Jump to content

Scorpion Saver and Gorilla Price


baldyj

Recommended Posts

Hello,

 

Clearly a lot of people are having problems with these two.  I chose to start my own topic only because every remedy seems to be individual, and requires posting of logs.  (I'm happy to post logs; I just didn't see the point in horning on on someone else's topic with my logs.)

 

Can anyone help me?  I've downloaded AdwCleaner.exe and FRST.exe already, as I'm assuming they'll be used at some point.  I'm running a full scan on Malwarebytes right now.

 

Thanks,

 

--J

Link to post
Share on other sites

Hello baldyj and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please stop and follow my instructions. Follow the instructions here and then post your log files in a new reply in this thread:

http://forums.malwarebytes.org/index.php?showtopic=9573

Link to post
Share on other sites

Hello,

 

Thanks for offering to help.  I'm a little confused by your directions; I've decided to interepret them to mean I should post a reply right here and not in that linked thread (which is locked).  In any event, my full Malwarebytes scan is complete; four malicious items were found and removed.  Here's that log, in case it's of interest:

 

[Malwarebytes Full Scan:]
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 2
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LSNFD (PUP.Optional.Linksicle) -> Quarantined and deleted successfully.
 
Registry Values Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\lsnfd|ImagePath (PUP.Optional.Linksicle) -> Data: system32\drivers\lsnfd.sys -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
 
Your instructions requested that I download and run the DDS scan.  Unfortunately, when I tried to do so the following message appeared:  DDS is not meant to run in 'Compatibility Mode.'  The program shall now exit.
 
I'm running windows 8.1, in case that makes a difference.
 
Thanks very much for writing.  Please let me know what I should do next.

 

post-152808-0-47444800-1387406420_thumb.

Link to post
Share on other sites

Thanks!

Try this one, please:

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

Good Morning, Boraslav,

 

Thanks for responding.  I downloaded OTL, selected Scan All Users, and clicked the Quick Scan button.  By the way, I noticed OTL defaults to a file age of 30 days.  I think the two items in question--Gorilla Price and Scorpion Saver--have been afflicting this computer for less time than that.  However, there's a chance they appeared over 30 days ago.  Also, I noticed uTorrent is mentioned; I though I'd deleted that program well over 30 days ago.  In any event, here are the results:

 

[OTL.txt:]

 

OTL logfile created on: 12/19/2013 8:06:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\J\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.80 Gb Total Physical Memory | 6.28 Gb Available Physical Memory | 80.49% Memory free
8.19 Gb Paging File | 6.56 Gb Available in Paging File | 80.08% Paging File free
Paging file location(s): c:\pagefile.sys 400 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 909.02 Gb Total Space | 452.70 Gb Free Space | 49.80% Space Free | Partition Type: NTFS
Drive D: | 20.48 Gb Total Space | 2.52 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
 
Computer Name: ADOLF | User Name: J | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/19 07:58:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\J\Desktop\OTL.exe
PRC - [2013/12/09 16:21:47 | 002,471,448 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/12/09 16:21:46 | 001,771,544 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
PRC - [2013/12/09 16:21:46 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
PRC - [2013/11/29 23:16:43 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/11/11 08:25:08 | 000,625,152 | ---- | M] () -- C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
PRC - [2013/11/05 07:01:58 | 000,070,144 | ---- | M] () -- C:\ProgramData\GorillaPrice\WatGorp.exe
PRC - [2013/04/24 04:30:28 | 000,483,864 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2013/04/24 04:26:56 | 000,740,888 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012/12/17 13:00:08 | 001,135,304 | ---- | M] (ACD Systems) -- C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe
PRC - [2012/06/07 20:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/05/31 14:12:54 | 000,065,536 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2012/05/31 14:12:54 | 000,061,440 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2012/03/15 15:42:52 | 000,147,704 | ---- | M] (AMD) -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2012/03/15 15:42:50 | 000,131,320 | ---- | M] (AMD) -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2011/09/14 23:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/09 16:21:47 | 002,471,448 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/12/09 16:21:47 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/06/08 12:34:06 | 000,016,400 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 20:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/11/24 00:50:16 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/11/24 00:50:16 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/24 00:50:16 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/24 00:50:15 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/11/24 00:46:01 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013/11/07 20:41:17 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2013/09/29 21:03:28 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/09/29 21:03:28 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/09/29 21:03:27 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/09/29 21:03:27 | 000,261,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/09/03 11:03:26 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/08/22 05:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 05:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 05:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 04:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 04:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 04:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 04:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 04:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 03:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 03:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 03:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 02:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 02:58:42 | 000,280,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/08/22 02:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 02:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 02:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 02:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 02:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 02:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 02:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 02:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 02:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 02:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/09/19 02:12:18 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/09/19 02:09:16 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/12/09 16:21:46 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
SRV - [2013/11/24 00:46:02 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2013/11/24 00:46:01 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2013/11/24 00:46:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/11/11 08:25:08 | 000,625,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe -- (GorillaPrice)
SRV - [2013/11/05 07:01:58 | 000,070,144 | ---- | M] () [Auto | Running] -- C:\ProgramData\GorillaPrice\WatGorp.exe -- (WatGorp)
SRV - [2013/09/29 21:03:26 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/22 05:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 20:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 19:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/04/24 04:30:28 | 000,483,864 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/08/29 11:02:16 | 000,035,232 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe -- (HPConnectedRemote)
SRV - [2012/08/15 14:29:52 | 000,085,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/05/31 14:12:54 | 000,061,440 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2011/09/14 23:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/11/24 00:50:15 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/11/24 00:48:54 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/11/10 19:48:41 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/11/09 04:55:11 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/11/01 04:39:53 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/10/30 17:58:59 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/25 18:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2013/09/29 21:03:25 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/09/29 21:03:25 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/09/29 21:03:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/09/29 20:51:06 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/09/29 20:51:01 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/09/26 09:50:52 | 000,041,624 | ---- | M] (Adpeak, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\AdpeakWFP64.sys -- (AdpeakWFP)
DRV:64bit: - [2013/09/03 11:03:32 | 000,618,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/09/03 11:03:30 | 012,528,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/08/22 06:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 06:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 05:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 05:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 05:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 05:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 05:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 05:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 05:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 05:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 05:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 05:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 05:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 05:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 05:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 05:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 05:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 05:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 05:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 05:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 05:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 05:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 05:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 05:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 05:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 05:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 05:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 05:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 05:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 05:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 05:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 05:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 05:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 05:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 05:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 05:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 05:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 05:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 04:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 04:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 04:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 04:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 04:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 04:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 04:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 04:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 04:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 04:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 04:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 04:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 04:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 04:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 04:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 04:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 04:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 04:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 04:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 04:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 04:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 04:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 04:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 01:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 16:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 17:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 11:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 12:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/25 12:05:37 | 002,607,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/07/03 17:12:32 | 000,046,136 | -H-- | M] (LogMeIn Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Hamdrv.sys -- (Hamachi)
DRV:64bit: - [2013/06/18 07:46:17 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/19 02:14:51 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/19 20:23:57 | 000,291,648 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2012/07/16 03:37:34 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/07/03 11:49:06 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/06/25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/22 04:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/04/09 15:27:34 | 000,352,144 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cbfs3.sys -- (cbfs3)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{68765B4E-2BE1-4DD1-BC44-6BDE604C9B2A}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{68765B4E-2BE1-4DD1-BC44-6BDE604C9B2A}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\SearchScopes,DefaultScope = {A70B6BDB-3B4A-4335-A262-90352F4B7B81}
IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3317738&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP2FDC3BB4-4829-40D5-9B04-4E3A11258A5F&q={searchTerms}&SSPV=
IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\SearchScopes\{68765B4E-2BE1-4DD1-BC44-6BDE604C9B2A}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={06A9A09F-36EF-4646-8873-8B40A7B3A997}&mid=0d111ee77c6147d09dcf41627206caa0-2c56e5b69138c06ab02f8b707b1837d1b853e765〈=en&ds=qw011&pr=sa&d=2012-12-19 22:05:35&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\SearchScopes\{A70B6BDB-3B4A-4335-A262-90352F4B7B81}: "URL" = http://search.findwide.com/serp?guid={9D8AD6BA-7C47-4A5D-BE7E-154CCA803129}&action=default_search&serpv=22&k={searchTerms}
IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\SearchScopes\{B1FDDF4A-0229-4DE6-B0B1-1D5A53574937}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10743
IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\SearchScopes\{DD597DDE-B2FF-45B4-9937-A1FB14BA07C2}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38 [2013/12/09 16:21:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}: C:\Program Files (x86)\RelevantKnowledge\firefox
 
[2013/11/29 13:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\J\AppData\Roaming\mozilla\Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: about:Tabs
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Google Drive = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: The Camelizer - Amazon Price Tracker = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo\2.4.1_0\
CHR - Extension: The Camelizer - Amazon Price Tracker = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo\2.4.2_0\
CHR - Extension: Fast eBay Search = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjajclaocdighkjplbekkofpmdbcjghf\4.4.6.1_0\
CHR - Extension: InvisibleHand = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.9.10_0\
CHR - Extension: InvisibleHand = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.9.16_0\
CHR - Extension: InvisibleHand = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.9.2_0\
CHR - Extension: Boomerang for Gmail = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll\1.2.2_0\
CHR - Extension: AVG Security Toolbar = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.1.2.1_0\
CHR - Extension: AVG Security Toolbar = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\
CHR - Extension: Amazon Price Tracker - Keepa.com = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo\1.29_0\
CHR - Extension: Amazon Price Tracker - Keepa.com = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo\1.33_0\
CHR - Extension: Google Wallet = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Coupon Companion = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0\crossrider
CHR - Extension: Coupon Companion = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0\
CHR - Extension: Gmail = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/08/22 06:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found.
O3 - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [beatsOSDApp] C:\Program Files\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [ACSW15EN] C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSee15InTouch2.exe (ACD Systems)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-3521255599-543702034-1577723873-1001..\Run: [CAHeadless] c:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.15.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D9B9197-8863-4035-BEEA-AA1C625D182F}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/19 07:58:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\J\Desktop\OTL.exe
[2013/12/18 18:23:56 | 000,568,807 | ---- | C] (Fengtao Software Inc.                                       ) -- C:\Users\J\Desktop\DVDFab9119.exe
[2013/12/18 18:23:31 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\17303
[2013/12/18 13:25:54 | 001,174,444 | ---- | C] (Farbar) -- C:\Users\J\Desktop\FRST64.exe
[2013/12/16 17:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/12/15 14:43:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2013/12/05 18:51:16 | 000,000,000 | ---D | C] -- C:\Users\J\Desktop\Skinner on Education mp4
[2013/12/04 22:28:00 | 000,000,000 | ---D | C] -- C:\Users\J\Desktop\New folder
[2013/11/30 14:07:20 | 000,041,624 | ---- | C] (Adpeak, Inc.) -- C:\WINDOWS\SysNative\drivers\AdpeakWFP64.sys
[2013/11/27 17:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2013/11/27 17:26:40 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/27 17:25:47 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Mozilla
[2013/11/27 17:25:31 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Local\TNT2
[2013/11/27 17:24:39 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\MyWordTool
[2013/11/27 17:14:08 | 000,859,416 | ---- | C] (TMRG,  Inc.) -- C:\WINDOWS\SysNative\rlls64.dll
[2013/11/27 17:12:10 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Open Download Manager
[2013/11/27 17:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/11/27 17:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\GorillaPrice
[2013/11/27 17:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GorillaPrice
[2013/11/27 17:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenDownloaderManager
[2013/11/24 00:54:36 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/11/24 00:54:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2013/11/24 00:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2013/11/24 00:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2013/11/24 00:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/11/24 00:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/11/24 00:46:05 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/11/24 00:31:36 | 000,000,000 | R--D | C] -- C:\Users\J\SkyDrive
[2013/11/24 00:28:43 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Identities
[2013/11/24 00:01:00 | 000,000,000 | --SD | C] -- C:\Users\J\AppData\Roaming\Microsoft
[2013/11/24 00:01:00 | 000,000,000 | R--D | C] -- C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/11/24 00:01:00 | 000,000,000 | R--D | C] -- C:\Users\J\Pictures
[2013/11/24 00:01:00 | 000,000,000 | R--D | C] -- C:\Users\J\Favorites
[2013/11/24 00:01:00 | 000,000,000 | R--D | C] -- C:\Users\J\Documents
[2013/11/24 00:01:00 | 000,000,000 | R--D | C] -- C:\Users\J\Desktop
[2013/11/24 00:01:00 | 000,000,000 | R--D | C] -- C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/11/24 00:01:00 | 000,000,000 | R--D | C] -- C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/11/24 00:01:00 | 000,000,000 | -HSD | C] -- C:\Users\J\AppData\Local\Temporary Internet Files
[2013/11/24 00:01:00 | 000,000,000 | -HSD | C] -- C:\Users\J\Templates
[2013/11/24 00:01:00 | 000,000,000 | -HSD | C] -- C:\Users\J\Start Menu
[2013/11/24 00:01:00 | 000,000,000 | -HSD | C] -- C:\Users\J\SendTo
[2013/11/24 00:01:00 | 000,000,000 | -HSD | C] -- C:\Users\J\Recent
[2013/11/24 00:01:00 | 000,000,000 | -HSD | C] -- C:\Users\J\PrintHood
[2013/11/24 00:01:00 | 000,000,000 | -HSD | C] -- C:\Users\J\NetHood
[2013/11/24 00:01:00 | 000,000,000 | -HSD | C] -- C:\Users\J\Documents\My Videos
[2013/11/24 00:01:00 | 000,000,000 | -HSD | C] -- C:\Users\J\Documents\My Pictures
[2013/11/24 00:01:00 | 000,000,000 | -HSD | C] -- C:\Users\J\Documents\My Music
[2013/11/24 00:01:00 | 000,000,000 | -HSD | C] -- C:\Users\J\My Documents
[2013/11/24 00:01:00 | 000,000,000 | -HSD | C] -- C:\Users\J\Local Settings
[2013/11/24 00:01:00 | 000,000,000 | -HSD | C] -- C:\Users\J\AppData\Local\History
[2013/11/24 00:01:00 | 000,000,000 | -HSD | C] -- C:\Users\J\Cookies
[2013/11/24 00:01:00 | 000,000,000 | -HSD | C] -- C:\Users\J\Application Data
[2013/11/24 00:01:00 | 000,000,000 | -HSD | C] -- C:\Users\J\AppData\Local\Application Data
[2013/11/24 00:01:00 | 000,000,000 | -H-D | C] -- C:\Users\J\AppData
[2013/11/24 00:01:00 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Local\Temp
[2013/11/24 00:01:00 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Local\Microsoft
[2013/11/24 00:01:00 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/11/23 23:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013/11/23 23:56:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/11/21 16:32:02 | 000,000,000 | ---D | C] -- C:\Users\J\AppData\Local\LogMeIn
[2013/11/21 16:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/19 07:58:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\J\Desktop\OTL.exe
[2013/12/19 07:51:05 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/19 07:51:02 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/12/19 07:47:25 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/18 20:28:00 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\DSite.job
[2013/12/18 20:21:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/18 19:17:18 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForJ.job
[2013/12/18 18:24:01 | 000,568,807 | ---- | M] (Fengtao Software Inc.                                       ) -- C:\Users\J\Desktop\DVDFab9119.exe
[2013/12/18 15:40:01 | 000,034,201 | ---- | M] () -- C:\Users\J\Desktop\dds_msg.jpg
[2013/12/18 15:21:39 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/12/18 15:21:39 | 2401,906,687 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/18 14:46:20 | 000,095,313 | ---- | M] () -- C:\Users\J\Desktop\Recommend app form-signed.pdf
[2013/12/18 13:26:02 | 001,174,444 | ---- | M] (Farbar) -- C:\Users\J\Desktop\FRST64.exe
[2013/12/18 13:22:50 | 000,881,140 | ---- | M] () -- C:\Users\J\Desktop\AdwCleaner.exe
[2013/12/16 19:24:26 | 000,956,476 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013/12/16 19:24:26 | 000,794,884 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013/12/16 19:24:26 | 000,161,140 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013/12/16 17:45:23 | 000,002,052 | ---- | M] () -- C:\Users\J\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/12/15 20:29:48 | 001,415,880 | ---- | M] () -- C:\Users\J\Desktop\vlc-2.1.2-win32 (1).exe
[2013/12/15 13:42:57 | 002,985,896 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013/11/30 14:07:25 | 000,002,312 | ---- | M] () -- C:\WINDOWS\SysNative\AdpeakProxyOff.ini
[2013/11/25 08:06:20 | 000,000,600 | RHS- | M] () -- C:\Users\J\ntuser.pol
[2013/11/24 00:50:15 | 000,385,528 | ---- | M] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013/11/24 00:22:11 | 000,066,678 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2013/11/24 00:22:11 | 000,066,678 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2013/11/24 00:21:22 | 000,022,744 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/11/23 23:58:38 | 000,930,400 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/11/23 23:56:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
 
========== Files Created - No Company Name ==========
 
[2013/12/18 15:39:59 | 000,034,201 | ---- | C] () -- C:\Users\J\Desktop\dds_msg.jpg
[2013/12/18 14:46:16 | 000,095,313 | ---- | C] () -- C:\Users\J\Desktop\Recommend app form-signed.pdf
[2013/12/18 13:22:42 | 000,881,140 | ---- | C] () -- C:\Users\J\Desktop\AdwCleaner.exe
[2013/12/16 17:45:23 | 000,002,052 | ---- | C] () -- C:\Users\J\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/12/16 17:45:22 | 000,216,064 | ---- | C] () -- C:\WINDOWS\SysWow64\gcapi_dll.dll
[2013/12/15 20:29:43 | 001,415,880 | ---- | C] () -- C:\Users\J\Desktop\vlc-2.1.2-win32 (1).exe
[2013/11/29 15:34:01 | 000,000,328 | ---- | C] () -- C:\WINDOWS\tasks\HPCeeScheduleForJ.job
[2013/11/24 00:50:15 | 000,385,528 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013/11/24 00:28:46 | 000,001,444 | ---- | C] () -- C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/11/24 00:28:32 | 000,000,600 | RHS- | C] () -- C:\Users\J\ntuser.pol
[2013/11/24 00:21:23 | 000,022,744 | ---- | C] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2013/11/24 00:07:36 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/11/24 00:01:00 | 000,000,352 | ---- | C] () -- C:\Users\J\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/11/24 00:01:00 | 000,000,334 | ---- | C] () -- C:\Users\J\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/11/24 00:00:49 | 000,066,678 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2013/11/24 00:00:49 | 000,066,678 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2013/11/23 23:58:38 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013/11/23 23:56:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/09/03 11:03:54 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013/09/03 11:03:52 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013/09/03 11:03:44 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013/09/03 11:03:12 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013/09/03 11:03:10 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013/09/03 11:02:58 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013/08/22 08:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 08:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 07:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 00:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 20:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 20:17:46 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/08/21 16:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 16:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2013/03/12 14:44:02 | 000,000,530 | ---- | C] () -- C:\WINDOWS\SysWow64\tx12_ic.ini
[2013/03/12 14:44:01 | 000,663,552 | ---- | C] () -- C:\WINDOWS\SysWow64\tx12.dll
[2012/12/30 17:13:55 | 000,001,059 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/12/25 09:15:46 | 000,263,186 | ---- | C] () -- C:\Program Files\Minecraft.exe
[2012/12/19 19:19:04 | 000,008,192 | ---- | C] () -- C:\Users\J\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/18 08:57:22 | 000,000,141 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2012/11/28 11:26:33 | 000,023,040 | ---- | C] () -- C:\WINDOWS\SysWow64\BeepApp.exe
[2012/07/25 13:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012/07/25 13:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012/07/25 13:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
 
========== ZeroAccess Check ==========
 
[2013/11/29 13:59:05 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/24 00:51:31 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/24 00:51:31 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 02:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 19:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 02:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/04/13 13:44:17 | 000,000,000 | ---D | M] -- C:\Users\Adrienne\AppData\Roaming\uTorrent
[2013/12/07 18:27:47 | 000,000,000 | ---D | M] -- C:\Users\August\AppData\Roaming\.minecraft
[2013/12/16 17:26:38 | 000,000,000 | ---D | M] -- C:\Users\August\AppData\Roaming\.technic
[2013/11/10 14:02:31 | 000,000,000 | ---D | M] -- C:\Users\August\AppData\Roaming\ACD Systems
[2012/12/19 22:05:48 | 000,000,000 | ---D | M] -- C:\Users\August\AppData\Roaming\AnvSoft
[2012/12/20 07:57:38 | 000,000,000 | ---D | M] -- C:\Users\August\AppData\Roaming\avidemux
[2013/08/15 11:28:27 | 000,000,000 | ---D | M] -- C:\Users\August\AppData\Roaming\DSite
[2013/11/27 17:15:04 | 000,000,000 | ---D | M] -- C:\Users\August\AppData\Roaming\Open Download Manager
[2013/11/22 09:24:54 | 000,000,000 | ---D | M] -- C:\Users\August\AppData\Roaming\uTorrent
[2013/10/30 15:52:35 | 000,000,000 | ---D | M] -- C:\Users\Carl\AppData\Roaming\.minecraft
[2013/11/30 16:13:33 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\.minecraft
[2013/10/06 15:19:03 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\.Tribler
[2013/12/18 18:23:31 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\17303
[2013/03/14 14:37:47 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\ACD Systems
[2012/12/24 21:54:51 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\AnvSoft
[2013/06/24 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Audacity
[2012/12/31 23:57:21 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\avidemux
[2013/06/24 20:58:10 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Canon
[2013/01/05 14:18:39 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/09/02 19:42:19 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Dropbox
[2013/09/14 14:07:40 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\DVDFab9
[2013/12/16 17:45:29 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Foxit Software
[2013/06/24 14:44:17 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\freac
[2013/09/02 13:13:14 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\IDT
[2013/06/26 15:09:19 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\MegaVideoConverter
[2013/11/29 13:24:49 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\MyWordTool
[2013/11/29 13:21:58 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\Open Download Manager
[2012/12/21 13:03:10 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\WebApp
[2013/02/06 21:58:03 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\WinBatch
[2013/03/31 08:13:30 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\xrecode2
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 199 bytes -> C:\Users\J\SkyDrive:ms-properties
 
< End of report >
 
[initially, I appended the Extras.txt log here.  However, when I tried to publish, I received an error message indicating the post was too long.  Therefore, I'll try and post the Extras.txt log separately.]
Link to post
Share on other sites

As mentioned above, here's the second log [Extras.txt:]
 
OTL Extras logfile created on: 12/19/2013 8:06:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\J\Desktop
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16476)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.80 Gb Total Physical Memory | 6.28 Gb Available Physical Memory | 80.49% Memory free
8.19 Gb Paging File | 6.56 Gb Available in Paging File | 80.08% Paging File free
Paging file location(s): c:\pagefile.sys 400 4096 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 909.02 Gb Total Space | 452.70 Gb Free Space | 49.80% Space Free | Partition Type: NTFS
Drive D: | 20.48 Gb Total Space | 2.52 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
 
Computer Name: ADOLF | User Name: J | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3521255599-543702034-1577723873-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [ACDSee 15.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSeeQV15.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [ACDSee 15.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee\15.0\ACDSeeQV15.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17F1FD8E-276C-4A43-8BC6-9B02357BD1E0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3F24735D-1CC1-4324-9283-284AF5170F66}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4195891D-BAEF-4FBD-BB5D-B326005FAC31}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{46A896B2-11F2-4774-B164-C5E4FFFAB600}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5203FD79-AE18-4287-99E5-1CB74DF1384C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{54222123-9C33-4841-84E7-0D4299A70761}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{68F7E517-7431-4929-A8BB-531FA99693EA}" = lport=52000 | protocol=6 | dir=in | name=hpconnectedremoteuser.exe | 
"{6A60FA92-F4B6-4F9B-A108-2C5908707C9F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{7AFD63E4-5FD5-4A77-9260-1CEA5962F1E0}" = lport=53000 | protocol=6 | dir=in | name=hpconnectedremoteservice.exe | 
"{8B991100-E363-45F8-A453-34F2E1A3D1BB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9261B530-4E83-47B6-8B6C-38FB7AD05605}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9EF76353-FA23-4C89-837C-0C8CCC598C91}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BCFEE34C-63FE-4906-A10B-EBD54AD1F92C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C55483A5-27B2-437D-9AB0-E6D26B4368F8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D6A3F5FF-B611-4F50-94E7-D35145FD789C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E099D808-5CF8-4D0D-994B-44748B8F8C65}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021AE1B9-AB95-40D2-9648-3CABFB79035F}" = dir=out | name=netflix | 
"{0A9F8243-280E-4E74-8C24-65876544C411}" = protocol=17 | dir=in | app=c:\program files (x86)\tribler\swift.exe | 
"{0BFA1C10-541D-4D30-B363-F2C6CA599E5D}" = dir=out | name=hp registration | 
"{0CB58EEB-1CD3-417C-BCB4-AEDDDEB4ADAD}" = dir=out | name=kindle | 
"{0F722CC7-881B-4CE7-8CF1-0C8DF7D3AD35}" = dir=out | name=skype | 
"{0F74A9C3-7954-48FE-80C1-F5E119FDC234}" = dir=out | name=hp connected photo powered by snapfish | 
"{0FD4AB31-DB74-4ABC-8C4D-032685589C1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{111789D8-44D3-4489-A396-F2C684BC504D}" = protocol=6 | dir=in | app=c:\program files (x86)\tribler\swift.exe | 
"{113B66DC-B442-490E-AD64-C64658D311A2}" = dir=out | name=norton studio | 
"{1214CB79-FCF4-4280-8CC5-FA70D98FCED6}" = dir=in | name=check point vpn | 
"{12A36F54-96D1-4524-8F08-68DE2820B070}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{142038EF-FB3D-4BA6-AA30-9EFD28497B31}" = dir=out | name=iheartradio | 
"{147CB915-F040-400E-AE37-5A7D76A835F9}" = dir=out | name=norton studio | 
"{14AA358D-ABDE-4CA7-AF7A-6CFF84EB4181}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1ACC0C3B-A98C-46B8-B65D-DBDAFE8395BB}" = dir=in | name=sonicwall mobile connect | 
"{1BA25416-72DE-43F2-B914-00CB0C9B6DB6}" = dir=out | name=getting started with windows 8 | 
"{1C209B13-E536-4316-8BFD-75B377B4963F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{1C254845-E0F1-447C-BF3C-7C59E91C1945}" = dir=out | name=iheartradio | 
"{1E20F9BF-7319-4F8C-B27A-08448212F04F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1F9D85E9-AC6D-4E8A-9915-CB9C75C904B0}" = dir=out | name=microsoft mahjong | 
"{23123878-1657-4CAC-B935-DA22EB961242}" = dir=out | name=juniper networks junos pulse | 
"{23F4CB84-4C52-47C0-B143-A53C05858F3A}" = dir=out | name=norton studio | 
"{2C764355-45D0-4AD5-9A28-1FBCB360C1FA}" = dir=in | name=check point vpn | 
"{2D6EA679-B948-4971-91B5-1C90529308EA}" = dir=out | name=skype | 
"{2FE0620B-6A82-43B3-8496-C2BFDCE68C66}" = dir=out | name=hp connected photo powered by snapfish | 
"{30E0FA81-1375-4C92-A250-1A37311A37B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{314DCF47-7F62-4E22-A9EF-C364C751B830}" = dir=out | name=iheartradio | 
"{35514EA6-8AF8-4C49-9D7E-CAC554BEE0AE}" = dir=out | name=windows_ie_ac_001 | 
"{361FCFD3-81DB-4E99-B6DB-362054D72068}" = dir=out | name=skype | 
"{37BF6CAD-D046-4CAB-8BAD-145134AA0169}" = dir=out | name=microsoft mahjong | 
"{37E4EF3B-557F-4536-BCB8-E9194C40DDE8}" = dir=out | name=kindle | 
"{38318DCA-DFFE-4EF5-B1E3-727C41A402F7}" = dir=out | name=getting started with windows 8 | 
"{39E9259B-3335-4C99-9F64-242E765597EA}" = dir=in | name=microsoft mahjong | 
"{3A1072AC-37C5-46F6-BFA2-3AE5A8538585}" = dir=out | name=hp+ | 
"{3E871E16-05BD-4E36-89C9-67E4449C94A5}" = dir=out | name=hp registration | 
"{40B26C16-5C7B-49AA-B8A8-F99475E23CE7}" = dir=out | name=ebay | 
"{4195F7DC-D0AD-47F5-AAE2-7F1FD06FB09F}" = dir=in | name=microsoft mahjong | 
"{41D6BC41-0E54-458C-B605-DD9A9C7C632A}" = dir=in | name=skype | 
"{41D73774-F460-404D-A193-412F9550F381}" = protocol=6 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{4376EE2D-AF06-4352-8DE6-3E2BB7A8B71D}" = dir=in | name=hp+ | 
"{44E45BEB-5BD4-4407-AE45-A5867B5D5C4C}" = dir=out | name=juniper networks junos pulse | 
"{46054557-719D-41D5-8DE7-9AC1564BBABB}" = dir=in | name=hp connected photo powered by snapfish | 
"{48E806D5-C328-4C75-B315-9D5331AF57E4}" = dir=out | name=check point vpn | 
"{4927A050-513B-4A69-A7FB-1CA087BC33EF}" = dir=out | name=hp+ | 
"{4B53AA83-CDE8-4358-AE90-0B425A2FED56}" = dir=out | name=check point vpn | 
"{4D831020-8A8E-4105-AF20-873AD67C8173}" = dir=in | name=hp+ | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{5C467874-D5B0-41F3-A966-7B772248FC3E}" = dir=out | name=microsoft solitaire collection | 
"{5C49B06E-26B0-4BA0-B3E0-7FC93513CC25}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{5C5A946C-A17F-4B4D-94A6-9B8EF0B1943B}" = dir=out | name=netflix | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{5F7BC678-B05D-4DAC-A84F-3C917D660BE2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{61360D08-68FB-4245-BD52-4B9AF3B91BDD}" = protocol=17 | dir=in | app=c:\program files (x86)\relevantknowledge\rlvknlg.exe | 
"{6293E298-349B-418B-BD9F-2536CC7D8AB1}" = dir=out | name=ebay | 
"{6C32C189-87BD-46C7-A1CC-3388A00C9044}" = dir=in | name=juniper networks junos pulse | 
"{6E14A827-1732-40D7-B06A-12FEF1F86EE1}" = dir=out | name=sonicwall mobile connect | 
"{6E266E74-62BD-403E-8F96-D6AACB88A5A9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{70C6304B-CE81-4376-9C58-98E2D4F43A42}" = dir=out | name=sonicwall mobile connect | 
"{72A8DE3A-96FD-4F76-A26F-271BCDC9A3E0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{791F7B4B-A012-45E8-B20F-37D351BAC64F}" = dir=in | name=f5 vpn | 
"{79B565D1-FBEF-4DB0-B9D2-1B59C8054ACC}" = dir=out | name=netflix | 
"{7D5B6DFA-E242-4E40-8450-FDAD0B5824FB}" = dir=out | name=windows_ie_ac_001 | 
"{7E07FE97-97A5-4DFB-9CED-E7674CF460F7}" = dir=in | app=c:\users\j\appdata\local\microsoft\skydrive\skydrive.exe | 
"{81501CEE-1A7C-4CB2-BC0B-11E44D376D8E}" = protocol=17 | dir=in | app=c:\users\j\appdata\roaming\dropbox\bin\dropbox.exe | 
"{81987229-9AFF-4F55-B15E-5FD5631DEC6C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8511F1A0-97D9-4203-AE3C-6A9B62ADFBDF}" = protocol=6 | dir=in | app=c:\users\j\appdata\roaming\dropbox\bin\dropbox.exe | 
"{86D8B661-B354-4AFF-BE6B-B79F78468EB8}" = protocol=6 | dir=out | app=system | 
"{88090DE2-A169-422F-92D3-008091A9AD66}" = dir=out | name=norton studio | 
"{881A3DC1-0DE3-4E31-9B47-1E90EE88FAE3}" = dir=out | name=f5 vpn | 
"{8AF3B2C2-8D90-4ED2-BD61-7D5523537AA4}" = dir=out | name=microsoft solitaire collection | 
"{8DD32CDA-6F6E-480A-8EB4-4AEDDADEEF0D}" = protocol=17 | dir=in | name=hpconnectedremoteservice.exe | 
"{8F91133E-3E6F-4C89-919E-66508768B3DC}" = dir=in | name=kindle | 
"{921BA9CD-481A-4DEA-8A87-217868CAAB2F}" = dir=out | name=hp connected photo powered by snapfish | 
"{9241E296-22B2-45F7-985E-C39B10C281F0}" = dir=out | name=microsoft mahjong | 
"{A0DD9F6C-05A3-4742-A043-6DE092C0F3B7}" = dir=out | name=ebay | 
"{A1CE0905-14BB-4D03-8AEE-765B1B055F1C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A3167824-5D57-4107-A90E-FD9A1AD34498}" = dir=in | name=microsoft solitaire collection | 
"{A6876B9E-43D8-4951-95AB-3977FE023A82}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{A6C5323F-BA3D-4B36-BFA0-314066A95648}" = dir=out | name=hp connected photo powered by snapfish | 
"{A74C4313-A928-4AD4-AB08-61E622CECA9B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B2B78C99-342D-4F57-8F55-C4C9CA6079F7}" = dir=in | name=ebay | 
"{B3B34482-2C98-41DD-BB92-819C715B136E}" = dir=out | name=hp registration | 
"{B4E35042-3149-4524-BF6B-CA8454ABA256}" = dir=out | name=ebay | 
"{B5061328-0145-4E2A-B984-804BAE9D664A}" = dir=in | name=kindle | 
"{B5280CE3-3465-4DB9-8825-6C222F5D6AED}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B612FC3C-87D6-4DFA-8447-11887B6468A4}" = dir=in | name=f5 vpn | 
"{BB73A3C2-83EA-4D47-AF4E-37BFE862F8E2}" = dir=out | name=netflix | 
"{C368CB26-DD92-4C9B-B0BA-2A280B077013}" = dir=out | name=getting started with windows 8 | 
"{C552592E-2388-4862-BD50-CE9BFDDF49FC}" = dir=out | name=microsoft solitaire collection | 
"{C6122B71-45AA-4850-A27F-AAC6BBE585F4}" = dir=out | name=hp registration | 
"{C66F61FA-3401-4118-8F0A-0E6A83EE868D}" = dir=out | name=f5 vpn | 
"{C6F26728-C37C-4DB4-B1A3-FF7B7D0F645B}" = dir=in | name=skype | 
"{C93345DA-2938-4907-BCE9-DD43D4FA5C81}" = dir=in | name=microsoft solitaire collection | 
"{CD1D4E0A-0502-4779-AAE7-4830458098B5}" = dir=out | name=kindle | 
"{CF8E8848-2C3A-4466-AA7F-D19992BCDE4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D5AF77E8-4BB2-4EF2-B5B8-1ADE72925B75}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{D6126FCA-43A2-4502-B54C-89CF88BA9528}" = dir=out | name=getting started with windows 8 | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{DB2B64A7-F163-4626-9123-7485CD0B1B88}" = dir=out | name=kindle | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DC125207-33FE-415A-8D13-7EAF4CDAA54D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{DCDFBB24-A105-408E-98D2-4B0A37E5378B}" = dir=in | name=skype | 
"{DE10CFB2-FFA7-4C63-9520-E4F49038D16F}" = dir=out | name=microsoft solitaire collection | 
"{DF155AE7-F969-4E17-B6AC-CA9923C0E094}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DFB33B6C-6619-4B7A-8ACC-A28DCB8D7E64}" = protocol=6 | dir=in | app=c:\program files (x86)\tribler\tribler.exe | 
"{E146F6C3-0720-4E93-8E1C-8AE061534B81}" = dir=in | name=juniper networks junos pulse | 
"{E1AF81A9-E3C5-4BEC-BE62-408005E12D3D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E3A6E2C2-2436-4CB6-A558-0CCCBE2A925D}" = dir=out | name=microsoft mahjong | 
"{E6AFCCF2-D72C-4811-A957-C8A180DC5916}" = dir=out | name=hp+ | 
"{E6CBA69F-32ED-440C-9921-B51A4765F8EC}" = dir=out | name=skype | 
"{EA4A5BEE-2CE7-42A5-897D-E1A4244AE397}" = dir=in | name=sonicwall mobile connect | 
"{EAAF1D98-6B1D-4DF4-8E09-8DD1FDDDFA68}" = dir=out | name=hp+ | 
"{EBCC5D08-6F39-4DA5-B832-41D286DC85CF}" = dir=in | name=skype | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{ECEDBAF6-CFEB-4BC6-8664-9FC040A54C40}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{F23CD8C6-DFEE-4FF5-B0F5-BE2851834082}" = protocol=17 | dir=in | app=c:\program files (x86)\tribler\tribler.exe | 
"{F38AF2F2-5634-44CE-9BBB-7C1DD7E8B43D}" = dir=in | name=ebay | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F73228F6-2A43-4896-A72E-B543399B1F77}" = dir=in | name=hp connected photo powered by snapfish | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{FF174FC8-BA69-4A8C-8E0E-6342B31AA804}" = dir=out | name=iheartradio | 
"TCP Query User{0BDB3A5C-6E7F-4386-8C63-ECDE00677DDC}C:\users\august\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\august\downloads\utorrent.exe | 
"TCP Query User{4FAA9D42-2D55-4470-91F7-787005121E4F}C:\program files (x86)\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.6.0\bin\javaw.exe | 
"TCP Query User{6154FF38-B9ED-4331-8A3B-BC7ABA60B07A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{88364448-86CC-4050-8E06-8AE4392EC22C}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{41736D19-1F35-4ACC-A6DF-88533C9C8AD3}C:\users\august\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\august\downloads\utorrent.exe | 
"UDP Query User{CDB962A3-FB93-4780-AF57-BACD31855502}C:\program files (x86)\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.6.0\bin\javaw.exe | 
"UDP Query User{D0D88CC1-513C-408B-8B10-CC4C3A11AC83}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{E89EFAE1-76B6-4FEB-AEE8-74B59528FDC3}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F0C6AE7-8930-C5E2-7FB8-40026B03F760}" = ccc-utility64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26F481C6-8DBE-4F8B-9D8D-715081C23ADE}" = Adobe Premiere Elements 10
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}" = SmartSound Premiere Elements 10 x64 Plugin
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E810AB6-F34E-49A3-A93F-9E503660F718}" = ScorpionSaver Services
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BF821093-CFD3-EC1B-B357-6817EE34E5C7}" = AMD Catalyst Install Manager
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and FREE Tools
"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"PremElem100" = Adobe Premiere Elements 10
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0657DE52-8F5C-4073-B70C-ED4F3F7FA076}" = PlayMemories Home
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{10145271-3F76-583D-AAAD-02753E604CCE}" = CCC Help Norwegian
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{15F32C36-CE5C-F1AE-4D05-B9E5D45F5EBF}" = CCC Help German
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1CC2AD85-22B6-BBDB-89E0-EED44752E373}" = CCC Help Finnish
"{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{21453396-C635-2129-F0C5-D806E4D41A1C}" = CCC Help Thai
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{2CDAA653-8AEE-ACB0-3135-491ECA3CA5CA}" = Catalyst Control Center Profiles Desktop
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3199A409-EE9A-E445-2270-5789FB461DA9}" = HydraVision
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6
"{35A99221-DAF4-4769-880F-ECC57548FBCC}" = Video Edit Master
"{3EE8F72F-11B5-765E-241C-CD628B47F5A6}" = CCC Help Spanish
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = CloudReading
"{42CA986E-1D63-B863-2E57-66CF1BA1ECEF}" = CCC Help Polish
"{42EBEC32-7E26-20BB-F73B-054006D8924D}" = CCC Help Korean
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47EBDD27-FE2E-D66F-3F09-D6469722F494}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{551936D3-AE34-71C6-B7E0-9EF4E682BBC4}" = Catalyst Control Center Localization All
"{558A2927-95BC-37CA-E790-A043C6EEA064}" = CCC Help Portuguese
"{574F0207-8E98-46CD-8F79-318348C98C46}" = HP Quick Start
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{630ABFFB-07A7-D193-D66A-B541D71EC5BA}" = CCC Help Chinese Standard
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}" = HP Connected Backup
"{6D9C5F89-1DAA-4909-9C8A-7681C0CFC3F3}" = CCC Help English
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72352719-A3A8-8977-72DD-8D41BD6F92BB}" = CCC Help Czech
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7A45C856-CF3A-9E2C-D240-852C9A972C97}" = CCC Help Danish
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 3.2.3.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{890ABC27-DD36-0A12-55D4-8ED73CF2B72E}" = CCC Help Italian
"{8A4A80C2-87B1-44FB-BC24-9168930EB150}" = RAIDXpert
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DB14A0D-7D84-46B3-AEE4-D265729C78BD}" = Respondus 4.0 Campus-Wide
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E2D9681-5050-D714-E3EE-E1D27C38ABB1}" = CCC Help French
"{8F5FEF49-4F33-DF60-5697-A408C1ED0447}" = CCC Help Russian
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT5390R 802.11bgn Wi-Fi Adapter
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{93B21E92-387A-46AD-81A2-B867C9D5D175}" = Catalyst Control Center - Branding
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{993A144A-1119-0FBF-F157-EF9415CB23B7}" = CCC Help Greek
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom
"{9F06F464-479A-403E-AF92-70CBB8D674A1}" = PRE10STI64Installer
"{A0516FEE-EDF3-165D-7DD5-5BC71D51DBE6}" = CCC Help Hungarian
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A5456457-4504-CA3B-A028-0B0D432CEE7E}" = CCC Help Turkish
"{A6D8170D-15FB-1737-1F5A-DB09CF985F50}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B344FEB6-6C65-A66B-A306-AE83CC8F029B}" = CCC Help Japanese
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B580C89C-F7F8-4A78-BAF0-5560C6E9E76D}" = ACDSee 15
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BB7F8847-028B-366C-3BC4-BA3BC65A6D36}" = AMD VISION Engine Control Center
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CAD7A104-AF07-B099-BDD7-FBB93490D34A}" = Catalyst Control Center InstallProxy
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1F94695-C59F-4BF1-A9C5-370DCCE8364D}_is1" = X2X Free VideoAudio Merger 1.0
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2A3910B-30EC-1462-7C2E-A1C2365ABD73}" = CCC Help Chinese Traditional
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F243A34B-AB7F-4065-B770-B85B767C247C}" = HP Connected Remote
"{F2BCB229-F472-D13A-3F75-19AF40051262}" = CCC Help Dutch
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF27F674-821E-4BA2-985B-DDF539C2CD03}" = HP Support Assistant
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Any Video Converter_is1" = Any Video Converter 5.0.8
"Audacity_is1" = Audacity 2.0.3
"AutoUpdater_is1" = Auto Updater 1.2.0.3
"AVG Secure Search" = AVG Security Toolbar
"Big Brainz Launcher O" = Big Brainz Launcher
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DjVuLibre+DjView" = DjVuLibre DjView  3.5.25.4+4.9.2
"DPP" = Canon Utilities Digital Photo Professional 3.10
"DVDFab 9_is1" = DVDFab 9.0.6.3 (09/09/2013)
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"GorillaPrice" = GorillaPrice
"InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}" = SmartSound Sonicfire Pro 5
"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"InstallShield_{8A4A80C2-87B1-44FB-BC24-9168930EB150}" = RAIDXpert
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mega Video Converter_is1" = Mega Video Converter 1.7
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)
"Tribler" = Tribler
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3521255599-543702034-1577723873-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Screencast-O-Matic" = Screencast-O-Matic
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/16/2013 3:59:47 PM | Computer Name = Adolf | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Component
 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
 
Error - 12/16/2013 8:28:57 PM | Computer Name = Adolf | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 12/16/2013 8:28:57 PM | Computer Name = Adolf | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 105875
 
Error - 12/16/2013 8:28:57 PM | Computer Name = Adolf | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 105875
 
Error - 12/17/2013 1:23:06 AM | Computer Name = Adolf | Source = Application Error | ID = 1000
Description = Faulting application name: GorillaPrice.exe, version: 0.0.0.0, time
 stamp: 0x5280f6d4  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x00000000  Faulting process id: 0x21e0  Faulting application
 start time: 0x01cefac6869cbedb  Faulting application path: C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
Faulting
 module path: unknown  Report Id: 4ece3fc4-66db-11e3-bebb-902b34e22353  Faulting package
 full name:   Faulting package-relative application ID: 
 
Error - 12/18/2013 6:20:47 PM | Computer Name = Adolf | Source = Application Error | ID = 1000
Description = Faulting application name: GorillaPrice.exe, version: 0.0.0.0, time
 stamp: 0x5280f6d4  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x00000000  Faulting process id: 0x64c  Faulting application
 start time: 0x01cefc35b5f8d583  Faulting application path: C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
Faulting
 module path: unknown  Report Id: a3f92c6b-6832-11e3-bebb-902b34e22353  Faulting package
 full name:   Faulting package-relative application ID: 
 
Error - 12/18/2013 6:51:34 PM | Computer Name = Adolf | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Component
 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
 
Error - 12/18/2013 7:27:58 PM | Computer Name = Adolf | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Component
 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
 
Error - 12/18/2013 7:30:21 PM | Computer Name = Adolf | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Component
 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.
 
Error - 12/18/2013 9:23:27 PM | Computer Name = Adolf | Source = Application Error | ID = 1000
Description = Faulting application name: DVDFab.exe, version: 9.0.6.0, time stamp:
 0x522d3c6a  Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
 code: 0xc0000005  Fault offset: 0x27a4b703  Faulting process id: 0x1718  Faulting application
 start time: 0x01cefc58eabc4099  Faulting application path: C:\Program Files (x86)\DVDFab
 9\DVDFab.exe  Faulting module path: unknown  Report Id: 29201c1f-684c-11e3-bebc-902b34e22353
Faulting
 package full name:   Faulting package-relative application ID: 
 
[ System Events ]
Error - 12/10/2013 7:25:00 PM | Computer Name = Adolf | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error - 12/10/2013 7:25:00 PM | Computer Name = Adolf | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR4.
 
Error - 12/10/2013 7:36:10 PM | Computer Name = Adolf | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 12/10/2013 7:54:43 PM | Computer Name = Adolf | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error - 12/10/2013 7:54:43 PM | Computer Name = Adolf | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error - 12/10/2013 7:54:43 PM | Computer Name = Adolf | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR4.
 
Error - 12/10/2013 8:12:21 PM | Computer Name = Adolf | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description = 
 
Error - 12/15/2013 4:25:16 PM | Computer Name = Adolf | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error - 12/15/2013 4:25:16 PM | Computer Name = Adolf | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error - 12/15/2013 4:25:16 PM | Computer Name = Adolf | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk4\DR4.
 
 
< End of report >
 

That's all for now.  Thank you very much, Boraslav.

 

--J

Link to post
Share on other sites

Don't worry about them. :)

Step 1

Please uninstall the following applications:

ScorpionSaver Services

AVG Security Toolbar

GorillaPrice

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 4

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

    IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\SearchScopes\{A70B6BDB-3B4A-4335-A262-90352F4B7B81}: "URL" = http://search.findwide.com/serp?guid={9D8AD6BA-7C47-4A5D-BE7E-154CCA803129}&action=default_search&serpv=22&k={searchTerms}

    IE - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\SearchScopes,DefaultScope = {A70B6BDB-3B4A-4335-A262-90352F4B7B81}

    CHR - Extension: Coupon Companion = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0\crossrider

    CHR - Extension: Coupon Companion = C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0\

    O3 - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\Toolbar\WebBrowser: (no name) - {7473B6BD-4691-4744-A82B-7854EB3D70B6} - No CLSID value found.

    O3 - HKU\S-1-5-21-3521255599-543702034-1577723873-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

    [2013/11/27 17:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

    [2013/11/27 17:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\GorillaPrice

    [2013/11/27 17:11:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GorillaPrice

    [2013/04/13 13:44:17 | 000,000,000 | ---D | M] -- C:\Users\Adrienne\AppData\Roaming\uTorrent

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
  • Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • OTL fix log
Link to post
Share on other sites

Thanks, Borislav.  Although I was able to uninstall the AVG toolbar, I was not able to uninstall Scorpion Saver (see error alerts attached).  Furthermore, my attempt to uninstall Gorilla Price triggered a suspicious-looking pop-up web page (see attached).

 

As I'm trying to follow your instructions step-by-step, I thought it imprudent to proceed to Step 2 without first completing Step 1.  What do you suggest?

 

Thanks very much in the meantime,

 

--JB

post-152808-0-65666200-1387477957_thumb.

post-152808-0-49678300-1387477964_thumb.

post-152808-0-76323100-1387478061_thumb.

Link to post
Share on other sites

Hi Borislav,

 

I've proceeded and finished with all steps (except for Step 1, as noted earlier).  Here are my log results:

 

Junkware Removal Tool log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8.1 x64
Ran by J on Thu 12/19/2013 at 11:44:21.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [service] gorillaprice 
Successfully deleted: [service] gorillaprice 
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\autoupdater_is1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022442293}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066446693}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022442293}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660066446693}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3220468
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066446693}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{68765B4E-2BE1-4DD1-BC44-6BDE604C9B2A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{68765B4E-2BE1-4DD1-BC44-6BDE604C9B2A}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\WINDOWS\Tasks\dsite.job
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\J\appdata\local\coupon companion"
Successfully deleted: [Folder] "C:\Users\J\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\J\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupon companion"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\J\appdata\local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pbkdpahkifcigckmhiafindmaflfifgm
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/19/2013 at 11:48:04.16
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
AdwCleaner log:
 
# AdwCleaner v3.015 - Report created 19/12/2013 at 11:59:31
# Updated 10/12/2013 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : J - ADOLF
# Running from : C:\Users\J\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Auto Updater
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Auto Updater
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Auto Updater
Folder Deleted : C:\Users\Adrienne\AppData\Local\Conduit
Folder Deleted : C:\Users\Adrienne\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Adrienne\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Adrienne\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\August\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\August\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\August\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\August\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\August\AppData\Roaming\DSite
Folder Deleted : C:\Users\Carl\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Carl\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Carl\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Deleted : C:\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\August\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
[!] Folder Deleted : C:\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\WINDOWS\System32\AdpeakProxy.ini
File Deleted : C:\WINDOWS\System32\AdpeakProxyOff.ini
File Deleted : C:\Users\J\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Adpeak, Inc.
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\PIP
Key Deleted : [x64] HKLM\SOFTWARE\Adpeak, Inc.
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}
Key Deleted : HKLM\Software\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : HKLM\Software\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16384
 
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
[ File : C:\Users\Adrienne\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : urls_to_restore_on_startup
 
[ File : C:\Users\August\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Carl\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [6041 octets] - [19/12/2013 11:57:41]
AdwCleaner[s0].txt - [5952 octets] - [19/12/2013 11:59:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6012 octets] ##########
 
OTL fix log:
 
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-3521255599-543702034-1577723873-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A70B6BDB-3B4A-4335-A262-90352F4B7B81}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A70B6BDB-3B4A-4335-A262-90352F4B7B81}\ not found.
HKEY_USERS\S-1-5-21-3521255599-543702034-1577723873-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
File C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0\crossrider not found.
File C:\Users\J\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbkdpahkifcigckmhiafindmaflfifgm\1.20.40_0 not found.
Registry value HKEY_USERS\S-1-5-21-3521255599-543702034-1577723873-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7473B6BD-4691-4744-A82B-7854EB3D70B6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7473B6BD-4691-4744-A82B-7854EB3D70B6}\ not found.
Registry value HKEY_USERS\S-1-5-21-3521255599-543702034-1577723873-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
Folder move failed. C:\ProgramData\boost_interprocess\20131219120043.490625 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\boost_interprocess scheduled to be moved on reboot.
C:\ProgramData\GorillaPrice folder moved successfully.
Folder move failed. C:\Program Files (x86)\GorillaPrice scheduled to be moved on reboot.
C:\Users\Adrienne\AppData\Roaming\uTorrent\share folder moved successfully.
C:\Users\Adrienne\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Adrienne\AppData\Roaming\uTorrent\Cache folder moved successfully.
C:\Users\Adrienne\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Adrienne\AppData\Roaming\uTorrent folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\J\Desktop\cmd.bat deleted successfully.
C:\Users\J\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Adrienne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 203393373 bytes
->Flash cache emptied: 57364 bytes
 
User: All Users
 
User: August
->Temp folder emptied: 2235781 bytes
->Temporary Internet Files folder emptied: 14394216 bytes
->Java cache emptied: 395164 bytes
->Google Chrome cache emptied: 368603715 bytes
->Flash cache emptied: 57564 bytes
 
User: Carl
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 10628113 bytes
->Flash cache emptied: 57068 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default.migrated
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: J
->Temp folder emptied: 165866022 bytes
->Temporary Internet Files folder emptied: 25839665 bytes
->Java cache emptied: 1301099 bytes
->Google Chrome cache emptied: 283057027 bytes
->Flash cache emptied: 59481 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15456301 bytes
RecycleBin emptied: 45299639 bytes
 
Total Files Cleaned = 1,084.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12192013_120420
 
Files\Folders moved on Reboot...
File\Folder C:\ProgramData\boost_interprocess\20131219120043.490625 not found!
Folder move failed. C:\ProgramData\boost_interprocess\20131219120549.491025 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\boost_interprocess scheduled to be moved on reboot.
C:\Program Files (x86)\GorillaPrice folder moved successfully.
C:\Users\J\AppData\Local\Temp\winstore.log moved successfully.
C:\Users\J\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
C:\WINDOWS\temp\hsperfdata_ADOLF$\1628 moved successfully.
C:\WINDOWS\temp\UploadUI.log moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
Is that it?  Should I do anything further?  By the way, it may be a couple of hours before I'm able to respond.
 
Thank you again, Boraslav,
 
--JB
Link to post
Share on other sites

One last scan, please:

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites

Well, I encountered a problem:  I can't run Eset from either Internet Explorer or via the smart installer.

 

When using IE I receive the same kind of message I get when attempting to run Eset via Chrome; a notification appears stating I'm trying to run it from some browser other than IE.  (But look at the top of that image:  It is Internet Explorer!)

 

As stated, I also cannot run the smart installer; I get a message (duplicated below) indicating I can't install it on this PC.  I tried running as an administrator and also simply double-clicking; neither method opened the installer.

 

I don't know what to do now.  Incidentally, I think I got an Internet Explorer pop-up; I'm not sure about that.  I was too distracted to copy it and just closed it.

 

Anyway, what now?

 

In the meantime, thanks,

 

--J

post-152808-0-95194200-1387500094_thumb.

post-152808-0-73788200-1387500104_thumb.

Link to post
Share on other sites

Okay, run this scan:

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Link to post
Share on other sites

Hi Borislav,

 

Out of curiosity, was the Eset difficulty solely related to the fact I'm using Windows 8.1?

 

I've run the MBAM Quick Scan, and no malicious items were found.  Here's the log:

 

 Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.20.05
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
J :: ADOLF [administrator]
 
12/20/2013 8:42:13 AM
mbam-log-2013-12-20 (08-42-13).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 313983
Time elapsed: 4 minute(s), 45 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
Thanks,
 
--J
Link to post
Share on other sites

P.S.  I'm still getting inexplicable pop-ups via Internet Explorer.  (I'm not sure whether I ever mentioned that phenomenon before or not.)  I ran another MBAM Quick Scan; no malicious items were found.  I'll run a full scan; if anything shows up I'll post the log.

Link to post
Share on other sites

Well, on a Full Scan, no malicious items were detected.  Nonetheless, I'll post the log here in case it's of interest:

 

 Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.20.06
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
J :: ADOLF [administrator]
 
12/20/2013 12:19:21 PM
mbam-log-2013-12-20 (12-19-21).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 725461
Time elapsed: 1 hour(s), 49 minute(s), 51 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Out of curiosity, was the Eset difficulty solely related to the fact I'm using Windows 8.1?

Yes, looks like is not comptabile.

Now please:

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

Borislav,

 

The ComboFix user guide states:

 

At this time ComboFix can only run on the following Windows versions:
  • Windows XP (32-bit only)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)

Just to confirm, are you advising me to go ahead and run it (on Windows 8.1) anyway?

 

Thanks,

 

--J

Link to post
Share on other sites

It's not entirely fixed; that's certain.  I'm no code expert, but it seems to me ScorpionSaver is long gone; along with other infections about which I wasn't aware.  Thanks for that.  

 

However, Gorilla Price (at least, I presume it's Gorilla Price) will simply not go away; Internet Explorer opens up at random, and often.  It usually opens to pages that include video (with sound); since I keep my speakers on it acts as a kind of alarm.  Every time I hear it, I run to the PC and close the window; sometimes, only Task Manager will allow me to get out of it.

 

So, that's the state of affairs.  If you can think of any way to get rid of Gorilla Price, I'd certainly appreciate it.  It still shows up on my list of installed programs, of course.

 

By the way, Microsoft offered me the 8.1 upgrade (from 8) a few weeks ago, and I accepted their free offer.  It seems to me I'd be having far fewer problems now had I just kept plain old 8.

 

Thanks,

 

--J

Link to post
Share on other sites

Borislav,

 

About three hours ago I reset Internet Explorer as you suggested.  I then waited--leaving the PC on and the browser (Chrome) open--before posting just to see whether any pop-ups occurred via Internet Explorer.  There have been none so far; that's definitely an improvement.  Were it this time yesterday, several pop-ups would've occurred by now.

 

For what it's worth, I just ran a quick MBAM Quick Scan and no malicious items were detected.  Of course, no malicious items have been detected by MBAM for the last couple of days, at least.  Nonetheless, it may be worth noting.

 

Gorilla Price is still listed among my programs.  There's apparently no way to remove it without first visiting the Gorilla Price site and downloading something there.  (There's not a snowball's chance in hell of my doing that, of course.)

 

So, what do you think?  If I had Windows 8.0, do you think RogueKiller, Eset, ComboFix, etc., would have removed it?  Is this the end of the road for now?  I certainly like the fact that the symptoms appear to have been removed (no out-of-control IExplorer now, for instance); it'll be interesting to see whether there's any resurgence of malware activity over the next few days.

 

--J

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.