit Lenovo Registration Lenovo Solution Center Lenovo System Update Lenovo User Guide Lenovo Welcome Malwarebytes Anti-Malware version 1.75.0.1300 Message Center Plus Microsoft .NET Framework 4 Client Profile Microsoft Age of Empires Gold Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mini Ninjas 1.0 monetomi 3.0.0 Mount&Blade Mount&Blade Warband Mozilla Firefox 24.0 (x86 en-US) Mozilla Maintenance Service MSXML4 Parser Need for Madness Multiplayer OpenAL Pando Media Booster Picasa 3 QuickTime RapidBoot HDD Accelerator Realtek High Definition Audio Driver SavetheChildren Reminder by We-Care.com v4.1.23.4 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition SEGA Genesis Classics Skype™ 5.8 SPORE™ SpywareBlaster 5.0 swMSM ThinkVantage Communications Utility ThinkVantage Power Manager Typing Instructor Deluxe Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition View Management Utility VIP Access Voobly Game Data Windows Driver Package - Advanced Micro Devices (AtiHDAudioService) MEDIA (10/18/2011 7.12.0.7704) Windows Driver Package - Advanced Micro Devices, Inc. (amdkmdap) Display (02/14/2012 8.913.1.0000) Windows Driver Package - Intel (e1cexpress) Net (01/11/2012 11.15.16.0) Windows Driver Package - Intel hdc (08/26/2011 9.3.0.1011) Windows Driver Package - Intel System (01/11/2012 9.3.0.1020) Windows Driver Package - Intel System (08/26/2011 9.3.0.1011) Windows Driver Package - Intel USB (08/26/2011 9.3.0.1011) Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (01/03/2012 6.0.1.6543) Windows Live Mesh ActiveX Control for Remote Connections Windows XP Mode Wings Over Europe WinRAR 5.00 beta 8 (64-bit) WinZip 17.5 World of Tanks World War II - Pacific Heroes (1.0) Worms World Party . ==== Event Viewer Messages From Past Week ======== . 10/20/2013 8:01:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Power Manager DBC Service service. . ==== End Of File ===========================