Jump to content

snap.do invisible on laptop except for one indicator by avg


Recommended Posts

Hi folks, around 5 months ago, my laptop (Windows 8) was hijacked by snap.do. Search engine, etc. Managed to run a scan, manually remove and then delete via malware bytes. However having just updated AVG, AVG asked me whether to use AVG as search engine or keep it to the current deafault engine, which is 'snap.do' according to only this prompt?

Snap.do does not show up anywhere else (malwarebytes does not detect it, my searches are normally set to google, tab searching is google) so this is the only way that this has been indicated.

Please advise as I am totally at a loss here,

many thanks

Link to post
Share on other sites

Hello PerryDominoes! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites

here are the reports, many thanks for your help!

OTL
 

OTL logfile created on: 11/02/2014 18:43:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wasif Sayyed\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.89 Gb Total Physical Memory | 5.98 Gb Available Physical Memory | 75.81% Memory free
10.52 Gb Paging File | 7.24 Gb Available in Paging File | 68.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 907.09 Gb Total Space | 683.55 Gb Free Space | 75.36% Space Free | Partition Type: NTFS
 
Computer Name: CRANE | User Name: Wasif Sayyed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/02/11 18:32:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wasif Sayyed\Downloads\OTL.exe
PRC - [2014/02/06 17:54:57 | 002,535,448 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2014/02/01 23:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/31 18:16:10 | 000,064,384 | ---- | M] (Google) -- C:\Users\Wasif Sayyed\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/01/14 13:54:53 | 006,118,400 | ---- | M] (Spotify Ltd) -- C:\Users\Wasif Sayyed\AppData\Roaming\Spotify\spotify.exe
PRC - [2014/01/14 13:54:52 | 000,603,648 | ---- | M] () -- C:\Users\Wasif Sayyed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
PRC - [2014/01/10 22:33:39 | 002,341,912 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.3.0\ScriptHelper.exe
PRC - [2014/01/10 22:33:39 | 001,772,056 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
PRC - [2014/01/10 22:33:39 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/10/21 20:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/05 19:57:52 | 000,323,584 | R--- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012/09/01 18:07:22 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/08/26 09:48:58 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
PRC - [2012/08/26 09:48:54 | 000,076,920 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
PRC - [2012/08/26 09:48:46 | 002,623,096 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe
PRC - [2012/08/15 11:41:26 | 000,097,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/07/26 03:20:44 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2012/07/18 00:10:34 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/18 00:10:32 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/18 00:10:26 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/07/18 00:10:18 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/08 03:34:06 | 000,111,120 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/04/03 13:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/06 23:01:02 | 002,959,872 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\8089e3484b45e44781f0c7a1a78881d5\System.IdentityModel.ni.dll
MOD - [2014/02/06 23:00:59 | 000,029,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\fc462b96786a33a4578581ebec42243e\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2014/02/06 23:00:58 | 000,026,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\3baf6eefe8ca1de3ae7111a70e477255\IAStorCommon.ni.dll
MOD - [2014/02/06 23:00:55 | 000,366,592 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\ddbdad196d6ec27aca38e6e7b05a117b\IAStorUtil.ni.dll
MOD - [2014/02/06 23:00:54 | 000,802,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d438e7ec4899763070e7b5db3f166373\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/06 23:00:53 | 000,121,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3df2fdd27a3e685ce5dda8bce4956e5b\SMDiagnostics.ni.dll
MOD - [2014/02/06 17:54:57 | 002,535,448 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2014/02/01 23:42:37 | 013,616,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
MOD - [2014/02/01 23:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/01 23:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/01 23:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014/02/01 23:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014/02/01 23:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2014/01/14 13:54:53 | 036,967,424 | ---- | M] () -- C:\Users\Wasif Sayyed\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2014/01/14 13:54:52 | 000,887,808 | ---- | M] () -- C:\Users\Wasif Sayyed\AppData\Roaming\Spotify\Data\libGLESv2.dll
MOD - [2014/01/14 13:54:52 | 000,603,648 | ---- | M] () -- C:\Users\Wasif Sayyed\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
MOD - [2014/01/14 13:54:52 | 000,109,568 | ---- | M] () -- C:\Users\Wasif Sayyed\AppData\Roaming\Spotify\Data\libEGL.dll
MOD - [2014/01/10 22:33:39 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
MOD - [2013/10/17 22:43:31 | 001,075,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\32379693bdcd278fe2951267458193e4\System.ServiceModel.Web.ni.dll
MOD - [2013/10/14 22:24:23 | 012,698,624 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e6606a84f8a4cdc18c74e63ec807c689\System.Windows.Forms.ni.dll
MOD - [2013/10/14 22:24:17 | 019,537,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\6b40a60180e23feff705e28e351e10e1\System.ServiceModel.ni.dll
MOD - [2013/10/14 22:24:07 | 002,786,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\e1c6945213ca43ec9769fe95576962ce\System.Runtime.Serialization.ni.dll
MOD - [2013/10/14 22:24:04 | 000,964,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c508451271803f1677317735db499f5c\System.Configuration.ni.dll
MOD - [2013/10/14 22:24:00 | 006,998,016 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\79e8b7b183668471ab364d4132fb8018\System.Core.ni.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/15 08:59:01 | 007,566,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\624ad6159b6e241ad6d28bf4dca9f14b\System.Xml.ni.dll
MOD - [2013/08/15 08:58:30 | 001,631,744 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3603744988436295da5d16e76038e484\System.Drawing.ni.dll
MOD - [2013/08/15 08:57:56 | 009,937,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\375a937eec7d6faa53ac11ab2973eb76\System.ni.dll
MOD - [2013/07/11 22:13:06 | 016,547,328 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e3a9f3d64adfb3c69b49d37368bf454\mscorlib.ni.dll
MOD - [2012/08/26 09:48:58 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
MOD - [2012/08/26 09:48:54 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
MOD - [2012/08/26 09:48:46 | 000,029,816 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
MOD - [2012/08/26 09:48:40 | 000,091,768 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
MOD - [2012/08/26 09:48:40 | 000,026,232 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
MOD - [2012/06/08 03:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/06/08 02:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/08/16 05:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/02 00:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/24 22:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 09:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 06:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 06:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/09 04:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/02 02:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/02 02:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 23:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 23:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/09/20 06:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/26 03:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/26 03:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/26 03:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/26 03:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/26 03:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/26 03:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/26 03:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/26 03:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/26 03:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/26 03:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/26 03:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 05:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014/02/11 16:12:47 | 000,297,984 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2014/01/10 22:33:39 | 001,772,056 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe -- (vToolbarUpdater17.3.0)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/21 20:07:30 | 003,018,800 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe -- (SWUpdateService)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/05 20:44:14 | 000,231,552 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/12/05 19:57:52 | 000,323,584 | R--- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt and Wlan Coex Agent)
SRV - [2012/10/06 10:59:02 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/08/26 09:48:58 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)
SRV - [2012/07/26 03:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/26 03:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/18 00:10:34 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/18 00:10:32 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/18 00:10:26 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/07/18 00:10:18 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/03 13:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/21 22:28:28 | 000,252,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2013/10/10 11:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 06:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/02 02:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/09/04 14:35:06 | 000,020,496 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2013/08/16 05:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 06:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 08:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/02 01:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/02 01:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/02 00:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 22:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/29 06:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/06/04 08:15:02 | 000,103,448 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/06/04 08:15:00 | 000,203,672 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/06/01 03:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/02 10:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 10:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/10 01:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/05 20:25:20 | 000,576,152 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/12/05 20:25:18 | 000,135,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/12/05 20:25:16 | 000,222,360 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hid.sys -- (BTATH_HID)
DRV:64bit: - [2012/12/05 20:25:16 | 000,178,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/12/05 20:25:16 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/12/05 20:25:14 | 000,344,216 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/12/05 20:25:14 | 000,114,840 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/12/05 20:25:14 | 000,088,728 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/12/05 20:25:14 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/11/27 03:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/20 04:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/06 03:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/12 08:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 07:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/05 14:44:16 | 005,338,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/09/20 07:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 07:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/19 00:15:20 | 003,653,632 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/09/10 11:16:48 | 000,125,304 | ---- | M] (Focusrite Audio Engineering Limited.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ffusb2audio.sys -- (ffusb2audio)
DRV:64bit: - [2012/09/01 18:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/08/24 11:57:36 | 000,450,872 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/31 00:04:12 | 000,690,832 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/07/27 12:00:03 | 000,023,408 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys -- (RadioHIDMini)
DRV:64bit: - [2012/07/26 05:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 05:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 05:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 05:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 05:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 05:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 05:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 05:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 05:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 05:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 05:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 05:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 05:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 05:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 05:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 05:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 05:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/26 04:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/26 04:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/26 03:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/26 02:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012/07/26 02:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/26 02:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/26 02:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/26 02:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/26 02:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/26 02:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/26 02:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/26 02:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/26 02:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/26 02:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/26 02:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/26 02:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/26 02:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/26 02:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/26 02:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/26 02:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/26 02:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/26 02:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/26 02:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/26 02:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/26 02:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/26 02:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/02 22:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 01:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/18 23:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/15 05:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F56BDF20-188E-423A-ABF4-583937128D8C}
IE:64bit: - HKLM\..\SearchScopes\{F56BDF20-188E-423A-ABF4-583937128D8C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {F56BDF20-188E-423A-ABF4-583937128D8C}
IE - HKLM\..\SearchScopes\{F56BDF20-188E-423A-ABF4-583937128D8C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
IE - HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.avg.com?cid={01E8DAE6-4126-4D76-9DC9-DE1C834C0F6D}&mid=cb953600bca147d39d3381fe85c259c9-19db153de6f453b5cb2c5b019b8e183c2ee223a3〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-06 17:55:07&v=17.3.1.204&pid=safeguard&sg=0&sap=hp
IE - HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=e8372f6d-95d9-4e25-809e-d2618cbb7c66&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://mixidj.claro-search.com/?q={searchTerms}&affID=120165&babsrc=SP_ss&mntrId=369d12d6000000000000b888e369c510
IE - HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={01E8DAE6-4126-4D76-9DC9-DE1C834C0F6D}&mid=cb953600bca147d39d3381fe85c259c9-19db153de6f453b5cb2c5b019b8e183c2ee223a3〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-06 17:55:07&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1699152627-3642012173-1828022434-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Wasif Sayyed\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Wasif Sayyed\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Wasif Sayyed\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Wasif Sayyed\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wasif Sayyed\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wasif Sayyed\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014/02/06 17:55:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.6.11\FF
 
[2013/03/24 15:25:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://mysearch.avg.com?cid={01E8DAE6-4126-4D76-9DC9-DE1C834C0F6D}&mid=cb953600bca147d39d3381fe85c259c9-19db153de6f453b5cb2c5b019b8e183c2ee223a3〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-06 17:55:07&v=17.3.1.204&pid=safeguard&sg=0&sap=hp
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - Extension: Google Docs = C:\Users\Wasif Sayyed\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Wasif Sayyed\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Wasif Sayyed\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Wasif Sayyed\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Wasif Sayyed\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: AVG SafeGuard = C:\Users\Wasif Sayyed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.3.2.113_0\
CHR - Extension: Google Wallet = C:\Users\Wasif Sayyed\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Wasif Sayyed\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/07/26 05:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.1.204\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [btTray] C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Qualcomm Atheros)
O4:64bit: - HKLM..\Run: [btvStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Qualcomm Atheros Commnucations)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CLMLServer_For_P2G8] C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)
O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [intel AppUp(SM) center] C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EDF483E-4B44-4CE6-8D45-A6FC4DDF9264}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/11 09:20:37 | 000,000,000 | R--D | C] -- C:\Users\Wasif Sayyed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2014/02/07 09:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2014/02/07 09:41:57 | 000,000,000 | ---D | C] -- C:\Users\Wasif Sayyed\AppData\Roaming\Atheros
[2014/02/06 23:00:29 | 000,000,000 | ---D | C] -- C:\Users\Wasif Sayyed\AppData\Roaming\InstallShield
[2014/02/06 22:30:54 | 000,135,832 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btath_rcp.sys
[2014/02/06 22:30:53 | 000,222,360 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btath_hid.sys
[2014/02/06 22:30:53 | 000,178,840 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btath_hcrp.sys
[2014/02/06 22:30:53 | 000,077,464 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btath_lwflt.sys
[2014/02/06 22:30:52 | 000,576,152 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btfilter.sys
[2014/02/06 22:30:52 | 000,344,216 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btath_a2dp.sys
[2014/02/06 22:30:52 | 000,114,840 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btath_avdt.sys
[2014/02/06 22:30:52 | 000,088,728 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btath_flt.sys
[2014/02/06 22:30:51 | 000,033,944 | ---- | C] (Qualcomm Atheros) -- C:\windows\SysNative\drivers\btath_bus.sys
[2014/02/06 22:29:51 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
[2014/02/06 22:29:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\QCA_Bluetooth
[2014/02/06 22:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bluetooth Suite
[2014/02/06 21:53:47 | 003,653,632 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\windows\SysNative\drivers\athw8x.sys
[2014/02/06 21:53:47 | 003,653,632 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\windows\SysNative\athw8x.sys
[2014/02/06 19:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/02/06 19:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/02/05 18:05:58 | 000,690,832 | ---- | C] (Realtek                                            ) -- C:\windows\SysNative\drivers\Rt630x64.sys
[2014/01/31 17:03:09 | 000,000,000 | ---D | C] -- C:\Users\Wasif Sayyed\AppData\Roaming\Glitchmachines
[2014/01/27 15:28:06 | 000,000,000 | ---D | C] -- C:\Users\Wasif Sayyed\AppData\Roaming\Identities
[2014/01/27 15:18:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2014/01/27 15:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/01/27 15:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014/01/27 15:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2014/01/27 15:14:48 | 000,000,000 | ---D | C] -- C:\Users\Wasif Sayyed\AppData\Local\Microsoft Help
[2014/01/27 15:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2014/01/27 15:14:33 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2014/01/21 18:48:59 | 000,000,000 | ---D | C] -- C:\GRAFENE
[2014/01/21 12:19:55 | 000,000,000 | ---D | C] -- C:\Users\Wasif Sayyed\Documents\LATIFS
[2014/01/17 16:29:18 | 000,000,000 | ---D | C] -- C:\ROB MATA
[2014/01/17 16:29:00 | 000,000,000 | ---D | C] -- C:\BOSHIA
[2014/01/13 11:52:44 | 000,000,000 | ---D | C] -- C:\Users\Wasif Sayyed\Documents\Jasmine Waldorf Curtain Rings
[2013/05/28 19:07:33 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Wasif Sayyed\Documents\*.tmp files -> C:\Users\Wasif Sayyed\Documents\*.tmp -> ]
[1 C:\Users\Wasif Sayyed\Desktop\*.tmp files -> C:\Users\Wasif Sayyed\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/11 18:47:00 | 000,000,360 | ---- | M] () -- C:\windows\tasks\Xerox PhotoCafe Communicator.job
[2014/02/11 18:44:00 | 000,000,948 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1699152627-3642012173-1828022434-1001UA.job
[2014/02/11 17:48:00 | 000,000,922 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/11 17:44:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1699152627-3642012173-1828022434-1001Core.job
[2014/02/11 16:48:00 | 000,000,918 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/11 16:27:00 | 000,000,968 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1699152627-3642012173-1828022434-1001UA.job
[2014/02/11 16:09:24 | 000,850,046 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/02/11 16:09:24 | 000,724,738 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/02/11 16:09:24 | 000,137,374 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/02/11 16:08:08 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/02/11 10:00:00 | 000,000,870 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2014/02/11 09:47:00 | 000,000,222 | ---- | M] () -- C:\windows\tasks\AutoKMSDaily.job
[2014/02/11 09:19:39 | 000,000,868 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2014/02/09 11:36:02 | 000,000,226 | ---- | M] () -- C:\windows\tasks\AutoKMS.job
[2014/02/09 11:35:24 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/02/09 11:35:23 | 2485,956,607 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/06 22:31:04 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2014/02/06 22:27:00 | 000,000,946 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1699152627-3642012173-1828022434-1001Core.job
[2014/02/06 19:43:25 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/06 16:43:03 | 000,030,926 | ---- | M] () -- C:\Users\Wasif Sayyed\Documents\Original Sins review.rtf
[2014/02/06 16:38:40 | 000,000,162 | -H-- | M] () -- C:\Users\Wasif Sayyed\Documents\~$iginal Sins review.rtf
[2014/02/05 22:21:48 | 000,018,960 | ---- | M] () -- C:\windows\SysNative\results.xml
[2014/02/05 18:10:01 | 000,002,195 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/31 17:04:17 | 000,015,247 | ---- | M] () -- C:\windows\unins001.dat
[2014/01/31 17:03:34 | 000,720,373 | ---- | M] () -- C:\windows\unins001.exe
[2014/01/30 10:48:22 | 000,000,157 | ---- | M] () -- C:\windows\SysWow64\SystemPreferences.xml
[2014/01/29 21:32:30 | 000,000,016 | ---- | M] () -- C:\Users\Wasif Sayyed\AppData\Roaming\msregsvv.dll
[2014/01/29 21:32:30 | 000,000,016 | ---- | M] () -- C:\ProgramData\autobk.inc
[2014/01/28 16:22:03 | 000,038,669 | ---- | M] () -- C:\Users\Wasif Sayyed\Documents\words.rtf
[2014/01/28 13:09:16 | 000,000,162 | -H-- | M] () -- C:\Users\Wasif Sayyed\Documents\~$words.rtf
[2014/01/28 09:45:20 | 000,422,944 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/01/27 16:36:33 | 000,155,747 | ---- | M] () -- C:\Users\Wasif Sayyed\Documents\Wasif Sayyed CV.pdf
[2014/01/27 15:30:38 | 000,348,160 | ---- | M] () -- C:\Users\Wasif Sayyed\Documents\Database1.accdb
[2014/01/27 15:25:51 | 000,000,184 | ---- | M] () -- C:\windows\AutoKMS.ini
[2014/01/22 16:38:53 | 000,002,153 | ---- | M] () -- C:\Users\Wasif Sayyed\Documents\Wasif Sayyed Job Description.rtf
[2014/01/17 14:22:28 | 000,002,101 | ---- | M] () -- C:\Users\Public\Desktop\Quick Starter.lnk
[2014/01/16 00:53:16 | 000,103,759 | ---- | M] () -- C:\Users\Wasif Sayyed\Documents\sv 2.wma
[2014/01/16 00:52:38 | 000,198,049 | ---- | M] () -- C:\Users\Wasif Sayyed\Documents\sv 1.wma
[2014/01/15 03:46:47 | 000,000,396 | ---- | M] () -- C:\Users\Wasif Sayyed\Documents\reference albums.rtf
[2014/01/13 12:04:41 | 000,836,958 | ---- | M] () -- C:\Users\Wasif Sayyed\Documents\Jasmine Waldorf Curtain Rings.zip
[2014/01/13 12:01:07 | 000,001,269 | ---- | M] () -- C:\Users\Wasif Sayyed\Documents\Jasmine Waldorf curtain rings packaging.rtf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Wasif Sayyed\Documents\*.tmp files -> C:\Users\Wasif Sayyed\Documents\*.tmp -> ]
[1 C:\Users\Wasif Sayyed\Desktop\*.tmp files -> C:\Users\Wasif Sayyed\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/02/06 22:31:04 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2014/02/06 21:53:47 | 000,331,272 | ---- | C] () -- C:\windows\SysNative\athw8x.inf
[2014/02/06 21:53:47 | 000,080,062 | ---- | C] () -- C:\windows\SysNative\athw8x.cat
[2014/02/06 19:43:25 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/06 16:38:40 | 000,030,926 | ---- | C] () -- C:\Users\Wasif Sayyed\Documents\Original Sins review.rtf
[2014/02/06 16:38:40 | 000,000,162 | -H-- | C] () -- C:\Users\Wasif Sayyed\Documents\~$iginal Sins review.rtf
[2014/01/31 17:04:16 | 000,720,373 | ---- | C] () -- C:\windows\unins001.exe
[2014/01/31 17:03:08 | 000,015,247 | ---- | C] () -- C:\windows\unins001.dat
[2014/01/28 13:09:16 | 000,000,162 | -H-- | C] () -- C:\Users\Wasif Sayyed\Documents\~$words.rtf
[2014/01/28 09:47:51 | 000,000,222 | ---- | C] () -- C:\windows\tasks\AutoKMSDaily.job
[2014/01/27 16:36:26 | 000,155,747 | ---- | C] () -- C:\Users\Wasif Sayyed\Documents\Wasif Sayyed CV.pdf
[2014/01/27 15:30:24 | 000,348,160 | ---- | C] () -- C:\Users\Wasif Sayyed\Documents\Database1.accdb
[2014/01/27 15:25:52 | 000,000,226 | ---- | C] () -- C:\windows\tasks\AutoKMS.job
[2014/01/27 15:25:51 | 000,000,184 | ---- | C] () -- C:\windows\AutoKMS.ini
[2014/01/17 14:22:28 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Quick Starter.lnk
[2014/01/16 00:53:00 | 000,103,759 | ---- | C] () -- C:\Users\Wasif Sayyed\Documents\sv 2.wma
[2014/01/16 00:52:14 | 000,198,049 | ---- | C] () -- C:\Users\Wasif Sayyed\Documents\sv 1.wma
[2014/01/13 13:54:49 | 000,002,153 | ---- | C] () -- C:\Users\Wasif Sayyed\Documents\Wasif Sayyed Job Description.rtf
[2014/01/13 12:04:41 | 000,836,958 | ---- | C] () -- C:\Users\Wasif Sayyed\Documents\Jasmine Waldorf Curtain Rings.zip
[2014/01/13 12:01:07 | 000,001,269 | ---- | C] () -- C:\Users\Wasif Sayyed\Documents\Jasmine Waldorf curtain rings packaging.rtf
[2013/09/12 20:52:26 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/05/28 19:07:33 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
[2013/03/29 16:44:01 | 000,715,081 | ---- | C] () -- C:\windows\unins000.exe
[2013/03/29 16:44:01 | 000,046,979 | ---- | C] () -- C:\windows\unins000.dat
[2013/03/27 22:12:25 | 000,000,016 | ---- | C] () -- C:\Users\Wasif Sayyed\AppData\Roaming\msregsvv.dll
[2013/03/27 22:12:25 | 000,000,016 | ---- | C] () -- C:\ProgramData\autobk.inc
[2012/10/05 14:44:36 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012/10/05 14:44:10 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/10/05 14:44:06 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/09/01 12:46:51 | 003,659,268 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/08/05 21:44:48 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/08/05 21:44:22 | 000,963,388 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/07/26 08:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 08:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 07:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/26 01:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 20:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 20:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 14:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/04/20 04:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2013/03/25 22:30:30 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 06:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 05:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 03:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 03:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 03:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/04/06 13:39:11 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/04/06 13:39:11 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2014/02/09 14:26:39 | 000,000,000 | ---D | M] -- C:\Users\Wasif Sayyed\AppData\Roaming\Audacity
[2013/09/30 21:57:35 | 000,000,000 | ---D | M] -- C:\Users\Wasif Sayyed\AppData\Roaming\AVG2014
[2013/03/29 17:08:55 | 000,000,000 | ---D | M] -- C:\Users\Wasif Sayyed\AppData\Roaming\Cableguys
[2013/06/11 18:01:49 | 000,000,000 | ---D | M] -- C:\Users\Wasif Sayyed\AppData\Roaming\Cycling '74
[2013/03/31 17:05:11 | 000,000,000 | ---D | M] -- C:\Users\Wasif Sayyed\AppData\Roaming\Daichi
[2013/03/24 17:36:50 | 000,000,000 | ---D | M] -- C:\Users\Wasif Sayyed\AppData\Roaming\FabFilter
[2013/08/28 22:00:40 | 000,000,000 | ---D | M] -- C:\Users\Wasif Sayyed\AppData\Roaming\FileZilla
[2014/02/01 12:32:20 | 000,000,000 | ---D | M] -- C:\Users\Wasif Sayyed\AppData\Roaming\Glitchmachines
[2013/03/29 17:56:13 | 000,000,000 | ---D | M] -- C:\Users\Wasif Sayyed\AppData\Roaming\IK Multimedia
[2013/03/29 17:39:41 | 000,000,000 | ---D | M] -- C:\Users\Wasif Sayyed\AppData\Roaming\Loomer
[2013/03/24 15:38:13 | 000,000,000 | ---D | M] -- C:\Users\Wasif Sayyed\AppData\Roaming\NUSofting Data
[2014/02/07 13:23:08 | 000,000,000 | ---D | M] -- C:\Users\Wasif Sayyed\AppData\Roaming\REAPER
[2014/02/11 18:48:05 | 000,000,000 | ---D | M] -- C:\Users\Wasif Sayyed\AppData\Roaming\Spotify
[2013/03/08 19:43:40 | 000,000,000 | ---D | M] -- C:\Users\Wasif Sayyed\AppData\Roaming\Synaptics
[2013/03/12 00:05:57 | 000,000,000 | ---D | M] -- C:\Users\Wasif Sayyed\AppData\Roaming\TuneUp Software
[2013/11/11 20:16:09 | 000,000,000 | ---D | M] -- C:\Users\Wasif Sayyed\AppData\Roaming\Waves Audio
 
========== Purity Check ==========
 
 
 
< End of report >

 
Link to post
Share on other sites

OTL Extras logfile created on: 11/02/2014 18:43:39 - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wasif Sayyed\Downloads

64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16750)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

7.89 Gb Total Physical Memory | 5.98 Gb Available Physical Memory | 75.81% Memory free

10.52 Gb Paging File | 7.24 Gb Available in Paging File | 68.82% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 907.09 Gb Total Space | 683.55 Gb Free Space | 75.36% Space Free | Partition Type: NTFS

 

Computer Name: CRANE | User Name: Wasif Sayyed | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-1699152627-3642012173-1828022434-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [FreemiumAnalyze] -- C:\Program Files (x86)\Freemium\Free System Utilities\freemiumContext.exe ANALYSE %1 (Microsoft)

Directory [FreemiumFindEmptyFolders] -- C:\Program Files (x86)\Freemium\Free System Utilities\freemiumContext.exe EMPTYFOLDERS %1 (Microsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [FreemiumAnalyze] -- C:\Program Files (x86)\Freemium\Free System Utilities\freemiumContext.exe ANALYSE %1 (Microsoft)

Directory [FreemiumFindEmptyFolders] -- C:\Program Files (x86)\Freemium\Free System Utilities\freemiumContext.exe EMPTYFOLDERS %1 (Microsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1DE88FAE-2344-4D98-B91E-1A84C44719DF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 

"{27233216-1E7F-4BC1-A362-8B319EBA8A54}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{34CDFB94-88E5-4700-A162-4D247A8C49AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{34D5D2C6-2150-46D4-8CA9-D2E4AEEBA7FB}" = lport=445 | protocol=6 | dir=in | app=system | 

"{356ABF45-0ACE-4036-8728-5E94A01F4C50}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{35B3CA51-5BA6-4DEB-855C-83165E05B90A}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{63C8BEDF-9DBD-415B-8403-C85593714E0F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{65B24CBA-65C7-46D8-8CA0-851DF4C72CF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{69D4BE73-E1D4-4F38-BB71-D93FE7A6F8B6}" = rport=137 | protocol=17 | dir=out | app=system | 

"{700F653D-76C4-4CC5-B40C-67F3686BB71C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{8D360D2A-D0AD-4632-8660-68259C4767F5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{98C2A655-7A9D-4C7C-8212-3421A86DA334}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{A21E11D3-1F24-4AF6-BDF6-D9E5ED610913}" = rport=445 | protocol=6 | dir=out | app=system | 

"{BD5D1C2B-8FDA-4BB1-AE37-AF2D3290AC88}" = rport=139 | protocol=6 | dir=out | app=system | 

"{CD05D515-EF09-4CA8-9035-B79B4C4CD01B}" = lport=138 | protocol=17 | dir=in | app=system | 

"{CE7481FB-8E24-4223-A142-82C3807C8C76}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{D2A4CDC1-BFCA-4CE9-A38E-82A73FCF2B21}" = rport=138 | protocol=17 | dir=out | app=system | 

"{D6C8E4CD-AB22-435D-A5E6-2B117E958983}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{DB78F16D-86BF-4375-B0E6-E4172CD5BF9F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{DF4B4EF5-D847-4D20-86F5-8C476BD295FB}" = lport=139 | protocol=6 | dir=in | app=system | 

"{E4EAE49D-5012-41CC-8FF9-1356C37B1F0D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E86231FA-EC08-4F85-8AB4-658CDD276CC7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{EB877782-35C7-4C24-BC69-C77F27932465}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{ED955FB1-63E8-4B85-8920-78BE6E7840B4}" = lport=137 | protocol=17 | dir=in | app=system | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05E61CD0-A222-4556-B3EB-D59435B04268}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{09F01EDE-2D49-4383-8286-AE426EAE4742}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 

"{0BCB3A8A-D24B-4423-8CA3-A6C7F43D7816}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 


"{1373A99A-4A2E-4030-953C-766E8309E77F}" = protocol=6 | dir=out | app=system | 

"{13A2CD10-1559-41B8-9F3C-D77A63DBBF26}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{1422C801-CAF1-4CCD-9A4D-D848130EAB9E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 

"{16FE6CB2-3D22-4D09-A920-2A9D798BA1A8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 

"{185C260E-7D8C-4049-AD05-F3BAF2DF3F00}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{1980CAC1-FEFC-4A1B-B249-364319366B08}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 

"{2027F0BF-E6E4-4C75-A6D9-632E169545AE}" = dir=out | name=s camera | 

"{271E7408-5D97-4A3C-8F18-9D51F7BBDD76}" = dir=out | name=sky news | 

"{2AEE7769-B2FC-421C-90D2-A4CF7E8370F3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{2C2185D6-0023-4A21-B04F-261263B3F706}" = dir=out | name=fresh paint | 


"{2E5B5C27-F18A-4239-BD8B-7BA2A34F2813}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{2E70F276-AE63-4E58-9954-4204FF694B9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{2F64F1C2-1BD6-42CC-8679-B532D1CCE7C2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{3124A751-BF3B-427D-8270-F04F4B9113CE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{32522C89-16B8-4011-BBD0-1B0986D5A47E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 

"{3BF12F27-0E62-454C-ACFE-BB6E25C0FC1A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 

"{3C0DD2D1-14D0-4E22-8A12-90BE45CB96FC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 

"{3E077989-A6D9-4191-A18F-CD3DFB67D322}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 

"{3E977BB1-82BB-476C-BA1C-3569E9446E86}" = protocol=6 | dir=in | app=c:\users\wasif sayyed\appdata\local\google\google talk plugin\googletalkplugin.exe | 

"{3E9BE476-E59E-4976-BD1E-FC4FF21A8608}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{3F2E6FCA-AAAA-4E5C-BE85-A19B3C33A790}" = dir=out | name=windows_ie_ac_001 | 

"{491C08C0-D5B8-44A8-B85A-E4EFD41B03EE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 

"{4B3BA179-C363-45CE-BF94-084B3E1F341A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 

"{4C3A8006-6A59-4E72-923A-48619CC4986F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 



"{5888D9E1-9925-4320-A7F7-0CE1F8E1696F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 

"{59707810-2F98-4119-A324-F607B469F2A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{5A703010-A7C8-43A0-A716-673C192673DA}" = dir=out | name=skype | 

"{61442831-926E-4715-9168-6A7E402A7A4A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 

"{6293BC1E-5BA6-4B1D-909E-870119A30CFE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{6353ACD5-C72A-45CC-B6AF-5725DCE0D348}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 

"{72D0E089-89FB-4DE6-AE95-C8BEBCCCBD7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{7C049E29-43BC-4CBE-AA51-BC0F1B0A1D15}" = dir=in | name=skype | 

"{7D1934B7-98D6-4C9D-9B22-70BF42591443}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 

"{7F4F7E47-E5CA-49EB-9C94-EE88E9F812E3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 





"{8EFFCE09-0ADD-4833-95F2-75DDAC831B60}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 

"{902730EA-FF4F-4463-BA14-4ED7026CFD9D}" = dir=out | name=music hub | 

"{956A22B3-5E04-4606-8A8F-6C6A5906290C}" = protocol=17 | dir=in | app=c:\users\wasif sayyed\appdata\local\google\google talk plugin\googletalkplugin.exe | 

"{983E3FE2-430A-4F90-9DB0-CA0D6A3A26DB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{9932B766-6069-46BF-8651-9C815786A7C7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 


"{9A3278F8-A459-41DE-8C87-D3B5162B7175}" = dir=in | app=c:\users\wasif sayyed\appdata\local\facebook\video\skype\facebookvideocalling.exe | 

"{A0262794-E761-4236-99EF-49FA826A1707}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{A1702978-FB15-4587-B4F1-A9C824D608C3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{AA2FFB71-3BA1-46B6-A69E-4F166F8CFC27}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 

"{B459DF51-12E8-4054-A4F8-3C11988C57C2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 

"{B4B61F63-F1E8-4183-89CF-C2D9CF91C8EB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{B54B893A-9E71-43AE-96FA-8BC373362FD7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 


"{B7F26480-256A-4D07-A33B-E4EA1CAD314C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{D0DF38C8-38EA-4569-8B78-138E49EF7F41}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{D5D4F068-E77A-490F-BFC2-DF43C6309D4A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"{E594E89A-CDE4-41AB-AF06-8F1341E6C2BA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 


"{E9B868D5-4FD0-49A3-A16D-856816F9B090}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 

"{EC15BBB2-07C4-4172-B5D6-313E47EE2E08}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 

"{F0E8D702-2AB3-4A12-BE0E-EEE1F43338AC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 


"TCP Query User{5AB69826-D9C8-46AB-B453-F5C3DB2A2DDA}C:\users\wasif sayyed\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\wasif sayyed\appdata\roaming\spotify\spotify.exe | 

"TCP Query User{C1149187-BEE4-4EC4-BFD3-5C92ED29724A}C:\users\wasif sayyed\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\wasif sayyed\appdata\roaming\spotify\spotify.exe | 

"TCP Query User{FA694A75-9F5B-43B4-84F8-0A6C03069E24}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"UDP Query User{48C1785A-D8D8-4C38-83A7-6732521651C1}C:\users\wasif sayyed\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\wasif sayyed\appdata\roaming\spotify\spotify.exe | 

"UDP Query User{784734D3-CDD1-4B3A-AEDB-587882D0946E}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"UDP Query User{9AC7A40E-0705-4C7A-8D2C-CDE0C7DC7F60}C:\users\wasif sayyed\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\wasif sayyed\appdata\roaming\spotify\spotify.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5

"{04351EBB-5491-4279-B59A-D96ED9296A85}}_is1" = MiniNova Bundle 1.2

"{043EEF79-513F-4666-B340-B8556AB0EADC}" = Native Instruments Studio Drummer

"{079419C3-9DFC-4571-BAFC-CD79854C684E}" = Native Instruments West Africa

"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center

"{1244CC88-97DF-4694-A720-6F073845DEE2}" = Native Instruments Kontakt Factory Library

"{14C1DD2C-D54E-464A-9588-C109E3E39EEF}" = Native Instruments Vintage Organs

"{188A5482-9167-4177-8916-C13A7F379CB0}" = Native Instruments Solid EQ FX

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{2256CECF-B7D1-4DCA-B0FE-454D0972A4F0}" = Native Instruments Abbey Road 60s Drummer

"{2bfe5e99-6caa-4c5d-86d0-75d97c14d1dc}" = Native Instruments The Giant

"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support

"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014

"{35DE6B98-31C9-4A01-AB64-20A3C71BE1D0}" = Native Instruments Reflektor

"{36ccb7d4-42c7-473e-b293-72e41a8ec766}" = Native Instruments Berlin Concert Grand

"{371B17C3-9624-4583-A497-DF980313D851}" = Native Instruments Absynth 5

"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106

"{3D7275C7-8549-46AF-8B59-82A3EF301B31}" = Support Center

"{481F95A7-229D-4116-82EB-4760F320907A}" = Native Instruments Transient Master FX

"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4b98677f-ef75-4f71-8ef3-5603e3b0cbf7}" = Native Instruments Scarbee Vintage Keys

"{4D1548AC-86A9-49AE-AED2-62ECCC10FA4A}" = Native Instruments Battery 4 Factory Library

"{4FEF843C-5829-4F1B-AC4A-02B1C1D9CD1D}" = Native Instruments Reflektor for Maschine

"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5

"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106

"{5B841301-3649-4891-BC10-7A66820397C9}" = Native Instruments Reaktor Prism

"{5D03CB59-6F91-4097-922C-9DCA057D2A76}" = Native Instruments The Finger R2

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{835e9421-5f20-4491-9a75-baa7af1ea14d}" = Native Instruments Vienna Concert Grand

"{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1" = IK Multimedia Authorization Manager version 1.0.9

"{86F4B370-079C-4EF9-B727-452B85CFA415}" = Native Instruments Retro Machines Mk2

"{8812511F-8D8C-49D3-A711-C9650B2F5566}" = Native Instruments Guitar Rig Pro Library for Maschine

"{8C04CE01-F7B8-4961-884B-6CE7EFFADCD4}" = Native Instruments Reaktor Spark R2

"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{908177CD-FC53-4B56-8BF4-DE422F8D3C75}" = Native Instruments Traktors 12 for Maschine

"{93E2F252-D0F1-461A-9823-A2535D779E6E}" = Native Instruments Rammfire for Maschine

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{979F642F-D2CF-44BE-8272-24733F85D6D9}" = Native Instruments Komplete 9

"{9be187da-7d1c-4e8b-8b66-6132ca7697d8}" = Native Instruments New York Concert Grand

"{a63e8179-0381-4b59-8876-0755be48eb6a}" = Native Instruments Scarbee MM-Bass

"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{AF382DDE-EBE2-4AD5-BA1E-4A69450D6C5B}" = Native Instruments Solid Dynamics FX

"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8

"{BED5CC32-11B2-4EF7-9C9C-8C0160D0C465}" = Native Instruments Battery 4

"{C85A891D-7AB4-46AE-84F0-B0C3FAC82280}" = Help Desk

"{C9BCE8B9-2510-48D4-B93A-EA7BEA81D6E7}" = Native Instruments Traktors 12

"{CED9FF0B-8D06-484E-857F-3584CE167952}" = Native Instruments Session Strings

"{CF14C576-C523-4754-A46C-F6D16EDE8A0A}" = Native Instruments Solid Bus Comp FX

"{CFEA455B-E368-45B2-A01E-1C3A6C0F06B6}" = S Agent

"{D597935A-5F0E-44F8-A028-A0EF9C647D95}" = Native Instruments Rammfire

"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes

"{d8650fdb-9422-4a07-9f57-585c06d9d760}" = Native Instruments Upright Piano

"{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1" = AmpliTube 3 version 3.10.0

"{e72f86b6-d2cd-4ec8-a510-286eee52b446}" = Native Instruments Monark

"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5

"{EC36E2BC-86F7-44C9-84B2-93930F0FBDBF}" = Quick Starter

"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client

"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64

"{F95BF201-C9AE-4215-883A-EC12A0D88C58}" = AVG 2014

"4214A1CFC1A368A5078729BFD4B211F0CDB5CEC5" = Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0)

"9F04C462DAB591BDCCE784F77E4D4F1736010B92" = Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735)

"AVG" = AVG 2014

"CCleaner" = CCleaner

"Focusrite USB 2.0 Audio Driver_is1" = Focusrite USB 2.0 Audio Driver 2.4

"Novation USB Audio Driver_is1" = Novation USB Audio Driver 2.4

"polyKB II CM_is1" = polyKB II CM

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"US122 Driver_is1" = US122 Driver 3.40

"WinRAR archiver" = WinRAR 4.20 (64-bit)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0BF82F4F-37CC-4A00-A20E-B24AA8D90160}_is1" = Fracture version 1.0

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform

"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Recovery

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1" = Custom Shop version 1.1.0

"{233B918E-99FD-4643-BEDD-A9855A56FC3A}" = Windows Live UX Platform Language Pack

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program

"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform

"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8

"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials

"{35BD47F4-C19B-474F-AACC-E8C0BE38148A}" = Photo Common

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{41101F0C-DBD9-321C-A6B1-E0689B495A4E}" = Google Talk Plugin

"{41644B7F-F524-4E07-89AE-585D18B05EA6}_is1" = SynthMasterCM VSTi Software Synthesizer Plug-In version 1.0.4.7

"{4689F012-C8E3-4F6E-BDEF-13671D53A6DC}" = Windows Live UX Platform Language Pack

"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support

"{4C0D8B3E-63F0-4773-83F5-C5B7795B0FB8}" = Photo Gallery

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3

"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE

"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions

"{52E5DE60-C96B-42CC-9A37-FE04725940AE}" = Settings

"{5547725A-B333-475C-93C7-3B89267A72D4}" = Support Center FAQ

"{57EC0BAF-E65F-4758-A6AB-586535C870A2}" = Windows Live Essentials

"{61889FC7-9738-439A-96B3-17AF981BDDEF}" = Movie Maker

"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack

"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}" = User Guide

"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106

"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{741ECBB6-1A0B-42F1-A7BF-76222734A63A}" = Movie Maker

"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78F35489-621D-4FFD-BCE7-2C7C3897E47C}" = Windows Live

"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker

"{86CAC8DE-288A-410D-A4A4-0190060E69AE}" = Raccolta foto

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447

"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110

"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{91000001-C561-4E32-99EB-3C5AD3683A70}" = Waves Complete V9r14

"{91786428-D4AA-476D-8AF9-A63FFAC2901F}" = Allshare Play Link

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9846E46F-07E0-4BDF-985A-E3FBA8C15877}" = Movie Maker

"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent

"{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}" = Easy File Share

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1" = Bass Station 1.9

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI

"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie

"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common

"{B6829511-95BB-46FC-9030-957D54B8EFE2}" = Windows Live UX Platform Language Pack

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B6D12710-26FC-11DF-AA8E-AE2756D89593}_is1" = RhinoCM 2.09

"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform

"{D531FC91-6F4E-49A7-B912-15289D05B6F8}" = Photo Common

"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker

"{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1" = Scarlett Plug-in Suite 1.4

"{DA06101F-FD76-4BF0-88BD-B26A197005E3}" = SW Update

"{DC2CB432-D3B9-4F81-8ACB-7775FD5202E5}" = Photo Common

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106

"{EBFCBD05-77A3-4FC3-A6D2-27218B61D957}" = Windows Live Essentials

"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F321FD31-FE5B-40A8-98A6-AC3F06D73A64}" = Free SystemUtilities

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package

"{FE8DFDD0-A543-4A83-B7A9-C411138194D5}" = Galerie de photos

"Audacity_is1" = Audacity 2.0.3

"AudioRealism Drum Machine_is1" = ADM 1.2.2 CM

"AVG SafeGuard toolbar" = AVG SafeGuard toolbar

"Bleep VSTi" = Bleep VSTi

"Camel Audio Alchemy" = Camel Audio Alchemy

"Camel Audio CamelCrusher" = Camel Audio CamelCrusher

"CM Alpha" = CM Alpha

"Cumulus" = Loomer Cumulus

"daHornet VSTi V1.34_is1" = daHornet Version 1.34

"Dune CM (Computer Music)_is1" = Dune CM (Computer Music)

"FabFilter Pro-Q 1.21" = FabFilter Pro-Q 1.21

"FileZilla Client" = FileZilla Client 3.6.0.2

"Glitch One MB VSTi V1.0b_is1" = Glitch One MB VSTi Version 1.0b

"Google Chrome" = Google Chrome

"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"Intel AppUp(SM) center 33070" = Intel AppUp(SM) center

"LAME_is1" = LAME v3.99.3 (for Windows)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"MPKminiEditor" = MPK mini Editor

"Native Instruments Abbey Road 60s Drummer" = Native Instruments Abbey Road 60s Drummer

"Native Instruments Absynth 5" = Native Instruments Absynth 5

"Native Instruments Battery 4" = Native Instruments Battery 4

"Native Instruments Battery 4 Factory Library" = Native Instruments Battery 4 Factory Library

"Native Instruments Berlin Concert Grand" = Native Instruments Berlin Concert Grand

"Native Instruments FM8" = Native Instruments FM8

"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5

"Native Instruments Guitar Rig Pro Library for Maschine" = Native Instruments Guitar Rig Pro Library for Maschine

"Native Instruments Komplete 9" = Native Instruments Komplete 9

"Native Instruments Kontakt 5" = Native Instruments Kontakt 5

"Native Instruments Kontakt Factory Library" = Native Instruments Kontakt Factory Library

"Native Instruments Massive" = Native Instruments Massive

"Native Instruments Monark" = Native Instruments Monark

"Native Instruments New York Concert Grand" = Native Instruments New York Concert Grand

"Native Instruments Rammfire" = Native Instruments Rammfire

"Native Instruments Rammfire for Maschine" = Native Instruments Rammfire for Maschine

"Native Instruments Reaktor 5" = Native Instruments Reaktor 5

"Native Instruments Reaktor Prism" = Native Instruments Reaktor Prism

"Native Instruments Reaktor Spark R2" = Native Instruments Reaktor Spark R2

"Native Instruments Reflektor" = Native Instruments Reflektor

"Native Instruments Reflektor for Maschine" = Native Instruments Reflektor for Maschine

"Native Instruments Retro Machines Mk2" = Native Instruments Retro Machines Mk2

"Native Instruments Scarbee MM-Bass" = Native Instruments Scarbee MM-Bass

"Native Instruments Scarbee Vintage Keys" = Native Instruments Scarbee Vintage Keys

"Native Instruments Service Center" = Native Instruments Service Center

"Native Instruments Session Strings" = Native Instruments Session Strings

"Native Instruments Solid Bus Comp FX" = Native Instruments Solid Bus Comp FX

"Native Instruments Solid Dynamics FX" = Native Instruments Solid Dynamics FX

"Native Instruments Solid EQ FX" = Native Instruments Solid EQ FX

"Native Instruments Studio Drummer" = Native Instruments Studio Drummer

"Native Instruments The Finger R2" = Native Instruments The Finger R2

"Native Instruments The Giant" = Native Instruments The Giant

"Native Instruments Traktors 12" = Native Instruments Traktors 12

"Native Instruments Traktors 12 for Maschine" = Native Instruments Traktors 12 for Maschine

"Native Instruments Transient Master FX" = Native Instruments Transient Master FX

"Native Instruments Upright Piano" = Native Instruments Upright Piano

"Native Instruments Vienna Concert Grand" = Native Instruments Vienna Concert Grand

"Native Instruments Vintage Organs" = Native Instruments Vintage Organs

"Native Instruments West Africa" = Native Instruments West Africa

"Office14.SingleImage" = Microsoft Office Professional 2010

"Plants vs. Zombies" = Plants vs. Zombies

"PriceGong" = PriceGong 2.6.11

"REAPER" = REAPER

"RG-Muted_is1" = Rob Papen RG-Muted

"Swatches" = AAS - Swatches

"Symptohm PE VST2" = Ohm Force - Symptohm PE VST2

"WinLiveSuite" = Windows Live

"Xerox PhotoCafe" = Xerox PhotoCafe

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1699152627-3642012173-1828022434-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Spotify" = Spotify

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 31/01/2014 11:41:04 | Computer Name = Crane | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "C:\Program Files (x86)\Waves\Applications\GTR

 3.5.exe".Error in manifest or policy file "C:\Program Files (x86)\Waves\Applications\WavesQtLibs_4.7.3_Win32_Release\WavesQtLibs_4.7.3_Win32_Release.MANIFEST"

 on line 8.  Component identity found in manifest does not match the identity of the

 component requested.  Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0".

Definition

 is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0".

Please

 use sxstrace.exe for detailed diagnosis.

 

Error - 31/01/2014 12:20:50 | Computer Name = Crane | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 31/01/2014 12:20:50 | Computer Name = Crane | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1204

 

Error - 31/01/2014 12:20:50 | Computer Name = Crane | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1204

 

Error - 31/01/2014 13:15:46 | Computer Name = Crane | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 31/01/2014 13:15:46 | Computer Name = Crane | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1187

 

Error - 31/01/2014 13:15:46 | Computer Name = Crane | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1187

 

Error - 31/01/2014 13:26:30 | Computer Name = Crane | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 31/01/2014 13:26:30 | Computer Name = Crane | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1171

 

Error - 31/01/2014 13:26:30 | Computer Name = Crane | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1171

 

[ System Events ]

Error - 22/01/2014 23:07:28 | Computer Name = Crane | Source = DCOM | ID = 10010

Description = 

 

Error - 22/01/2014 23:07:28 | Computer Name = Crane | Source = DCOM | ID = 10010

Description = 

 

Error - 22/01/2014 23:07:28 | Computer Name = Crane | Source = DCOM | ID = 10010

Description = 

 

Error - 22/01/2014 23:07:28 | Computer Name = Crane | Source = DCOM | ID = 10010

Description = 

 

Error - 22/01/2014 23:07:28 | Computer Name = Crane | Source = DCOM | ID = 10010

Description = 

 

Error - 22/01/2014 23:07:28 | Computer Name = Crane | Source = DCOM | ID = 10010

Description = 

 

Error - 22/01/2014 23:07:28 | Computer Name = Crane | Source = DCOM | ID = 10010

Description = 

 

Error - 22/01/2014 23:07:28 | Computer Name = Crane | Source = DCOM | ID = 10010

Description = 

 

Error - 22/01/2014 23:07:28 | Computer Name = Crane | Source = DCOM | ID = 10010

Description = 

 

Error - 22/01/2014 23:08:06 | Computer Name = Crane | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

 response from the iphlpsvc service.

 

 

< End of report >
Link to post
Share on other sites

Step 1

Please uninstall the following application: PriceGong 2.6.11

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
Link to post
Share on other sites

Many thanks for your help!
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.1 (02.04.2014:1)

OS: Windows 8 x64

Ran by Wasif Sayyed on 13/02/2014 at 14:42:51.50

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1699152627-3642012173-1828022434-1001\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default

 

 

 

~~~ Registry Keys

 

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mixidj

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\powerpack

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\mixidj

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\babylon

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Failed to delete: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Failed to delete: [Folder] "C:\Program Files (x86)\mixidj"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 13/02/2014 at 14:48:06.02

End of JRT log

 

 

 

 

 

 

 

 

 

 

 

 

# AdwCleaner v3.018 - Report created 13/02/2014 at 14:52:55

# Updated 28/01/2014 by Xplode

# Operating System : Windows 8  (64 bits)

# Username : Wasif Sayyed - CRANE

# Running from : C:\Users\Wasif Sayyed\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

[#] Service Deleted : SystemStoreService

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Program Files (x86)\mixidj

Folder Deleted : C:\Program Files (x86)\SoftwareUpdater

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Deleted : C:\Users\Wasif Sayyed\AppData\Local\SoftwareUpdater

Folder Deleted : C:\Users\Wasif Sayyed\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

File Deleted : C:\windows\System32\Tasks\Software Updater Ui

File Deleted : C:\windows\System32\Tasks\Software Updater

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\mixidj

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16798

 

 

-\\ Google Chrome v32.0.1700.107

 

[ File : C:\Users\Wasif Sayyed\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [6217 octets] - [13/02/2014 14:52:49]

AdwCleaner[s0].txt - [6258 octets] - [13/02/2014 14:52:55]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6318 octets] ##########

Link to post
Share on other sites

And MalwareBytes no malicious items detected report:
 

2014/02/13 00:23:49 GMT CRANE Wasif Sayyed MESSAGE Starting database refresh
2014/02/13 00:23:49 GMT CRANE Wasif Sayyed MESSAGE Stopping IP protection
2014/02/13 00:23:49 GMT CRANE Wasif Sayyed MESSAGE IP Protection stopped successfully
2014/02/13 00:23:52 GMT CRANE Wasif Sayyed MESSAGE Database refreshed successfully
2014/02/13 00:23:52 GMT CRANE Wasif Sayyed MESSAGE Starting IP protection
2014/02/13 00:23:54 GMT CRANE Wasif Sayyed MESSAGE IP Protection started successfully
2014/02/13 08:44:55 GMT CRANE (null) MESSAGE Starting protection
2014/02/13 08:44:55 GMT CRANE (null) MESSAGE Protection started successfully
2014/02/13 08:44:55 GMT CRANE (null) MESSAGE Starting IP protection
2014/02/13 08:44:56 GMT CRANE (null) MESSAGE IP Protection started successfully
2014/02/13 14:59:26 GMT CRANE Wasif Sayyed MESSAGE Starting protection
2014/02/13 14:59:27 GMT CRANE Wasif Sayyed MESSAGE Protection started successfully
2014/02/13 14:59:27 GMT CRANE Wasif Sayyed MESSAGE Starting IP protection
2014/02/13 14:59:28 GMT CRANE Wasif Sayyed MESSAGE IP Protection started successfully
2014/02/13 15:06:31 GMT CRANE Wasif Sayyed MESSAGE Starting database refresh
2014/02/13 15:06:31 GMT CRANE Wasif Sayyed MESSAGE Stopping IP protection
2014/02/13 15:06:31 GMT CRANE Wasif Sayyed MESSAGE IP Protection stopped successfully
2014/02/13 15:06:33 GMT CRANE Wasif Sayyed MESSAGE Database refreshed successfully
2014/02/13 15:06:33 GMT CRANE Wasif Sayyed MESSAGE Starting IP protection
2014/02/13 15:06:34 GMT CRANE Wasif Sayyed MESSAGE IP Protection started successfully


MAny thanks for your help
Link to post
Share on other sites

Hi there, sorry about delay, I was away with work. I have followed the malwarebytes scan instructions but no malicious items were detected and I was not unable to therefore 'select' or 'disinfect' or anything like that. Please see below as ths is the latest log. Please advise? Many thanks

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.17.08
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Wasif Sayyed :: CRANE [limited]
 
Protection: Enabled
 
18/02/2014 00:08:37
mbam-log-2014-02-18 (00-08-37).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219003
Time elapsed: 8 minute(s), 38 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
Link to post
Share on other sites

Hi there, things appear to be fine. They were okay before though as Malware bytes was not detecting anything and I was only made aware when AVG asked me if I still wanted to snap.do as homepage or for it to be changed to AVG (even though snap.do wasn't interfering with my searches at that point.) I assume the previous steps I was told to take have rectified the issue?

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.