theredog

Members
  • Content Count

    89
  • Joined

  • Last visited

Everything posted by theredog

  1. M Bam came up clean and after running Delfix the two new things on the desktop are gone! Delfix: # DelFix v1.010 - Logfile created 06/05/2015 at 17:29:47 # Updated 26/04/2015 by Xplode # Username : Redog - T00T1E_3564 # Operating System : Windows 7 Professional Service Pack 1 (64 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\RegBackup Deleted : HKLM\SOFTWARE\OldTimer Tools Deleted : HKLM\SOFTWARE\AdwCleaner ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #316 [scheduled Checkpoint | 04/25/2015 04:00:01] Deleted : RP #317 [installed AVG 2015 | 05/02/2015 18:28:30] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  2. I noticed that these are new on my desktop: One says: [.ShellClassInfo] [email protected]%SystemRoot%\system32\shell32.dll,-21799 [LocalizedFileNames] CyberLink [email protected]:\PROGRA~2\CYBERL~1\Power2Go\MUITRA~1\EnvRes.dll,-1 and the other says: [.ShellClassInfo] [email protected]%SystemRoot%\system32\shell32.dll,-21769 IconResource=%SystemRoot%\system32\imageres.dll,-183
  3. I really didn't have a problem. I just suspected issues because of the two streaming sites I went to for watching the big fight Saturday night. I'll run Malwarebytes again and see if the same 7 come up.
  4. No??? I close browsers before running these programs?????????
  5. OK, I had to delete Farber and download it again. I inserted script, including start and end in the search box and clicked fix. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2015 01 Ran by Redog at 2015-05-06 17:01:10 Run:1 Running from C:\Users\Redog\Desktop\CNET Loaded Profiles: Redog (Available profiles: Redog) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CloseProcesses: SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO-x32: No Name -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> No File R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-01-14] () [File not signed] EmptyTemp: Hosts: CMD: ipconfig /flushdns End ***************** Processes closed successfully. HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" => Key deleted successfully. sptd => Unable to stop service sptd => Error deleting Service C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => Removed 885.5 MB temporary data. The system needed a reboot. ==== End of Fixlog 17:01:39 ====
  6. Include "start" and "end"? Where do I use this script? I said earlier that I tried Farber again and it locked up. "Not Responding"
  7. Farber. You said run Farber and there is no run. I hit scan and it finished in a few minutes. Then I hit fix and it said something like, nothing found. I close browsers when running these programs. I have AVG turned off too.
  8. I hit scan and when it finished I clicked fix and nothing happened. I tried OTL again and it locked up at Firefox. Tried Farber again and it says new update please wait, then locks up. "Not Responding"
  9. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015 Ran by Redog (administrator) on T00T1E_3564 on 06-05-2015 16:00:17 Running from C:\Users\Redog\Desktop\CNET Loaded Profiles: Redog (Available profiles: Redog) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe (Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Windows Media Player\WMPSideShowGadget.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDClock.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1680976 2010-10-28] (Logitech, Inc.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [104008 2010-11-16] (Logitech Inc.) HKLM\...\Run: [soundMAX] => C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\...\MountPoints2: {6dafcf36-6221-11e0-ad60-0015af507bd9} - I:\TL-Bootstrap.exe ShellIconOverlayIdentifiers: [iDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-02-21] (Internet Download Manager, Tonec Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO-x32: No Name -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> No File BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-14] (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-14] (Oracle Corporation) DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab Tcpip\Parameters: [DhcpNameServer] 192.168.2.254 Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{1D8293A4-E241-49E4-90A2-0984EF22F4E2}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{2AA19AB9-C644-4FF0-AF23-587D08155F27}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{45E6870D-0465-4503-86F8-2B8236229B3C}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{76EE4D70-CE2F-4E18-B96B-D25F4F437B55}: [NameServer] 8.8.8.8,8.8.4.4 FireFox: ======== FF ProfilePath: C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default FF DefaultSearchEngine: DuckDuckGo FF DefaultSearchEngine.US: DuckDuckGo FF Homepage: https://duckduckgo.com/ FF Keyword.URL: FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-29] () FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-04-08] (Microsoft Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-29] () FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-14] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-14] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-04-08] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-14] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-14] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\searchplugins\duckduckgo-1.xml [2013-02-06] FF SearchPlugin: C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\searchplugins\duckduckgo.xml [2013-02-06] FF SearchPlugin: C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\searchplugins\scroogle-ssl.xml [2012-02-02] FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\Extensions\[email protected] [2014-11-21] FF Extension: WOT - C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-06-21] FF Extension: AutoProxy - C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\Extensions\[email protected] [2015-04-24] FF Extension: anonymoX - C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\Extensions\[email protected] [2014-06-21] FF Extension: Hide My Ass Proxy Extension - C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\Extensions\[email protected] [2014-06-21] FF Extension: Flagfox - C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-06-21] FF Extension: NoScript - C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-21] FF Extension: Adblock Plus - C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-01] FF HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\...\Firefox\Extensions: [[email protected]] - C:\Users\Redog\AppData\Roaming\IDM\idmmzcc5 FF Extension: IDM CC - C:\Users\Redog\AppData\Roaming\IDM\idmmzcc5 [2015-04-02] FF HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WordWeb\\WCaptureMoz FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\\WCaptureMoz [2015-01-26] FF HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Redog\AppData\Roaming\IDM\idmmzcc5 Chrome: ======= CHR Profile: C:\Users\Redog\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (IDM Integration Module) - C:\Users\Redog\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2015-04-14] CHR Extension: (Google Wallet) - C:\Users\Redog\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20] CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20] CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-04-20] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [457200 2009-06-02] () R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation) S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.) R2 BOT4Service; C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [32240 2010-07-14] () S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-23] (CyberLink) R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-04-22] (Hewlett-Packard Company) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] () S3 RoxMediaDB13; C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [1099248 2010-07-16] (Sonic Solutions) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 HPSLPSVC; C:\Users\Redog\AppData\Local\Temp\7zS4FC9\hpslpsvc64.dll [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [284128 2015-04-09] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [213984 2015-03-11] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [256992 2015-04-15] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [344544 2015-03-11] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [137184 2015-04-03] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [291296 2015-04-07] (AVG Technologies CZ, s.r.o.) R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2010-04-20] (Cyberlink Co.,Ltd.) R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376816 2010-04-20] (CyberLink Corporation.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2012-01-14] () [File not signed] R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-06 16:00 - 2015-05-06 16:00 - 00000000 ____D () C:\FRST 2015-05-03 01:42 - 2015-05-03 01:42 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-T00T1E_3564-Windows-7-Professional-(64-bit).dat 2015-05-03 01:41 - 2015-05-03 01:41 - 00000000 ____D () C:\RegBackup 2015-04-25 13:30 - 2015-05-02 09:46 - 00000000 ____D () C:\Users\Redog\AppData\Roaming\tor 2015-04-20 08:53 - 2015-04-17 21:06 - 00195056 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys 2015-04-15 13:06 - 2015-04-15 13:06 - 00256992 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys 2015-04-15 00:23 - 2015-04-15 00:24 - 00000000 ___SD () C:\Windows\system32\GWX 2015-04-15 00:23 - 2015-04-15 00:23 - 00000000 ___SD () C:\Windows\SysWOW64\GWX 2015-04-15 00:23 - 2015-04-15 00:23 - 00000000 ____D () C:\Windows\system32\appraiser 2015-04-15 00:22 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-04-15 00:22 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-04-15 00:22 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-04-15 00:22 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-04-15 00:22 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-04-15 00:22 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-04-15 00:22 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-04-15 00:22 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-04-15 00:22 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2015-04-15 00:03 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-04-15 00:03 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-04-15 00:03 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-04-15 00:03 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-04-15 00:03 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-04-15 00:03 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-04-15 00:03 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-04-15 00:03 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-04-15 00:03 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-04-15 00:03 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-04-15 00:03 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-04-15 00:03 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-04-15 00:03 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-04-15 00:03 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-04-15 00:03 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-04-15 00:03 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-04-15 00:03 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-04-15 00:03 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-04-15 00:03 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-04-15 00:03 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-04-15 00:03 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-04-15 00:03 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-04-15 00:03 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-04-15 00:03 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-04-15 00:03 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-04-15 00:03 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-04-15 00:03 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-04-15 00:03 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-04-15 00:03 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-04-15 00:03 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-04-15 00:03 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-04-15 00:03 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-04-15 00:03 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-04-15 00:03 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-04-15 00:03 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-04-15 00:03 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-04-15 00:03 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-04-15 00:03 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-04-15 00:03 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-04-15 00:03 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-04-15 00:03 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-04-15 00:03 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-04-15 00:03 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-04-15 00:03 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-04-15 00:03 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-04-15 00:03 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-04-15 00:03 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-04-15 00:03 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-04-15 00:03 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-04-15 00:03 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-04-15 00:03 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-04-15 00:03 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-04-15 00:03 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-04-15 00:03 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-04-15 00:03 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-04-15 00:03 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-04-15 00:03 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-04-15 00:03 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-04-14 23:47 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-04-14 23:47 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-04-14 23:47 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-04-14 23:47 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-04-14 23:47 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-04-14 23:47 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-04-14 23:47 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-04-14 23:47 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-04-14 23:47 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-04-14 23:47 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-04-14 23:47 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-04-14 23:47 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-04-14 23:47 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-04-14 23:47 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-04-14 23:47 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-04-14 23:47 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-04-14 23:47 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-04-14 23:47 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-04-14 23:47 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-04-14 23:47 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-04-14 23:47 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-04-14 23:47 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-04-14 23:47 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-04-14 23:47 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-04-14 23:47 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-04-14 23:47 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-04-14 23:47 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-04-14 23:47 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-04-14 23:47 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-04-14 23:47 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-04-14 23:47 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-04-14 23:47 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-04-14 23:47 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-04-14 23:47 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-04-14 23:47 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-04-14 23:47 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-04-14 23:47 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-04-14 23:47 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-04-14 23:47 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-04-14 23:47 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-04-14 23:47 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-04-14 23:47 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-04-14 23:47 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2015-04-14 23:47 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2015-04-14 23:47 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2015-04-14 23:47 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2015-04-14 23:45 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-04-14 23:45 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-04-14 23:45 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-04-14 23:45 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-04-14 23:45 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-04-14 23:45 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-04-14 23:45 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-04-14 23:45 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-04-14 23:45 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-04-14 23:45 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-04-14 23:45 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-04-14 23:45 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-04-14 23:45 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-04-14 23:45 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-04-14 23:45 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-04-14 23:45 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-04-14 23:42 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-04-14 23:42 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-04-14 23:42 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys 2015-04-14 23:41 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys 2015-04-14 23:41 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll 2015-04-14 23:41 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll 2015-04-14 23:17 - 2015-04-30 08:29 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-04-14 23:17 - 2015-04-14 23:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-04-14 22:58 - 2015-05-06 15:03 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-04-14 22:58 - 2015-05-06 12:15 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-04-14 22:58 - 2015-04-14 22:58 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-04-14 22:58 - 2015-04-14 22:58 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-04-09 14:11 - 2015-04-09 14:11 - 00284128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys 2015-04-08 08:42 - 2015-04-14 22:44 - 00000000 ____D () C:\ProgramData\BlueStacks 2015-04-08 08:41 - 2015-04-08 09:24 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2015-04-07 12:39 - 2015-04-07 12:39 - 00291296 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-05-06 16:00 - 2013-12-19 08:40 - 00000000 ____D () C:\Users\Redog\Desktop\CNET 2015-05-06 15:59 - 2014-03-08 14:20 - 00000000 ____D () C:\Users\Redog\AppData\Roaming\vlc 2015-05-06 12:28 - 2011-04-10 12:36 - 00000000 ____D () C:\ProgramData\Sonic 2015-05-06 12:23 - 2009-07-14 00:45 - 00015376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-05-06 12:23 - 2009-07-14 00:45 - 00015376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-05-06 12:21 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-05-06 12:19 - 2011-02-15 06:22 - 01114651 _____ () C:\Windows\WindowsUpdate.log 2015-05-06 12:15 - 2011-04-09 22:47 - 00767936 _____ () C:\Windows\PFRO.log 2015-05-06 12:15 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-05-06 12:15 - 2009-07-14 00:51 - 00085248 _____ () C:\Windows\setupact.log 2015-05-06 12:14 - 2013-12-04 05:49 - 00000000 ____D () C:\AdwCleaner 2015-05-06 11:43 - 2013-12-04 19:29 - 00000000 ____D () C:\Users\Redog\AppData\Roaming\DMCache 2015-05-06 11:36 - 2011-04-08 18:54 - 00000000 ____D () C:\ProgramData\MFAData 2015-05-06 09:23 - 2014-06-12 10:44 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-05-06 09:09 - 2011-08-30 00:31 - 00000000 ____D () C:\Users\Redog\AppData\Roaming\BitTorrent 2015-05-06 08:43 - 2014-08-17 20:27 - 00000000 ____D () C:\Program Files\PeerBlock 2015-05-03 23:07 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-05-03 19:27 - 2011-05-03 09:27 - 00009205 _____ () C:\Users\Redog\Desktop\RapidShare rules conditions.txt 2015-05-02 14:29 - 2014-03-31 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-04-24 23:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache 2015-04-23 08:29 - 2012-11-24 22:46 - 01528300 _____ () C:\Users\Redog\AppData\Local\rx_audio.Cache 2015-04-23 08:12 - 2014-09-24 21:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-04-22 00:01 - 2011-04-09 23:14 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager 2015-04-20 23:23 - 2011-04-09 23:14 - 00000000 ____D () C:\Users\Redog\AppData\Roaming\IDM 2015-04-15 20:19 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat 2015-04-15 00:23 - 2014-05-02 07:56 - 00000000 ___SD () C:\Windows\system32\CompatTel 2015-04-15 00:10 - 2014-02-12 00:09 - 00774632 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2015-04-15 00:09 - 2013-07-11 20:05 - 00000000 ____D () C:\Windows\system32\MRT 2015-04-15 00:05 - 2011-04-09 03:35 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-04-14 23:17 - 2011-11-09 12:03 - 00000000 ____D () C:\Program Files (x86)\Google 2015-04-14 22:58 - 2011-04-08 16:57 - 00000000 ____D () C:\Users\Redog\AppData\Local\Deployment 2015-04-14 22:56 - 2013-09-24 06:00 - 00000000 ____D () C:\ProgramData\Oracle 2015-04-14 22:55 - 2014-08-11 12:42 - 00000000 ____D () C:\Program Files (x86)\Java 2015-04-14 22:54 - 2014-08-11 12:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-04-14 22:44 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries ==================== Files in the root of some directories ======= 2011-05-03 21:40 - 2012-11-08 19:57 - 0099384 _____ () C:\Users\Redog\AppData\Roaming\inst.exe 2011-05-03 21:40 - 2012-11-08 19:57 - 0007859 _____ () C:\Users\Redog\AppData\Roaming\pcouffin.cat 2011-05-03 21:40 - 2012-11-08 19:57 - 0001167 _____ () C:\Users\Redog\AppData\Roaming\pcouffin.inf 2011-05-03 21:40 - 2012-11-08 19:57 - 0000033 _____ () C:\Users\Redog\AppData\Roaming\pcouffin.log 2011-05-03 21:40 - 2012-11-08 19:57 - 0082816 _____ (VSO Software) C:\Users\Redog\AppData\Roaming\pcouffin.sys 2011-08-29 17:50 - 2011-09-09 00:27 - 0000520 _____ () C:\Users\Redog\AppData\Roaming\SamsungLiveUpdateConfig.ini 2014-06-17 07:49 - 2014-06-17 07:49 - 0002075 _____ () C:\Users\Redog\AppData\Local\recently-used.xbel 2013-10-08 12:51 - 2014-03-08 18:56 - 0007625 _____ () C:\Users\Redog\AppData\Local\resmon.resmoncfg 2012-11-24 22:46 - 2015-04-23 08:29 - 1528300 _____ () C:\Users\Redog\AppData\Local\rx_audio.Cache 2011-09-25 21:14 - 2015-01-31 23:47 - 10342288 _____ () C:\Users\Redog\AppData\Local\rx_image32.Cache 2011-05-13 09:26 - 2011-08-31 19:19 - 0000040 ___SH () C:\ProgramData\.zreglib 2011-05-07 06:30 - 2012-05-02 06:02 - 0000290 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some content of TEMP: ==================== C:\Users\Redog\AppData\Local\Temp\AskSLib.dll C:\Users\Redog\AppData\Local\Temp\ExPromo.exe C:\Users\Redog\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Redog\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-24 23:11 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-05-2015 Ran by Redog at 2015-05-06 16:00:53 Running from C:\Users\Redog\Desktop\CNET Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1659189456-1754463573-1767136624-500 - Administrator - Disabled) Guest (S-1-5-21-1659189456-1754463573-1767136624-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1659189456-1754463573-1767136624-1002 - Limited - Enabled) Redog (S-1-5-21-1659189456-1754463573-1767136624-1001 - Administrator - Enabled) => C:\Users\Redog ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2015 (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 1Click DVD Copy Pro 4.2.7.9 (HKLM-x32\...\1Click DVD Copy Pro_is1) (Version: - LG Software Innovations) 7-Zip 9.21 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated) Adobe Reader X (10.1.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated) ATI Catalyst Install Manager (HKLM\...\{C5970161-E13E-6661-BBDA-A08268313C83}) (Version: 3.0.808.0 - ATI Technologies, Inc.) AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5941 - AVG Technologies) AVG 2015 (Version: 15.0.4342 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.5941 - AVG Technologies) Hidden Chessmaster 10th Edition (HKLM-x32\...\InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}) (Version: 1.00.0000 - Ubisoft) Chessmaster 10th Edition (x32 Version: 1.00.0000 - Ubisoft) Hidden Click-N-Ship for Business® (HKLM-x32\...\{15C77FC3-8137-4A5E-8F81-F559045DD6B0}) (Version: 4.1.572.0 - United States Postal Service) CodeStuff Starter (HKLM-x32\...\CodeStuff Starter) (Version: 5.6.2.9 - CodeStuff) CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3226 - CyberLink Corp.) CyberLink InstantBurn (HKLM-x32\...\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}) (Version: 5.0.6420 - CyberLink Corp.) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2911 - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.) CyberLink PowerBackup (HKLM-x32\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.6023 - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3708 - CyberLink Corp.) CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.3624.52 - CyberLink Corp.) CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.2820 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Damnation (HKLM-x32\...\{C3C697E8-9183-4088-994C-2662166830BC}) (Version: 1.00.0000 - Codemasters) Damnation (x32 Version: 1.00.0000 - Codemasters) Hidden DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink) DVD43 Plug-in v1.0.0.5 (HKLM-x32\...\DVD43 Plug-in_is1) (Version: - ) EA Download Manager (HKLM-x32\...\EADM) (Version: 5.1.0.4 - Electronic Arts, Inc.) Easy GIF Animator 6.1 (HKLM-x32\...\Easy GIF Animator_is1) (Version: Easy GIF Animator 6.0 - Karlis Blumentals) EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - ) eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden FW LiveUpdate (HKLM-x32\...\{11F5D779-7BD9-465A-BBC4-10701386BCB9}) (Version: 2.0.6.2 - SAMSUNG) GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.) Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden Host OpenAL (ADI) (HKLM-x32\...\Host OpenAL (ADI)) (Version: - ) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!) Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation) Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche Studios) LightScribe System Software (HKLM-x32\...\{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}) (Version: 1.18.14.1 - LightScribe) Logitech Gaming Software 7.00 (HKLM\...\{690285C2-2481-44FB-8402-162EA970A6DD}) (Version: 7.00.291 - Logitech Inc.) Logitech SetPoint 6.22 (HKLM\...\sp6) (Version: 6.22.24 - Logitech) Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Marble (remove only) (HKLM-x32\...\Marble) (Version: - ) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Streets & Trips 2010 (HKLM-x32\...\{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}) (Version: 17.0.18.2200 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) MotoGP 08 (HKLM-x32\...\{BDA825AD-D60B-4935-9590-B0F1AC2E0D22}) (Version: 1.00.0000 - Capcom) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 37.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 en-US)) (Version: 37.0.2 - Mozilla) MPC-HC 1.7.3 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.3 - MPC-HC Team) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA PhysX v8.10.13 (HKLM-x32\...\{AC54E544-3E42-443C-A91D-A00A6974C592}) (Version: 8.10.13 - NVIDIA Corporation) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation) PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC) Quantum of Solace (HKLM-x32\...\InstallShield_{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}) (Version: 1.1 - Activision) Quantum of Solace (x32 Version: 1.00.0000 - Activision) Hidden Quantum of Solace 1.1 Patch (x32 Version: - ) Hidden Quantum of Solace 1.1 Patch (x32 Version: 1.1 - Activision) Hidden RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Roxio Creator 2011 Pro (HKLM-x32\...\{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}) (Version: 13.0 - Roxio) Roxio PhotoShow (HKLM-x32\...\Roxio PhotoShow) (Version: 6.0 - Sonic Solutions) SecuROM Diagnostic Tool (HKLM-x32\...\SecuROM Diagnostic Tool) (Version: - Sony DADC Austria) Shellshock 2 (HKLM-x32\...\Shellshock2) (Version: - ) SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.7 - SmartSound Software Inc.) SmartSound Quicktracks 5 (x32 Version: 5.1.7 - SmartSound Software Inc.) Hidden SoundMAX (HKLM-x32\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.2.6585 - Analog Devices) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) STL Viewer 2.3 (HKLM-x32\...\{211B0612-B93E-493A-9209-FC583D715444}_is1) (Version: - IdeaMK) The Saboteurâ„¢ (HKLM-x32\...\{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}) (Version: 1.0.0.0 - Electronic Arts) Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.47 - Creative Island Media, LLC) <==== ATTENTION VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) WordWeb Pro (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1659189456-1754463573-1767136624-1001_Classes\CLSID\{4D766FD3-B880-49D3-B7BD-6CF925221E04}\InprocServer32 -> C:\Program Files\Roxio 2011\Virtual Drive 10\DC_ShellExt64.dll (Sonic Solutions) ==================== Restore Points ========================= 25-04-2015 00:00:01 Scheduled Checkpoint 02-05-2015 14:28:30 Installed AVG 2015 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2014-06-21 11:29 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2710E5BB-AF63-4788-AA3B-737A6DB10342} - System32\Tasks\{C25E3EA9-6D90-410B-B1BE-327DB50560D9} => pcalua.exe -a C:\ProgramData\MFAData\SelfUpd\avgmfapx.exe Task: {3837302E-5BBA-4E80-BF59-94F2A7E87B64} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-14] (Google Inc.) Task: {3F90F8E3-D9AA-47AE-9A18-83F65B0B1255} - System32\Tasks\4678 => Wscript.exe C:\Users\Redog\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {4E9564C5-1C7E-4D27-865D-DB040C91F1E2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation) Task: {52F832DB-0026-412C-BBCF-2254A6414E9F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {86806F6D-0E0F-4490-9CC5-8471B84157A2} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: {BE52FD0B-C39F-4D1C-A4FB-033574800DDF} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {BFB8F009-B8F7-42B8-90BA-73F87FE16F68} - System32\Tasks\AVG_SYS_TASK_0414b => C:\ProgramData\Avg_Update_0414b\AVG-Secure-Search-Update_0414b.exe Task: {C331862E-2DAD-4CD2-B01E-EA094632A215} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-14] (Google Inc.) Task: {FE0E0D33-82E0-4BE4-AEFA-0BA6A371DDE6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2009-06-02 19:05 - 2009-06-02 19:05 - 00457200 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe 2010-07-14 04:00 - 2010-07-14 04:00 - 00032240 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe 2011-04-10 15:38 - 2009-07-06 22:23 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2011-04-09 04:06 - 2011-04-09 04:06 - 00093184 _____ () C:\Program Files\Logitech Gaming Software\plugins\DevMgr-1.00.024\DevMgr.dll 2011-04-09 04:06 - 2011-04-09 04:06 - 00010240 _____ () C:\Program Files\Logitech Gaming Software\plugins\DevBusFake-1.00.006\DevBusFake.dll 2011-04-09 04:06 - 2011-04-09 04:06 - 00111616 _____ () C:\Program Files\Logitech Gaming Software\plugins\DevBusHid-1.00.036\DevBusHid.dll 2011-04-09 04:06 - 2011-04-09 04:06 - 00110592 _____ () C:\Program Files\Logitech Gaming Software\plugins\DevBusBulk-1.00.039\DevBusBulk.dll 2011-04-09 04:06 - 2011-04-09 04:06 - 00161280 _____ () C:\Program Files\Logitech Gaming Software\plugins\G13Device-1.00.077\G13Device.dll 2011-04-09 04:06 - 2011-04-09 04:06 - 00186880 _____ () C:\Program Files\Logitech Gaming Software\plugins\G19Device-1.00.072\G19Device.dll 2011-04-09 04:06 - 2011-04-09 04:06 - 00470528 _____ () C:\Program Files\Logitech Gaming Software\plugins\MainUI-1.00.148\MainUI.dll 2011-04-09 04:06 - 2011-04-09 04:06 - 00071168 _____ () C:\Program Files\Logitech Gaming Software\plugins\SimInput-1.00.020\SimInput.dll 2011-04-09 04:06 - 2011-04-09 04:06 - 00034304 _____ () C:\Program Files\Logitech Gaming Software\plugins\PnpGamePanelDevices-1.00.008\PnpGamePanelDevices.dll 2010-07-14 04:00 - 2010-07-14 04:00 - 01587696 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\BEngine.dll 2010-07-14 04:00 - 2010-07-14 04:00 - 00107504 _____ () C:\Program Files (x86)\Roxio\BackOnTrack\App\Logging.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, the associated entry will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Redog\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (whitelisted) =============== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) FirewallRules: [sPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [sPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{39A30931-A93D-473F-AF83-01C55377BFD1}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe FirewallRules: [{D0D40518-9ADD-445A-B603-F669F0985347}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe FirewallRules: [{4CB32928-0BB2-450C-A6A8-70F239654456}] => (Allow) E:\setup.exe FirewallRules: [{1B476FE1-4742-4FF4-B6CF-FE9D1DBEC2BD}] => (Allow) E:\setup.exe FirewallRules: [{3E53F0C1-EB7C-4596-A86C-14F00EB707D7}] => (Allow) E:\setup.exe FirewallRules: [{0E8C9104-6797-4A55-AD18-4660070EA52E}] => (Allow) E:\setup.exe FirewallRules: [{21ED90B9-E419-4E48-8EDE-228115BF8AFB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE FirewallRules: [TCP Query User{A464F377-C0A3-431A-9683-937AC86543DA}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [uDP Query User{87B7AB44-FECF-4780-8113-D134AC80F0F9}C:\program files (x86)\utorrent\utorrent.exe] => (Allow) C:\program files (x86)\utorrent\utorrent.exe FirewallRules: [{34C39806-BD5B-4C8C-A281-8EC80726386D}] => (Allow) J:\JB 007 Quantum of Solace\JB_LiveEngine_s.exe FirewallRules: [{6491292C-838C-42C2-88D6-34F7EA4EA979}] => (Allow) J:\JB 007 Quantum of Solace\JB_LiveEngine_s.exe FirewallRules: [{A4926CAA-5CD7-4BEC-B4AF-BDC09A458CFF}] => (Allow) J:\Damnation\Binaries\DamnGame.exe FirewallRules: [{AD2D2204-0A64-45DB-A36A-0302968C1F71}] => (Allow) J:\Damnation\Binaries\DamnGame.exe FirewallRules: [{49C7137B-EABF-4C46-8158-F3228A8C6354}] => (Allow) J:\Moto GP 2008\Launcher.exe FirewallRules: [{7673FEE9-5B5C-45E0-80E4-4A83E944EBED}] => (Allow) J:\Moto GP 2008\Launcher.exe FirewallRules: [{815630A0-3CE3-4EFB-AA3A-B71912240BEB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\just cause 2\JustCause2.exe FirewallRules: [{15AF5C7C-B557-41C4-9E7D-29EAE4EC53F6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\just cause 2\JustCause2.exe FirewallRules: [TCP Query User{D7BA6984-D06E-427C-8EE4-665E537713C5}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe FirewallRules: [uDP Query User{B35207AA-1DDC-44B7-A383-C5C231330A46}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe FirewallRules: [TCP Query User{510F28D2-D215-406E-BD94-FDE67FAFE6AC}C:\users\redog\appdata\local\xenocode\sandbox\ldr_alcohol_r.exe\2.0.1.2033\2010.09.18t21.28\virtual\stubexe\8.0.1135\@[email protected]\alcohol soft\alcohol 120\starwind\starwindserviceae.exe] => (Allow) C:\users\redog\appdata\local\xenocode\sandbox\ldr_alcohol_r.exe\2.0.1.2033\2010.09.18t21.28\virtual\stubexe\8.0.1135\@[email protected]\alcohol soft\alcohol 120\starwind\starwindserviceae.exe FirewallRules: [uDP Query User{09D6E20D-231C-4A3F-A590-6FBC014E0394}C:\users\redog\appdata\local\xenocode\sandbox\ldr_alcohol_r.exe\2.0.1.2033\2010.09.18t21.28\virtual\stubexe\8.0.1135\@[email protected]\alcohol soft\alcohol 120\starwind\starwindserviceae.exe] => (Allow) C:\users\redog\appdata\local\xenocode\sandbox\ldr_alcohol_r.exe\2.0.1.2033\2010.09.18t21.28\virtual\stubexe\8.0.1135\@[email protected]\alcohol soft\alcohol 120\starwind\starwindserviceae.exe FirewallRules: [{FD1EF11E-725D-4C7C-A5F1-1F2F83916F85}] => (Allow) C:\Users\Redog\AppData\Local\Temp\7zS4FC9\hppiw.exe FirewallRules: [{03036419-1D69-4ECF-8FFE-227AA3ABBC03}] => (Allow) C:\Users\Redog\AppData\Local\Temp\7zS4FC9\hppiw.exe FirewallRules: [{C122D3D4-47DD-4B21-8955-A057262B23A4}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe FirewallRules: [{0A08B9F6-4019-4C37-AF17-9C1B10C25773}] => (Allow) C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe FirewallRules: [{248C1BEF-DA77-485B-BB62-F9F98856DFB9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe FirewallRules: [{EF482911-3BCD-4F91-BAEE-1BDE66316942}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE FirewallRules: [TCP Query User{4A1AE217-FED2-4EC2-83AF-563082038C60}D:\libraries\documents\programs 2011\bit torrent 7 2 1\bittorrent-7.2.1.exe] => (Allow) D:\libraries\documents\programs 2011\bit torrent 7 2 1\bittorrent-7.2.1.exe FirewallRules: [uDP Query User{15218D78-AE8B-4639-8960-29C060C9D9C0}D:\libraries\documents\programs 2011\bit torrent 7 2 1\bittorrent-7.2.1.exe] => (Allow) D:\libraries\documents\programs 2011\bit torrent 7 2 1\bittorrent-7.2.1.exe FirewallRules: [{D8E4DB77-BD9E-43D6-BB1B-FE18B759DA76}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{54E28ACF-3236-4370-9D13-AF59014F0603}] => (Allow) LPort=2869 FirewallRules: [{8D492331-79F5-4C04-944F-B0BAFBBA1DEC}] => (Allow) LPort=1900 FirewallRules: [{42F7C94A-9733-4DBC-8935-0947FB735F11}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{CD8030C8-6CF4-4716-92CF-A64FD3CD952B}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe FirewallRules: [{7928B7C7-A23B-46C9-A403-51DC939C7A5C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{80479EA6-278A-4217-85CE-02E95D0FD693}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{0C7AC355-3AE5-40F5-A5FD-02CBE513C5A6}] => (Allow) C:\ProgramData\eSafe\eGdpSvc.exe FirewallRules: [{EB06BEE8-87C7-4CB1-9839-DD9AB5D519C0}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe FirewallRules: [PotPlayer(PotPlayerMini64.exe)] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe FirewallRules: [{569B3BEA-B8A4-495E-A33E-51C085C6309C}] => (Allow) C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe FirewallRules: [{B14794A1-D802-405E-BBEE-0AA302D920D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5461A6D7-D01D-4743-AB3B-B3299134DDDB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{DF0A2401-66B5-4EF5-A9FC-E456238BEFED}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{82A0E11B-E82E-4DAE-B5FF-940E911AA066}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{296DB603-75AF-4BB9-89A6-54A6AEDAE806}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D0D04A16-BA11-451D-B9E2-F4BA4DDE2529}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{6D2F8E86-4EB9-4977-878D-FB491A509080}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{13B9373F-8873-4C63-9191-7A3F6B186D03}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{19C095A4-C482-4FA2-976A-53AF7860F600}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{AA97D4A4-3EF2-4ABE-BBBF-F09EBFFF59D1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{ECB22D2C-68B9-4DBE-B76B-ED4E00BD4114}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{867FA131-EFDF-41D0-AD62-BB3F560F09EA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{6228617C-799E-4753-AF1B-9B7BC53B3034}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe ==================== Faulty Device Manager Devices ============= Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (05/06/2015 02:37:25 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program OTL.com version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: cc0 Start Time: 01d0882b82f7fb58 Termination Time: 5 Application Path: C:\Users\Redog\Desktop\CNET\OTL.com Report Id: ef94bef8-f41e-11e4-82d8-001e8c308f89 Error: (05/06/2015 00:51:50 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program OTL.com version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1e0 Start Time: 01d0881c9feff693 Termination Time: 0 Application Path: C:\Users\Redog\Desktop\CNET\OTL.com Report Id: 2f87c3b3-f410-11e4-82d8-001e8c308f89 Error: (05/06/2015 00:48:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program OTL.com version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1234 Start Time: 01d0881c4b056340 Termination Time: 0 Application Path: C:\Users\Redog\Desktop\CNET\OTL.com Report Id: b010706a-f40f-11e4-82d8-001e8c308f89 Error: (05/06/2015 00:47:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program OTL.com version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: c1c Start Time: 01d0881bd512e069 Termination Time: 15 Application Path: C:\Users\Redog\Desktop\CNET\OTL.com Report Id: 85dc770a-f40f-11e4-82d8-001e8c308f89 Error: (05/06/2015 00:43:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program OTL.com version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1034 Start Time: 01d0881b7119535e Termination Time: 0 Application Path: D:\Movies\OTL.com Report Id: 0ea3d7ad-f40f-11e4-82d8-001e8c308f89 Error: (05/06/2015 00:28:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program OTL.com version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 7c0 Start Time: 01d0881957a455c7 Termination Time: 0 Application Path: C:\Users\Redog\Desktop\CNET\OTL.com Report Id: f6287c6e-f40c-11e4-82d8-001e8c308f89 Error: (05/06/2015 00:24:40 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program OTL.com version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 230 Start Time: 01d08818349650f8 Termination Time: 0 Application Path: C:\Users\Redog\Desktop\CNET\OTL.com Report Id: 636ea6fc-f40c-11e4-82d8-001e8c308f89 Error: (05/05/2015 06:18:58 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program firefox.exe version 37.0.2.5583 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 754 Start Time: 01d0877db91b012e Termination Time: 50 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: b7e2bece-f374-11e4-8644-001e8c308f89 Error: (05/03/2015 00:23:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FlashPlayerPlugin_17_0_0_134.exe, version: 17.0.0.134, time stamp: 0x54f649d2 Faulting module name: FlashPlayerPlugin_17_0_0_134.exe, version: 17.0.0.134, time stamp: 0x54f649d2 Exception code: 0x40000015 Fault offset: 0x00017790 Faulting process id: 0x15ec Faulting application start time: 0xFlashPlayerPlugin_17_0_0_134.exe0 Faulting application path: FlashPlayerPlugin_17_0_0_134.exe1 Faulting module path: FlashPlayerPlugin_17_0_0_134.exe2 Report Id: FlashPlayerPlugin_17_0_0_134.exe3 Error: (04/25/2015 01:26:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: plugin-container.exe, version: 37.0.2.5583, time stamp: 0x552ef76c Faulting module name: mozalloc.dll, version: 37.0.2.5583, time stamp: 0x552ee9ae Exception code: 0x80000003 Fault offset: 0x00001aa1 Faulting process id: 0x1e28 Faulting application start time: 0xplugin-container.exe0 Faulting application path: plugin-container.exe1 Faulting module path: plugin-container.exe2 Report Id: plugin-container.exe3 System errors: ============= Error: (05/06/2015 00:18:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The HP Network Devices Support service terminated with the following error: %%126 Error: (05/06/2015 00:16:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect. Error: (05/06/2015 00:14:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s). Error: (05/06/2015 00:14:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (05/06/2015 00:14:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (05/06/2015 00:14:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (05/06/2015 00:14:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s). Error: (05/06/2015 00:14:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s). Error: (05/06/2015 00:14:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The BOT4Service service terminated unexpectedly. It has done this 1 time(s). Error: (05/06/2015 00:14:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Microsoft Office Sessions: ========================= Error: (05/06/2015 02:37:25 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: OTL.com3.2.69.0cc001d0882b82f7fb585C:\Users\Redog\Desktop\CNET\OTL.comef94bef8-f41e-11e4-82d8-001e8c308f89 Error: (05/06/2015 00:51:50 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: OTL.com3.2.69.01e001d0881c9feff6930C:\Users\Redog\Desktop\CNET\OTL.com2f87c3b3-f410-11e4-82d8-001e8c308f89 Error: (05/06/2015 00:48:16 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: OTL.com3.2.69.0123401d0881c4b0563400C:\Users\Redog\Desktop\CNET\OTL.comb010706a-f40f-11e4-82d8-001e8c308f89 Error: (05/06/2015 00:47:06 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: OTL.com3.2.69.0c1c01d0881bd512e06915C:\Users\Redog\Desktop\CNET\OTL.com85dc770a-f40f-11e4-82d8-001e8c308f89 Error: (05/06/2015 00:43:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: OTL.com3.2.69.0103401d0881b7119535e0D:\Movies\OTL.com0ea3d7ad-f40f-11e4-82d8-001e8c308f89 Error: (05/06/2015 00:28:46 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: OTL.com3.2.69.07c001d0881957a455c70C:\Users\Redog\Desktop\CNET\OTL.comf6287c6e-f40c-11e4-82d8-001e8c308f89 Error: (05/06/2015 00:24:40 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: OTL.com3.2.69.023001d08818349650f80C:\Users\Redog\Desktop\CNET\OTL.com636ea6fc-f40c-11e4-82d8-001e8c308f89 Error: (05/05/2015 06:18:58 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: firefox.exe37.0.2.558375401d0877db91b012e50C:\Program Files (x86)\Mozilla Firefox\firefox.exeb7e2bece-f374-11e4-8644-001e8c308f89 Error: (05/03/2015 00:23:18 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: FlashPlayerPlugin_17_0_0_134.exe17.0.0.13454f649d2FlashPlayerPlugin_17_0_0_134.exe17.0.0.13454f649d2400000150001779015ec01d085581f10906dC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe1f3dd90d-f14c-11e4-9020-001e8c308f89 Error: (04/25/2015 01:26:37 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe37.0.2.5583552ef76cmozalloc.dll37.0.2.5583552ee9ae8000000300001aa11e2801d07f7cf2027fc1C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll39700e21-eb70-11e4-8f2d-001e8c308f89 ==================== Memory info =========================== Processor: Intel® Core2 Quad CPU Q9300 @ 2.50GHz Percentage of memory in use: 24% Total physical RAM: 6143.12 MB Available physical RAM: 4657.45 MB Total Pagefile: 12284.43 MB Available Pagefile: 10612.95 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:78.53 GB) (Free:12.39 GB) NTFS Drive d: () (Fixed) (Total:33.16 GB) (Free:9.65 GB) NTFS Drive g: (GG) (Fixed) (Total:25.26 GB) (Free:25.16 GB) NTFS Drive h: (HH) (Fixed) (Total:906.24 GB) (Free:607.27 GB) NTFS Drive j: (J) (Fixed) (Total:635.25 GB) (Free:89.19 GB) NTFS Drive k: (K) (Fixed) (Total:296.13 GB) (Free:91.11 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EFB24870) Partition 1: (Not Active) - (Size=25.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=906.2 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 38925EEF) Partition: GPT Partition Type. ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 3955CCBF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=78.5 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=33.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  10. So what should I do, big daddy? You want me to remove Firefox? I have already tried disabling extensions and add ons like "No Script" and I tried to do a quick scan. Same thing, it locks up at scanning Firefox.
  11. Tried OTL twice and it hangs at "scanning Firefox"???? # AdwCleaner v4.203 - Logfile created 06/05/2015 at 12:14:05 # Updated 30/04/2015 by Xplode # Database : 2015-05-05.1 [server] # Operating system : Windows 7 Professional Service Pack 1 (x64) # Username : Redog - T00T1E_3564 # Running from : C:\Users\Redog\Desktop\CNET\adwcleaner_4.203.exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\EFEE0228DC83E77358593193D847A0EC Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\EFEE0228DC83E77358593193D847A0EC Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EFEE0228DC83E77358593193D847A0EC ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17728 -\\ Mozilla Firefox v37.0.2 (x86 en-US) -\\ Google Chrome v42.0.2311.135 -\\ Chromium v ************************* AdwCleaner[R0].txt - [10750 bytes] - [04/12/2013 05:49:36] AdwCleaner[R1].txt - [13461 bytes] - [19/12/2013 09:30:42] AdwCleaner[R2].txt - [2026 bytes] - [27/03/2014 19:45:43] AdwCleaner[R3].txt - [3316 bytes] - [20/06/2014 03:30:59] AdwCleaner[R4].txt - [3319 bytes] - [20/06/2014 18:22:09] AdwCleaner[R5].txt - [1448 bytes] - [08/11/2014 20:22:46] AdwCleaner[R6].txt - [2664 bytes] - [03/05/2015 01:32:35] AdwCleaner[R7].txt - [1848 bytes] - [06/05/2015 12:10:27] AdwCleaner[s0].txt - [8925 bytes] - [04/12/2013 05:52:29] AdwCleaner[s1].txt - [13670 bytes] - [19/12/2013 09:34:02] AdwCleaner[s2].txt - [1928 bytes] - [27/03/2014 19:51:25] AdwCleaner[s3].txt - [3430 bytes] - [20/06/2014 18:22:53] AdwCleaner[s4].txt - [2750 bytes] - [03/05/2015 01:33:56] AdwCleaner[s5].txt - [1775 bytes] - [06/05/2015 12:14:05] ########## EOF - C:\AdwCleaner\AdwCleaner[s5].txt - [1834 bytes] ##########
  12. Tried watching the big fight and was directed to sites that I believe caused malware before, trying to watch the Isle of Man TT last year. Open Candy keeps coming up in scans. After the fight, I started scans. Today I did another Malwarebytes scan and the same 7 come up. Here is the Malwarebytes scan from today: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 5/6/2015 Scan Time: 8:54:16 AM Logfile: May 6 2015.txt Administrator: Yes Version: 2.00.4.1028 Malware Database: v2015.05.06.03 Rootkit Database: v2015.04.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Redog Scan Type: Threat Scan Result: Completed Objects Scanned: 368464 Time Elapsed: 8 min, 32 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 2 PUP.Optional.ConnectDLC.A, C:\Users\Redog\AppData\LocalLow\Connect_DLC_5, , [c4a7f59b8bff1125c7099620f60d3dc3], PUP.Optional.ConnectDLC.A, C:\Users\Redog\AppData\LocalLow\Connect_DLC_5\Logs, , [c4a7f59b8bff1125c7099620f60d3dc3], Files: 5 PUP.Optional.ConnectDLC.A, C:\Users\Redog\AppData\LocalLow\Connect_DLC_5\hk64tbConn.dll, , [c4a7f59b8bff1125c7099620f60d3dc3], PUP.Optional.ConnectDLC.A, C:\Users\Redog\AppData\LocalLow\Connect_DLC_5\hktbConn.dll, , [c4a7f59b8bff1125c7099620f60d3dc3], PUP.Optional.ConnectDLC.A, C:\Users\Redog\AppData\LocalLow\Connect_DLC_5\ldrtbConn.dll, , [c4a7f59b8bff1125c7099620f60d3dc3], PUP.Optional.ConnectDLC.A, C:\Users\Redog\AppData\LocalLow\Connect_DLC_5\tbConn.dll, , [c4a7f59b8bff1125c7099620f60d3dc3], PUP.Optional.ConnectDLC.A, C:\Users\Redog\AppData\LocalLow\Connect_DLC_5\toolbar.cfg, , [c4a7f59b8bff1125c7099620f60d3dc3], Physical Sectors: 0 (No malicious items detected) (end) Scans from Sunday morning: # AdwCleaner v4.203 - Logfile created 03/05/2015 at 01:32:35 # Updated 30/04/2015 by Xplode # Database : 2015-05-02.1 [server] # Operating system : Windows 7 Professional Service Pack 1 (x64) # Username : Redog - T00T1E_3564 # Running from : D:\Movies\adwcleaner_4.203.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** File Found : C:\Users\Redog\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cpngackimfmofbokmjmljamhdncknpmg_0.localstorage File Found : C:\Users\Redog\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dgpdioedihjhncjafcpgbbjdpbbkikmi_0.localstorage File Found : C:\Users\Redog\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dgpdioedihjhncjafcpgbbjdpbbkikmi_0.localstorage-journal ***** [ Scheduled tasks ] ***** Task Found : BackgroundContainer Startup Task ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKLM\SOFTWARE\FlvPlayer Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8 Key Found : HKU\.DEFAULT\Software\AVG SafeGuard toolbar ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17728 -\\ Mozilla Firefox v37.0.2 (x86 en-US) -\\ Google Chrome v42.0.2311.135 -\\ Chromium v ************************* AdwCleaner[R0].txt - [10750 bytes] - [04/12/2013 05:49:36] AdwCleaner[R1].txt - [13461 bytes] - [19/12/2013 09:30:42] AdwCleaner[R2].txt - [2026 bytes] - [27/03/2014 19:45:43] AdwCleaner[R3].txt - [3316 bytes] - [20/06/2014 03:30:59] AdwCleaner[R4].txt - [3319 bytes] - [20/06/2014 18:22:09] AdwCleaner[R5].txt - [1448 bytes] - [08/11/2014 20:22:46] AdwCleaner[R6].txt - [2281 bytes] - [03/05/2015 01:32:35] AdwCleaner[s0].txt - [8925 bytes] - [04/12/2013 05:52:29] AdwCleaner[s1].txt - [13670 bytes] - [19/12/2013 09:34:02] AdwCleaner[s2].txt - [1928 bytes] - [27/03/2014 19:51:25] AdwCleaner[s3].txt - [3430 bytes] - [20/06/2014 18:22:53] ########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [2577 bytes] ########## ============================================================================================ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.6.7 (04.30.2015:1) OS: Windows 7 Professional x64 Ran by Redog on Sun 05/03/2015 at 1:41:57.78 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1659189456-1754463573-1767136624-1001\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\Users\Redog\appdata\local\cre ~~~ FireFox Successfully deleted the following from C:\Users\Redog\AppData\Roaming\mozilla\firefox\profiles\ovc4b2qd.default\prefs.js user_pref(extensions.dynconff.cache.duckduckgo.com.content, <package expire=\3600\ es=\914\ pcdids=\_1520_1524_1521\><content id=\MB_P1\>\r\n <newjs>\r\n <![CDATA[\ user_pref(extensions.dynconff.cache.duckduckgo.com.expires, 1384182213839); user_pref(valueApps.storage.mam_gk_userId, 61343936353037312D303030342D346636632D626139662D376365616334663830383932); Emptied folder: C:\Users\Redog\AppData\Roaming\mozilla\firefox\profiles\ovc4b2qd.default\minidumps [5 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 05/03/2015 at 1:45:50.21 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2/15/2011 2:24:28 AM System Uptime: 5/3/2015 2:02:54 AM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5E3 Deluxe Processor: Intel® Core2 Quad CPU Q9300 @ 2.50GHz | LGA775 | 2497/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 79 GiB total, 13.044 GiB free. D: is FIXED (NTFS) - 33 GiB total, 8.059 GiB free. E: is CDROM () F: is CDROM () G: is FIXED (NTFS) - 25 GiB total, 25.163 GiB free. H: is FIXED (NTFS) - 906 GiB total, 610.38 GiB free. J: is FIXED (NTFS) - 635 GiB total, 89.189 GiB free. K: is FIXED (NTFS) - 296 GiB total, 91.113 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318} Description: Standard PS/2 Keyboard Device ID: ACPI\PNP0303\4&23F9C1E3&0 Manufacturer: (Standard keyboards) Name: Standard PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0 Service: i8042prt . ==== System Restore Points =================== . RP316: 4/25/2015 12:00:01 AM - Scheduled Checkpoint RP317: 5/2/2015 2:28:30 PM - Installed AVG 2015 . ==== Installed Programs ====================== . 1Click DVD Copy Pro 4.2.7.9 7-Zip 9.21 (x64 edition) Adobe Flash Player 15 ActiveX Adobe Flash Player 17 NPAPI Adobe Reader X (10.1.13) AMD Drag and Drop Transcoding ATI Catalyst Install Manager AVG 2015 BitTorrent Chessmaster 10th Edition Click-N-Ship for Business® CodeStuff Starter CyberLink Blu-ray Disc Suite CyberLink InstantBurn CyberLink LabelPrint CyberLink Power2Go CyberLink PowerBackup CyberLink PowerDirector CyberLink PowerDVD 9 CyberLink PowerProducer D3DX10 Damnation DVD Shrink 3.2 DVD43 Plug-in v1.0.0.5 EA Download Manager Easy GIF Animator 6.1 EPUB File Reader eReg FW LiveUpdate GIMP 2.8.4 Google Chrome Google Update Helper Host OpenAL (ADI) ImgBurn Internet Download Manager Java 8 Update 45 Java Auto Updater JavaFX 2.1.0 Just Cause 2 LightScribe System Software Logitech Gaming Software 7.00 Logitech SetPoint 6.22 Malwarebytes Anti-Malware version 2.0.4.1028 Marble (remove only) Microsoft .NET Framework 4.5.2 Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Office Access database engine 2007 (English) Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Streets & Trips 2010 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable Package Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 MotoGP 08 Movie Maker Mozilla Firefox 37.0.2 (x86 en-US) MPC-HC 1.7.3 (64-bit) MSVCRT MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA PhysX v8.10.13 OpenAL OpenOffice 4.1.0 PeerBlock 1.2 (r693) Photo Common Photo Gallery Quantum of Solace Quantum of Solace 1.1 Patch RBVirtualFolder64Inst Roxio BackOnTrack Roxio BackOnTrackPE Roxio Burn - Secure Roxio CinePlayer Roxio CinePlayer Decoder Pack Roxio Creator 2011 Pro Roxio PhotoShow Roxio Video Capture USB Security Update for Microsoft .NET Framework 4.5.2 (KB3037581) SecuROM Diagnostic Tool Shellshock 2 SmartSound Common Data SmartSound Quicktracks 5 SoundMAX Steam STL Viewer 2.3 The Saboteurâ„¢ Updater VD64Inst Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables VLC media player Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WordWeb Pro . ==== Event Viewer Messages From Past Week ======== . 5/3/2015 2:05:50 AM, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found. 5/3/2015 2:03:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect. 5/3/2015 1:42:54 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Media Player Network Sharing Service service, but this action failed with the following error: An instance of the service is already running. 5/3/2015 1:42:25 AM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 5/3/2015 1:42:24 AM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s). 5/3/2015 1:42:24 AM, Error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s). 5/3/2015 1:42:24 AM, Error: Service Control Manager [7034] - The BOT4Service service terminated unexpectedly. It has done this 1 time(s). 5/3/2015 1:42:24 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 5/3/2015 1:42:23 AM, Error: Service Control Manager [7034] - The Roxio SAIB Service service terminated unexpectedly. It has done this 1 time(s). 5/3/2015 1:42:23 AM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s). 5/3/2015 1:42:23 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). 5/3/2015 1:42:23 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 5/3/2015 1:42:23 AM, Error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 5/3/2015 1:34:02 AM, Error: Service Control Manager [7034] - The AVG WatchDog service terminated unexpectedly. It has done this 2 time(s). 5/3/2015 1:33:57 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 5/3/2015 1:33:56 AM, Error: Service Control Manager [7034] - The Andrea ADI Filters Service service terminated unexpectedly. It has done this 1 time(s). 5/3/2015 1:33:56 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 5/3/2015 1:33:56 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 4/26/2015 8:57:27 PM, Error: Schannel [36887] - The following fatal alert was received: 40. . ==== End Of File ===========================
  13. OK. done. Thanks Chuck. As always, your the man!
  14. I ran it again and now there is no threat detected???? I have to leave the confuser for a few hours. Truck has problems too.
  15. Not experiencing any problem. I wouldn't have known about Scorpion Saver if Malwarebytes hadn't updated to a new version. I ran tdss killer but not sure how to post log. It won't let me copy and paste.
  16. Still being throttled big time. Malwarebytes Log: Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/23/2014 Scan Time: 2:20:47 AM Logfile: Malwarebytes Log 6.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.23.02 Rootkit Database: v2014.06.20.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Redog Scan Type: Threat Scan Result: Completed Objects Scanned: 297752 Time Elapsed: 6 min, 6 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) One thing I noticed, should I have checked "root kits" in the new Malwarebytes before the scan?
  17. Never seen it this bad. Everything I've tried with this has been an exercise in futility. Adobe flash update popped up so I decided to get that done. Took over an hour and a half. Next was Malwarebytes. If it doesn't load an update properly, I get an error message and have to reboot to try again. The last attempt took over an hour to update only to fail again. I'm done for today. This page will not load completely.
  18. It's 3:30am. Now 4:00am and no improvement in speeds. Phone is in 1x not 3G. Don't think ESET will work at these speeds. Will try the updates. Program files and OS are on a SSD. Good ol' Verizon. Offering below dial up speeds for cubic dollars. I posted an edit to this and it didn't take. Reader says I am up to date and it took 4 minutes just to download the installer for flash player. Usually when weekends are 1x it will go back to 3G early Monday morning. Sorry about that Chuck. This will have to wait until then.
  19. OTL: All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-21-1659189456-1754463573-1767136624-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Extensions folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\META-INF folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\chrome folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\vold-utils\lib folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\vold-utils folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\toolbarbutton\lib folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\toolbarbutton folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\gingereditor\lib folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\gingereditor\data folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\gingereditor folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\toolkit folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\windows folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\window folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\util folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\tabs folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\system folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\private-browsing\window folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\private-browsing folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\preferences folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\platform folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\panel folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\page-mod folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\net folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\loader folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\lang folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\l10n folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\io folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\frame folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\event folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\dom folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\deprecated\traits folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\deprecated\events folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\deprecated folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\core folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\content folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\console folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk\addon folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib\sdk folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\lib folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk\data folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources\addon-sdk folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\resources folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\locale folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\defaults\preferences folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\defaults folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected] folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\pages\images\manage folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\pages\images\badge folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\pages\images folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\pages\fonts folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\pages folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\META-INF folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\images\counter folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\images folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\dnt-api folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\components folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\skin folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\locale\en-US folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\locale folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\content\vendor\twitter_bootstrap folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\content\vendor\pidcrypt folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\content\vendor\jqplot folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\content\vendor folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\content\storage folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\content\lib folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome\content folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected]\chrome folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected] folder moved successfully. C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions folder moved successfully. File C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected] not found. File C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected] not found. File C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi not found. File C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi not found. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully. ========== COMMANDS ========== [EMPTYJAVA] User: Administrator User: All Users User: Default User: Default User User: Public User: Redog ->Java cache emptied: 490311 bytes Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: Administrator User: All Users User: Default User: Default User User: Public User: Redog ->Flash cache emptied: 592 bytes Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: Administrator User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Redog ->Temp folder emptied: 83948010 bytes ->Temporary Internet Files folder emptied: 84921081 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 67290887 bytes ->Google Chrome cache emptied: 17588422 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 137445434 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 373.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 06212014_112731 Files\Folders moved on Reboot... C:\Users\Redog\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Users\Redog\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Security Check: Results of screen317's Security Check version 0.99.85 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2014 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` JavaFX 2.1.0 Java 7 Update 60 Adobe Flash Player 12.0.0.44 Flash Player out of Date! Adobe Reader 10.1.10 Adobe Reader out of Date! Mozilla Firefox (30.0) Google Chrome 31.0.1650.63 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log`````````````````````` I'm going to have to wait until this evening for the online check. Being throttled and worried phone battery won't last. I'm at dial speeds right now.
  20. ISP is throttling me big time. This page will not load completely. Shows a reply but I don't see it or a page 2 if there is one.
  21. SystemLook32 bit: SystemLook 30.07.11 by jpshortstuff Log created at 03:18 on 21/06/2014 by Redog Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. Invalid Context: Select all No Context: :filefind No Context: *Fun4IM* No Context: *Bandoo* No Context: *Searchnu* No Context: *Searchqu* No Context: *iLivid* No Context: *whitesmoke* No Context: *datamngr* No Context: *trolltech* No Context: *babylon* No Context: *conduit* No Context: *opencandy* No Context: :folderfind No Context: *Fun4IM* No Context: *Bandoo* No Context: *Searchnu* No Context: *Searchqu* No Context: *iLivid* No Context: *whitesmoke* No Context: *datamngr* No Context: *trolltech* No Context: *babylon* No Context: *conduit* No Context: *opencandy No Context: :Regfind No Context: Fun4IM No Context: Bandoo No Context: Searchnu No Context: Searchqu No Context: iLivid No Context: whitesmoke No Context: datamngr No Context: kelkoopartners No Context: trolltech No Context: babylon No Context: conduit No Context: opencandy -= EOF =- SystemLook 64 bit: SystemLook 04.09.10 by jpshortstuff Log created at 03:19 on 21/06/2014 by Redog Administrator - Elevation successful Invalid Context: Select all No Context: :filefind No Context: *Fun4IM* No Context: *Bandoo* No Context: *Searchnu* No Context: *Searchqu* No Context: *iLivid* No Context: *whitesmoke* No Context: *datamngr* No Context: *trolltech* No Context: *babylon* No Context: *conduit* No Context: *opencandy* No Context: :folderfind No Context: *Fun4IM* No Context: *Bandoo* No Context: *Searchnu* No Context: *Searchqu* No Context: *iLivid* No Context: *whitesmoke* No Context: *datamngr* No Context: *trolltech* No Context: *babylon* No Context: *conduit* No Context: *opencandy No Context: :Regfind No Context: Fun4IM No Context: Bandoo No Context: Searchnu No Context: Searchqu No Context: iLivid No Context: whitesmoke No Context: datamngr No Context: kelkoopartners No Context: trolltech No Context: babylon No Context: conduit No Context: opencandy -= EOF =- OTL: OTL logfile created on: 6/21/2014 3:48:14 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Redog\Desktop\CNET 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17126) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 4.50 Gb Available Physical Memory | 74.95% Memory free 12.00 Gb Paging File | 10.26 Gb Available in Paging File | 85.50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78.53 Gb Total Space | 18.85 Gb Free Space | 24.00% Space Free | Partition Type: NTFS Drive D: | 33.16 Gb Total Space | 4.20 Gb Free Space | 12.67% Space Free | Partition Type: NTFS Drive J: | 635.25 Gb Total Space | 48.48 Gb Free Space | 7.63% Space Free | Partition Type: NTFS Drive K: | 296.13 Gb Total Space | 92.21 Gb Free Space | 31.14% Space Free | Partition Type: NTFS Computer Name: T00T1E_3564 | User Name: Redog | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/06/21 03:36:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Redog\Desktop\CNET\OTL.exe PRC - [2014/05/13 14:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe PRC - [2014/05/13 14:18:32 | 005,181,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe PRC - [2014/05/13 14:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe PRC - [2014/02/04 21:31:22 | 000,126,995 | ---- | M] (VideoLAN) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe PRC - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/05/09 23:48:09 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe PRC - [2010/07/14 04:00:00 | 000,032,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe PRC - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009/06/02 19:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe ========== Modules (No Company Name) ========== MOD - [2014/02/04 21:32:36 | 002,396,179 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll MOD - [2014/02/04 21:32:28 | 011,148,307 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll MOD - [2014/02/04 21:32:24 | 001,549,843 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll MOD - [2014/02/04 21:32:24 | 000,031,251 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll MOD - [2014/02/04 21:32:24 | 000,027,667 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll MOD - [2014/02/04 21:32:24 | 000,017,939 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll MOD - [2014/02/04 21:32:22 | 000,336,403 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll MOD - [2014/02/04 21:32:22 | 000,291,859 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll MOD - [2014/02/04 21:32:22 | 000,019,475 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll MOD - [2014/02/04 21:32:22 | 000,018,451 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll MOD - [2014/02/04 21:32:20 | 001,371,667 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll MOD - [2014/02/04 21:32:18 | 000,047,123 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsubsdec_plugin.dll MOD - [2014/02/04 21:32:18 | 000,027,155 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll MOD - [2014/02/04 21:32:18 | 000,018,963 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll MOD - [2014/02/04 21:32:18 | 000,015,891 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll MOD - [2014/02/04 21:32:16 | 001,280,019 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll MOD - [2014/02/04 21:32:16 | 000,733,203 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll MOD - [2014/02/04 21:32:16 | 000,171,027 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll MOD - [2014/02/04 21:32:16 | 000,103,443 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libkate_plugin.dll MOD - [2014/02/04 21:32:16 | 000,030,227 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll MOD - [2014/02/04 21:32:16 | 000,022,035 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll MOD - [2014/02/04 21:32:16 | 000,019,987 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll MOD - [2014/02/04 21:32:14 | 010,396,179 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll MOD - [2014/02/04 21:32:14 | 000,344,595 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll MOD - [2014/02/04 21:32:14 | 000,198,675 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll MOD - [2014/02/04 21:32:06 | 000,146,451 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll MOD - [2014/02/04 21:32:06 | 000,054,291 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll MOD - [2014/02/04 21:32:06 | 000,038,419 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll MOD - [2014/02/04 21:32:06 | 000,026,131 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll MOD - [2014/02/04 21:32:04 | 000,013,843 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll MOD - [2014/02/04 21:32:04 | 000,013,843 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll MOD - [2014/02/04 21:32:02 | 000,555,027 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll MOD - [2014/02/04 21:32:00 | 000,015,379 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll MOD - [2014/02/04 21:31:58 | 000,296,979 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll MOD - [2014/02/04 21:31:58 | 000,168,979 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll MOD - [2014/02/04 21:31:56 | 000,058,899 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll MOD - [2014/02/04 21:31:56 | 000,025,619 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll MOD - [2014/02/04 21:31:56 | 000,014,355 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll MOD - [2014/02/04 21:31:54 | 001,512,467 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll MOD - [2014/02/04 21:31:54 | 001,496,083 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll MOD - [2014/02/04 21:31:54 | 000,130,579 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll MOD - [2014/02/04 21:31:54 | 000,019,475 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll MOD - [2014/02/04 21:31:54 | 000,018,963 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll MOD - [2014/02/04 21:31:54 | 000,015,379 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll MOD - [2014/02/04 21:31:54 | 000,014,867 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll MOD - [2014/02/04 21:31:54 | 000,014,355 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll MOD - [2014/02/04 21:31:54 | 000,013,331 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll MOD - [2014/02/04 21:31:46 | 001,248,787 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll MOD - [2014/02/04 21:31:44 | 000,053,779 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll MOD - [2014/02/04 21:31:44 | 000,019,987 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll MOD - [2014/02/04 21:31:44 | 000,019,987 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll MOD - [2014/02/04 21:31:42 | 000,724,499 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll MOD - [2014/02/04 21:31:40 | 000,113,683 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll MOD - [2014/02/04 21:31:40 | 000,067,091 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll MOD - [2014/02/04 21:31:40 | 000,066,579 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll MOD - [2014/02/04 21:31:40 | 000,032,275 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll MOD - [2014/02/04 21:31:40 | 000,027,667 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll MOD - [2014/02/04 21:31:40 | 000,026,643 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll MOD - [2014/02/04 21:31:40 | 000,020,499 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll MOD - [2014/02/04 21:31:40 | 000,018,963 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll MOD - [2014/02/04 21:31:40 | 000,017,427 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll MOD - [2014/02/04 21:31:40 | 000,016,915 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll MOD - [2014/02/04 21:31:40 | 000,015,379 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll MOD - [2014/02/04 21:31:40 | 000,015,379 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll MOD - [2014/02/04 21:31:38 | 000,268,307 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll MOD - [2014/02/04 21:31:38 | 000,240,659 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll MOD - [2014/02/04 21:31:38 | 000,076,307 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll MOD - [2014/02/04 21:31:36 | 002,021,395 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll MOD - [2014/02/04 21:31:36 | 000,114,195 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll MOD - [2014/02/04 21:31:36 | 000,045,587 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll MOD - [2014/02/04 21:31:34 | 000,100,371 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll MOD - [2014/02/04 21:31:34 | 000,087,059 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll MOD - [2014/02/04 21:31:34 | 000,040,467 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll MOD - [2014/02/04 21:31:34 | 000,014,355 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll MOD - [2014/02/04 21:31:30 | 000,133,139 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll MOD - [2014/02/04 21:31:30 | 000,091,667 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll MOD - [2014/02/04 21:31:30 | 000,075,283 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libvobsub_plugin.dll MOD - [2014/02/04 21:31:28 | 000,189,971 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll MOD - [2014/02/04 21:31:26 | 000,708,627 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll MOD - [2014/02/04 21:31:26 | 000,017,939 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll MOD - [2014/02/04 21:31:26 | 000,014,867 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll MOD - [2014/02/04 21:31:24 | 000,531,475 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll MOD - [2014/02/04 21:31:24 | 000,060,947 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll MOD - [2014/02/04 21:31:22 | 000,113,171 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll ========== Services (SafeList) ========== SRV:64bit: - [2014/05/30 05:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2011/01/04 22:57:44 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/10/28 06:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/06/05 17:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters) SRV - [2014/06/11 07:34:06 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014/05/13 14:23:04 | 003,644,432 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent) SRV - [2014/05/13 14:15:28 | 000,292,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd) SRV - [2013/12/18 14:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2011/12/13 19:34:11 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/11/23 17:33:22 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2010/07/16 06:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12) SRV - [2010/07/16 06:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13) SRV - [2010/07/14 04:00:00 | 000,032,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service) SRV - [2009/12/23 17:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/02 19:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014/06/09 04:41:00 | 000,180,136 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP) DRV:64bit: - [2014/05/13 14:20:26 | 000,235,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2014/05/13 14:20:06 | 000,273,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2014/05/13 14:06:06 | 000,323,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2014/05/13 14:05:40 | 000,191,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2014/05/13 14:05:08 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska) DRV:64bit: - [2014/05/13 14:05:06 | 000,130,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2014/05/13 14:04:56 | 000,236,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2014/05/13 14:04:30 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/14 02:28:51 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011/05/03 21:40:19 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2011/04/09 04:06:31 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2011/04/09 04:06:31 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/04 23:37:14 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/01/04 22:19:38 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/08/24 13:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2010/08/24 13:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2010/04/20 15:59:02 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor) DRV:64bit: - [2010/04/20 15:59:00 | 000,376,816 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF) DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883) DRV:64bit: - [2009/07/13 20:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc) DRV:64bit: - [2009/07/13 20:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV) DRV:64bit: - [2009/07/13 20:06:40 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avcstrm.sys -- (AVCSTRM) DRV:64bit: - [2009/07/13 20:06:39 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstape.sys -- (MSTAPE) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/05 17:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService) DRV:64bit: - [2009/06/02 01:00:00 | 000,027,632 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SaibVdAd64.sys -- (SaibVdAd64) DRV:64bit: - [2009/06/02 01:00:00 | 000,027,120 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Sahdad64.sys -- (Sahdad64) DRV:64bit: - [2009/06/02 01:00:00 | 000,019,952 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Saibad64.sys -- (Saibad64) DRV:64bit: - [2009/05/25 04:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009/05/14 09:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/ IE - HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "DuckDuckGo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://duckduckgo.com/" FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.28 FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:3.2.1113 FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.78 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0 FF - prefs.js..keyword.URL: "" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Redog\AppData\Roaming\IDM\idmmzcc5 [2014/06/12 11:35:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Social Privacy\FF\ FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Redog\AppData\Roaming\IDM\idmmzcc5 [2014/06/12 11:35:26 | 000,000,000 | ---D | M] [2013/12/19 12:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Extensions [2014/06/18 09:44:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions [2013/12/19 12:39:00 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014/06/12 03:27:53 | 000,000,000 | ---D | M] (DoNotTrackMe: Online Privacy Protection) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected] [2014/06/18 09:44:26 | 000,000,000 | ---D | M] (Ginger - Grammar and Spell Checker) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected] [2014/06/10 12:44:03 | 000,371,542 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected] [2013/12/19 12:40:41 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\[email protected] [2014/06/07 08:44:51 | 000,695,649 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014/06/03 21:44:55 | 000,533,636 | ---- | M] () (No name found) -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013/02/06 21:01:35 | 000,010,339 | ---- | M] () -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\searchplugins\duckduckgo-1.xml [2013/02/06 21:01:31 | 000,010,339 | ---- | M] () -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\searchplugins\duckduckgo.xml [2012/02/02 17:41:08 | 000,001,119 | ---- | M] () -- C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\searchplugins\scroogle-ssl.xml [2014/06/11 07:34:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2014/06/11 07:34:07 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2014/06/12 11:35:26 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\REDOG\APPDATA\ROAMING\IDM\IDMMZCC5 ========== Chrome ========== CHR - default_search_provider: Conduit (Enabled) CHR - default_search_provider: search_url = http://www.google.com CHR - default_search_provider: suggest_url = http://www.google.com, CHR - homepage: http://www.google.com CHR - Extension: IDM Integration Module = C:\Users\Redog\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn\6.18.8_0\ CHR - Extension: Google Wallet = C:\Users\Redog\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\ O1 HOSTS File: ([2013/12/19 12:11:24 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [soundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1659189456-1754463573-1767136624-1001..\Run: [AVG-Secure-Search-Update_0214c] C:\Users\Redog\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=6a96ebb8546e47d68edad157cad4667a-997cf610540e71f76499a2920d29c41cd41620a3 /CMPID=0214c File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-1659189456-1754463573-1767136624-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm () O1364bit: - gopher Prefix: missing O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.60.2) O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.60.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D8293A4-E241-49E4-90A2-0984EF22F4E2}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2AA19AB9-C644-4FF0-AF23-587D08155F27}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45E6870D-0465-4503-86F8-2B8236229B3C}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76EE4D70-CE2F-4E18-B96B-D25F4F437B55}: DhcpNameServer = 192.168.2.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76EE4D70-CE2F-4E18-B96B-D25F4F437B55}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8,8.8.4.4 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{6dafcf36-6221-11e0-ad60-0015af507bd9}\Shell - "" = AutoRun O33 - MountPoints2\{6dafcf36-6221-11e0-ad60-0015af507bd9}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/06/20 03:31:27 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll [2014/06/18 22:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\GRETECH [2014/06/18 03:48:03 | 000,000,000 | ---D | C] -- C:\Users\Redog\AppData\Local\webkit [2014/06/15 21:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy GIF Animator [2014/06/15 21:02:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy GIF Animator [2014/06/12 10:44:56 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014/06/12 10:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware [2014/06/12 10:44:43 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014/06/12 10:44:43 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014/06/11 07:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2014/06/11 07:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2014/06/11 07:28:15 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2014/06/11 07:28:10 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2014/06/11 07:28:10 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2014/06/11 07:28:10 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2014/06/11 07:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2014/06/11 07:12:08 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014/06/11 07:12:08 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014/06/11 07:12:08 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014/06/11 07:12:07 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014/06/11 07:12:07 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2014/06/11 07:12:07 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2014/06/11 07:12:06 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014/06/11 07:12:06 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014/06/11 07:12:06 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2014/06/11 07:12:06 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014/06/11 07:12:06 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014/06/11 07:12:06 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014/06/11 07:12:06 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014/06/11 07:12:06 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014/06/11 07:12:05 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014/06/11 07:12:05 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014/06/11 07:12:04 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014/06/11 07:12:04 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2014/06/11 07:12:04 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014/06/11 07:12:03 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014/06/11 07:12:03 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014/06/11 07:12:03 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2014/06/11 07:12:03 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014/06/11 07:12:03 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014/06/11 07:12:02 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014/06/11 07:12:02 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2014/06/11 07:12:02 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014/06/11 07:12:02 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014/06/11 07:12:02 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014/06/11 07:12:01 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014/06/11 07:12:01 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2014/06/11 07:12:01 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014/06/11 07:12:00 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014/06/11 07:06:58 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2014/06/11 07:06:52 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2014/06/11 07:06:52 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2014/06/11 07:06:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2014/06/11 07:06:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll [2014/06/11 07:06:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll [2014/06/11 07:06:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2014/06/11 07:06:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2014/06/09 08:08:35 | 000,180,136 | ---- | C] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys [2014/05/30 08:24:06 | 000,000,000 | ---D | C] -- C:\Users\Redog\AppData\Roaming\OpenOffice [2014/05/30 08:23:30 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0 [2014/05/30 08:23:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4 [2014/05/30 08:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice [2011/05/03 21:40:19 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Redog\AppData\Roaming\pcouffin.sys [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/06/20 20:10:05 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014/06/20 19:36:53 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014/06/20 19:36:53 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014/06/20 19:35:44 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014/06/20 19:35:44 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014/06/20 19:35:44 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014/06/20 19:29:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014/06/20 19:29:15 | 536,174,591 | -HS- | M] () -- C:\hiberfil.sys [2014/06/17 07:49:39 | 000,002,075 | ---- | M] () -- C:\Users\Redog\AppData\Local\recently-used.xbel [2014/06/12 10:44:45 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2014/06/09 04:41:00 | 000,180,136 | ---- | M] (Tonec Inc.) -- C:\Windows\SysNative\drivers\idmwfp.sys [2014/05/30 14:59:43 | 000,375,112 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014/05/30 08:27:25 | 000,002,449 | ---- | M] () -- C:\Users\Redog\Documents\OpenOffice Database.odb [2014/05/30 06:02:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014/05/30 05:39:43 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2014/05/30 05:39:23 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014/05/30 05:38:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014/05/30 05:27:57 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014/05/30 05:24:28 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014/05/30 05:21:23 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014/05/30 05:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014/05/30 05:20:36 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014/05/30 05:11:24 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014/05/30 05:08:22 | 005,782,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014/05/30 05:06:42 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2014/05/30 04:55:36 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2014/05/30 04:49:21 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014/05/30 04:46:48 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014/05/30 04:44:23 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2014/05/30 04:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014/05/30 04:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014/05/30 04:35:44 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014/05/30 04:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014/05/30 04:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014/05/30 04:29:31 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014/05/30 04:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014/05/30 04:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014/05/30 04:24:19 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2014/05/30 04:23:22 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014/05/30 04:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2014/05/30 04:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014/05/30 04:04:20 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014/05/30 03:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2014/05/30 03:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014/05/30 03:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014/05/30 03:13:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/06/17 07:49:39 | 000,002,075 | ---- | C] () -- C:\Users\Redog\AppData\Local\recently-used.xbel [2014/05/30 08:25:47 | 000,002,449 | ---- | C] () -- C:\Users\Redog\Documents\OpenOffice Database.odb [2014/02/12 00:09:14 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/10/08 12:51:23 | 000,007,625 | ---- | C] () -- C:\Users\Redog\AppData\Local\resmon.resmoncfg [2012/11/24 22:46:55 | 000,061,132 | ---- | C] () -- C:\Users\Redog\AppData\Local\rx_audio.Cache [2011/09/25 21:14:39 | 000,913,708 | ---- | C] () -- C:\Users\Redog\AppData\Local\rx_image32.Cache [2011/08/29 17:50:43 | 000,000,520 | ---- | C] () -- C:\Users\Redog\AppData\Roaming\SamsungLiveUpdateConfig.ini [2011/05/13 09:26:05 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011/05/07 06:30:39 | 000,000,290 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011/05/03 21:40:19 | 000,099,384 | ---- | C] () -- C:\Users\Redog\AppData\Roaming\inst.exe [2011/05/03 21:40:19 | 000,007,859 | ---- | C] () -- C:\Users\Redog\AppData\Roaming\pcouffin.cat [2011/05/03 21:40:19 | 000,001,167 | ---- | C] () -- C:\Users\Redog\AppData\Roaming\pcouffin.inf ========== ZeroAccess Check ========== [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/01/11 03:09:40 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013/01/11 03:09:40 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2012/10/10 13:47:03 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\.Tribler [2011/12/16 09:12:41 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Activision [2013/09/23 21:46:24 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\AVG2014 [2014/06/21 01:58:54 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\BitTorrent [2011/11/26 20:05:23 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Bizarre Creations [2011/12/16 11:24:08 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Capcom [2014/06/12 11:57:01 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\DMCache [2011/05/03 01:35:25 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Easeware [2014/06/12 11:35:19 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\IDM [2011/04/08 19:33:04 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Leadertech [2014/03/08 14:22:15 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\MPC-HC [2014/05/30 08:24:06 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\OpenOffice [2013/12/19 18:35:41 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Oracle [2012/01/30 11:08:53 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Pegasus Mail [2014/03/08 17:11:24 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\PotPlayerMini64 [2011/04/10 12:34:38 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Simple Star [2012/01/31 18:07:01 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Thunderbird [2012/12/13 19:58:28 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\TuneUp Software [2012/10/30 17:56:58 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Ulead Systems [2012/11/08 19:57:10 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Vso [2012/03/14 16:33:19 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\WinAVI [2012/11/25 12:48:31 | 000,000,000 | ---D | M] -- C:\Users\Redog\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:373E1720 < End of report > OTL Extras: OTL Extras logfile created on: 6/21/2014 3:48:14 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Redog\Desktop\CNET 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17126) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.00 Gb Total Physical Memory | 4.50 Gb Available Physical Memory | 74.95% Memory free 12.00 Gb Paging File | 10.26 Gb Available in Paging File | 85.50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78.53 Gb Total Space | 18.85 Gb Free Space | 24.00% Space Free | Partition Type: NTFS Drive D: | 33.16 Gb Total Space | 4.20 Gb Free Space | 12.67% Space Free | Partition Type: NTFS Drive J: | 635.25 Gb Total Space | 48.48 Gb Free Space | 7.63% Space Free | Partition Type: NTFS Drive K: | 296.13 Gb Total Space | 92.21 Gb Free Space | 31.14% Space Free | Partition Type: NTFS Computer Name: T00T1E_3564 | User Name: Redog | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07FD565D-F616-4586-AEE3-30F1125A3A03}" = rport=445 | protocol=6 | dir=out | app=system | "{2E17C767-285D-4CAA-A990-E29DF4470FBE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{37C04776-BE2E-49F6-92D9-F76BE3CF05C4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4F8B958A-B4A5-409E-935E-733FEACCCF23}" = lport=137 | protocol=17 | dir=in | app=system | "{54E28ACF-3236-4370-9D13-AF59014F0603}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{5E0AA4F8-3B45-4019-9C5B-C5AF561C5D70}" = rport=139 | protocol=6 | dir=out | app=system | "{71AF8297-EF0F-4A0B-8907-D80DCB02D0F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{72BFC3EB-1B01-4C8B-A65C-D334EA88FA7E}" = lport=445 | protocol=6 | dir=in | app=system | "{7E411DD1-EFE6-4C73-8A41-945BB76E6367}" = rport=10243 | protocol=6 | dir=out | app=system | "{83EE96E2-6696-4F5A-A29E-803C4461D47C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8C2EF7DC-DFAF-4E0C-B4BC-54783D366286}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8CBE5199-B828-41F7-BAED-9FBCCBF97D89}" = rport=138 | protocol=17 | dir=out | app=system | "{8D492331-79F5-4C04-944F-B0BAFBBA1DEC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{93AF88D0-00C9-42BB-B19C-2D43EA5454EE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B9EB5C0A-33E3-4B57-B9CC-4CD1339E2DE6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BF5ED522-6699-43CA-AF20-F5EE3464467D}" = lport=2869 | protocol=6 | dir=in | app=system | "{BFCC7F91-0AC1-457A-8EFB-6E9B974571EA}" = lport=139 | protocol=6 | dir=in | app=system | "{C3AC60C9-A605-4AA2-AD5E-870D04E31A54}" = lport=10243 | protocol=6 | dir=in | app=system | "{C893B01A-3380-4683-B4EE-D46FA6412102}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DE91B7AE-A486-47DE-912A-459E67DD83DC}" = rport=137 | protocol=17 | dir=out | app=system | "{DEA037CB-808F-4398-B2C9-C4741DAF60ED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E58D2FC4-0D4B-4258-B218-30B14634A25C}" = lport=138 | protocol=17 | dir=in | app=system | "{E7D922DE-8851-48E7-8C9E-0DF1EDB3D98D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03036419-1D69-4ECF-8FFE-227AA3ABBC03}" = protocol=17 | dir=in | app=c:\users\redog\appdata\local\temp\7zs4fc9\hppiw.exe | "{0A08B9F6-4019-4C37-AF17-9C1B10C25773}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{0AF02342-9486-4532-8FB5-3C21E23567BE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0C14DA87-D353-4AC9-BF29-515FC2806326}" = protocol=1 | dir=in | [email protected],-28543 | "{0C7AC355-3AE5-40F5-A5FD-02CBE513C5A6}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe | "{0E8C9104-6797-4A55-AD18-4660070EA52E}" = protocol=17 | dir=in | app=e:\setup.exe | "{129BE867-34FC-48E6-BAF9-9FA5BC7ECAEE}" = protocol=6 | dir=in | app=c:\users\redog\appdata\roaming\bittorrent\bittorrent.exe | "{15AF5C7C-B557-41C4-9E7D-29EAE4EC53F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | "{17008346-5078-460C-810A-860F33C40292}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{1B476FE1-4742-4FF4-B6CF-FE9D1DBEC2BD}" = protocol=17 | dir=in | app=e:\setup.exe | "{1C5AE9B1-0459-4BB8-8C53-21066E294F37}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | "{21ED90B9-E419-4E48-8EDE-228115BF8AFB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{2410216F-018A-4EDF-A826-9489570F7A40}" = protocol=58 | dir=in | [email protected],-28545 | "{248C1BEF-DA77-485B-BB62-F9F98856DFB9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{34C39806-BD5B-4C8C-A281-8EC80726386D}" = protocol=6 | dir=in | app=j:\jb 007 quantum of solace\jb_liveengine_s.exe | "{39A30931-A93D-473F-AF83-01C55377BFD1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{3E53F0C1-EB7C-4596-A86C-14F00EB707D7}" = protocol=6 | dir=in | app=e:\setup.exe | "{42F7C94A-9733-4DBC-8935-0947FB735F11}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{49C7137B-EABF-4C46-8158-F3228A8C6354}" = protocol=6 | dir=in | app=j:\moto gp 2008\launcher.exe | "{4CB32928-0BB2-450C-A6A8-70F239654456}" = protocol=6 | dir=in | app=e:\setup.exe | "{4D5A83F7-CAC1-47A5-9C23-BCA3777C8EB6}" = protocol=6 | dir=out | app=system | "{56ADC48E-37C0-45E3-A09B-2142B7473B2F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5FE9E016-4E72-4FBF-AB50-6DFAF533A0B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6491292C-838C-42C2-88D6-34F7EA4EA979}" = protocol=17 | dir=in | app=j:\jb 007 quantum of solace\jb_liveengine_s.exe | "{6610ED1C-B067-42CB-9742-CEF48F9D4BA0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | "{7673FEE9-5B5C-45E0-80E4-4A83E944EBED}" = protocol=17 | dir=in | app=j:\moto gp 2008\launcher.exe | "{7928B7C7-A23B-46C9-A403-51DC939C7A5C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | "{797B82FC-9343-4B11-A436-25A159EF27E8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | "{7CEB3282-C547-4930-B9E0-0C186602F45E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | "{80479EA6-278A-4217-85CE-02E95D0FD693}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | "{815630A0-3CE3-4EFB-AA3A-B71912240BEB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe | "{820535A1-C259-40BD-BF14-558FF14E5529}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{85650DFF-74F1-458A-861C-A365ACD65ED2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | "{94531526-8757-4EE4-8321-EECD3331F61C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{9930046E-27C3-4BB6-B5C2-D6E37D19B424}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{A1129756-BD6C-4B23-AA1D-C0020831BE09}" = protocol=17 | dir=in | app=c:\users\redog\appdata\roaming\bittorrent\bittorrent.exe | "{A4926CAA-5CD7-4BEC-B4AF-BDC09A458CFF}" = protocol=6 | dir=in | app=j:\damnation\binaries\damngame.exe | "{A8898481-28CC-482D-92CA-B705DAF23673}" = protocol=58 | dir=out | [email protected],-28546 | "{AAD00443-066B-47EF-9607-C1E89A94E2C1}" = protocol=1 | dir=out | [email protected],-28544 | "{AD2D2204-0A64-45DB-A36A-0302968C1F71}" = protocol=17 | dir=in | app=j:\damnation\binaries\damngame.exe | "{BDFEFCD5-2292-486C-97AA-B0A9998F53A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C122D3D4-47DD-4B21-8955-A057262B23A4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{CD8030C8-6CF4-4716-92CF-A64FD3CD952B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{D0D40518-9ADD-445A-B603-F669F0985347}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | "{D8B3E27A-3EAC-40A4-9001-0A449A9C42A2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | "{D8E4DB77-BD9E-43D6-BB1B-FE18B759DA76}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{DECC7F3D-6887-4F52-B71D-496351955DC6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E1EAD54D-F848-432E-A2C0-B962ABD439D8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EBB201DD-9ABF-4985-B068-6F18CDC5260F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EF482911-3BCD-4F91-BAEE-1BDE66316942}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{F0D16CC8-CED3-4185-B660-8B73AE2F720E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{F527CDF4-59FB-4F19-9A64-C3D0B8125AF4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FD1EF11E-725D-4C7C-A5F1-1F2F83916F85}" = protocol=6 | dir=in | app=c:\users\redog\appdata\local\temp\7zs4fc9\hppiw.exe | "{FE416BC7-5D70-4239-9AA8-13A61409A8A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{4A1AE217-FED2-4EC2-83AF-563082038C60}D:\libraries\documents\programs 2011\bit torrent 7 2 1\bittorrent-7.2.1.exe" = protocol=6 | dir=in | app=d:\libraries\documents\programs 2011\bit torrent 7 2 1\bittorrent-7.2.1.exe | "TCP Query User{510F28D2-D215-406E-BD94-FDE67FAFE6AC}C:\users\redog\appdata\local\xenocode\sandbox\ldr_alcohol_r.exe\2.0.1.2033\2010.09.18t21.28\virtual\stubexe\8.0.1135\@[email protected]\alcohol soft\alcohol 120\starwind\starwindserviceae.exe" = protocol=6 | dir=in | app=c:\users\redog\appdata\local\xenocode\sandbox\ldr_alcohol_r.exe\2.0.1.2033\2010.09.18t21.28\virtual\stubexe\8.0.1135\@[email protected]\alcohol soft\alcohol 120\starwind\starwindserviceae.exe | "TCP Query User{A464F377-C0A3-431A-9683-937AC86543DA}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "TCP Query User{D7BA6984-D06E-427C-8EE4-665E537713C5}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | "UDP Query User{09D6E20D-231C-4A3F-A590-6FBC014E0394}C:\users\redog\appdata\local\xenocode\sandbox\ldr_alcohol_r.exe\2.0.1.2033\2010.09.18t21.28\virtual\stubexe\8.0.1135\@[email protected]\alcohol soft\alcohol 120\starwind\starwindserviceae.exe" = protocol=17 | dir=in | app=c:\users\redog\appdata\local\xenocode\sandbox\ldr_alcohol_r.exe\2.0.1.2033\2010.09.18t21.28\virtual\stubexe\8.0.1135\@[email protected]\alcohol soft\alcohol 120\starwind\starwindserviceae.exe | "UDP Query User{15218D78-AE8B-4639-8960-29C060C9D9C0}D:\libraries\documents\programs 2011\bit torrent 7 2 1\bittorrent-7.2.1.exe" = protocol=17 | dir=in | app=d:\libraries\documents\programs 2011\bit torrent 7 2 1\bittorrent-7.2.1.exe | "UDP Query User{87B7AB44-FECF-4780-8113-D134AC80F0F9}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "UDP Query User{B35207AA-1DDC-44B7-A383-C5C231330A46}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{23170F69-40C1-2702-0921-000001000000}" = 7-Zip 9.21 (x64 edition) "{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.7.3 (64-bit) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00 "{6CB0C0FC-4F27-43F5-84CC-ABC231F045C4}" = AVG 2014 "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst "{C5970161-E13E-6661-BBDA-A08268313C83}" = ATI Catalyst Install Manager "{CB21CD89-A4D3-4240-9AAA-55DCE7F3D076}" = AVG 2014 "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{EE269999-1AB7-7B39-7944-513CF3426CB8}" = AMD Drag and Drop Transcoding "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "AVG" = AVG 2014 "GIMP-2_is1" = GIMP 2.8.4 "PotPlayer64" = Daum PotPlayer 1.5.45955 x64 Edition "sp6" = Logitech SetPoint 6.22 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08F32589-5E39-42B8-8BC5-6A8126ED2A70}" = Microsoft Visual C++ 2008 Redistributable Package "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate "{13C64D80-2447-4509-B98D-614CAF6A9D42}" = Damnation "{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Click-N-Ship for Business® "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite "{211B0612-B93E-493A-9209-FC583D715444}_is1" = STL Viewer 2.3 "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources "{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 60 "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}" = Roxio Creator 2011 Pro "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = The Saboteurâ„¢ "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77CDA026-3860-4C95-8233-34F3CEF121FB}" = Roxio Creator 2011 Pro "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn - Secure "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A5F1282-D6F8-4F04-B73E-D9286924E9AC}" = Roxio Creator 2011 Pro "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace 1.1 Patch "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software "{A9024A22-FB0E-4DDC-AB93-44D686F7F491}" = Roxio CinePlayer "{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10) "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "{BD3EAE4D-862D-4D41-8BB5-F5C2CFFE6022}" = Roxio BackOnTrackPE "{BDA825AD-D60B-4935-9590-B0F1AC2E0D22}" = MotoGP 08 "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C3C697E8-9183-4088-994C-2662166830BC}" = Damnation "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron version SRWare Iron 30.0.1650.0 "{C82185E8-C27B-4EF4-2010-4444BC2C2B6D}" = Microsoft Streets & Trips 2010 "{C87EF11D-36E9-479D-9898-7541EA1E8A6A}" = OpenOffice 4.1.0 "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Quantum of Solace "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack "1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 4.2.7.9 "Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin "CodeStuff Starter" = CodeStuff Starter "DVD Shrink_is1" = DVD Shrink 3.2 "DVD43 Plug-in_is1" = DVD43 Plug-in v1.0.0.5 "EADM" = EA Download Manager "Easy GIF Animator_is1" = Easy GIF Animator 6.1 "GOM Player" = GOM Player "Host OpenAL (ADI)" = Host OpenAL (ADI) "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{A1644527-B0FF-485B-8412-3C7504A2F188}" = Quantum of Solace 1.1 Patch "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{CDF29D6C-AA05-49F9-A55A-89C2F8F4F46E}" = Quantum of Solace "InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition "Internet Download Manager" = Internet Download Manager "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012 "Mozilla Firefox 30.0 (x86 en-US)" = Mozilla Firefox 30.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "OpenAL" = OpenAL "Roxio PhotoShow" = Roxio PhotoShow "SecuROM Diagnostic Tool" = SecuROM Diagnostic Tool "Shellshock2" = Shellshock 2 "Steam App 8190" = Just Cause 2 "VLC media player" = VLC media player 2.1.3 "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1659189456-1754463573-1767136624-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/20/2014 7:07:46 PM | Computer Name = T00t1e_3564 | Source = Application Error | ID = 1000 Description = Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x9c0 Faulting application start time: 0x01cf8cdb9d92dbba Faulting application path: C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbam.exe Faulting module path: C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\MSVCR100.dll Report Id: b06b60fb-f8cf-11e3-b390-001e8c308f89 Error - 6/21/2014 3:43:02 AM | Computer Name = T00t1e_3564 | Source = Application Hang | ID = 1002 Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: a7c Start Time: 01cf8d23bd6b1b97 Termination Time: 0 Application Path: C:\Users\Redog\Desktop\CNET\OTL.exe Report Id: ab0bb86d-f917-11e3-8850-001e8c308f89 Error - 6/21/2014 3:46:10 AM | Computer Name = T00t1e_3564 | Source = Application Hang | ID = 1002 Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 7b4 Start Time: 01cf8d24726dfac3 Termination Time: 0 Application Path: C:\Users\Redog\Desktop\CNET\OTL.exe Report Id: 1b2fa577-f918-11e3-8850-001e8c308f89 [ System Events ] Error - 6/20/2014 7:09:19 PM | Computer Name = T00t1e_3564 | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect. Error - 6/20/2014 7:11:20 PM | Computer Name = T00t1e_3564 | Source = Service Control Manager | ID = 7023 Description = The HP Network Devices Support service terminated with the following error: %%126 Error - 6/20/2014 7:29:50 PM | Computer Name = T00t1e_3564 | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect. Error - 6/20/2014 7:31:51 PM | Computer Name = T00t1e_3564 | Source = Service Control Manager | ID = 7023 Description = The HP Network Devices Support service terminated with the following error: %%126 < End of report >
  22. Note: The Malwarebytes program is now 2.0.2.1021 ADW Cleaner Log: # AdwCleaner v3.212 - Report created 20/06/2014 at 18:22:53 # Updated 05/06/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Redog - T00T1E_3564 # Running from : C:\Users\Redog\Desktop\CNET\adwcleaner_3.212.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Updater File Deleted : C:\Users\Redog\AppData\Local\Temp\Uninstall.exe ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1518085A-ED17-437A-9E51-341796DA3170} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6765055A-6FA2-4A59-9BC1-E80167E690FA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7471FDF2-F581-4FA6-9C73-F29EA897F4FE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{77D804E7-4020-4D30-A0D1-029EF10E6AF8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{85A57945-962A-43D6-82CF-E8018BAC91C2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8620341E-9F11-4EE4-AB73-C285D869A942} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{891B33F0-EB99-4AAF-9D69-4F9CC83FAEC9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BCD2900F-FAAD-459A-820E-6C7E34B62D31} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1667F75-620F-4E30-B62C-8082372A0E5C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C82BFE3F-4D68-4FD2-A524-4637AB22FC99} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7AB9FEB-10A3-4488-B455-DC9A70E22BC0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E} Key Deleted : HKLM\Software\Lightspark Team Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17126 -\\ Mozilla Firefox v30.0 (en-US) [ File : C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\prefs.js ] Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search"); -\\ Google Chrome v [ File : C:\Users\Redog\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof Deleted [Extension] : oclgomenfkljhfkfflghppidonpkljjg ************************* AdwCleaner[R0].txt - [10750 octets] - [04/12/2013 05:49:36] AdwCleaner[R1].txt - [13461 octets] - [19/12/2013 09:30:42] AdwCleaner[R2].txt - [2026 octets] - [27/03/2014 19:45:43] AdwCleaner[R3].txt - [3316 octets] - [20/06/2014 03:30:59] AdwCleaner[R4].txt - [3319 octets] - [20/06/2014 18:22:09] AdwCleaner[s0].txt - [8925 octets] - [04/12/2013 05:52:29] AdwCleaner[s1].txt - [13670 octets] - [19/12/2013 09:34:02] AdwCleaner[s2].txt - [1928 octets] - [27/03/2014 19:51:25] AdwCleaner[s3].txt - [3286 octets] - [20/06/2014 18:22:53] ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [3346 octets] ########## JRT Log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Windows 7 Professional x64 Ran by Redog on Fri 06/20/2014 at 18:41:56.88 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Emptied folder: C:\Users\Redog\AppData\Roaming\mozilla\firefox\profiles\ovc4b2qd.default\minidumps [11 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 06/20/2014 at 18:45:29.27 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DDS 1: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.17126 BrowserJavaVersion: 10.60.2 Run by Redog at 20:17:55 on 2014-06-20 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6143.4770 [GMT -4:00] . AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\AEADISRV.EXE C:\Windows\system32\taskhost.exe C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Windows\SysWOW64\ctfmon.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Windows Media Player\WMPSideShowGadget.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Logitech Gaming Software\LCore.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x64\LCDClock.exe C:\Program Files (x86)\VideoLAN\VLC\vlc.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = about:blank mStart Page = about:blank mDefault_Page_URL = about:blank mWinlogon: Userinit = userinit.exe, BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [AVG-Secure-Search-Update_0214c] C:\Users\Redog\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=6a96ebb8546e47d68edad157cad4667a-997cf610540e71f76499a2920d29c41cd41620a3 /CMPID=0214c mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: NameServer = 8.8.8.8,8.8.4.4 TCP: NameServer = 192.168.2.254 TCP: Interfaces\{1D8293A4-E241-49E4-90A2-0984EF22F4E2} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{2AA19AB9-C644-4FF0-AF23-587D08155F27} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{45E6870D-0465-4503-86F8-2B8236229B3C} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{76EE4D70-CE2F-4E18-B96B-D25F4F437B55} : NameServer = 8.8.8.8,8.8.4.4 TCP: Interfaces\{76EE4D70-CE2F-4E18-B96B-D25F4F437B55} : DHCPNameServer = 192.168.2.254 TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer = 8.8.8.8,8.8.4.4 mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" x64-mStart Page = about:blank x64-mDefault_Page_URL = about:blank x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming x64-Run: [Launch LCore] "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized x64-Run: [soundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe /tray x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Redog\AppData\Roaming\Mozilla\Firefox\Profiles\ovc4b2qd.default\ FF - prefs.js: keyword.URL - FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-5-13 191768] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-5-13 323352] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-5-13 130328] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-5-13 31512] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-4-10 55856] R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2011-4-10 27120] R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2011-4-10 19952] R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-5-13 152344] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-5-13 236312] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-5-13 235800] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-5-13 273176] R1 CLBStor;InstantBurn Storage Helper Driver;C:\Windows\System32\drivers\CLBStor.sys [2011-4-10 24560] R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2011-4-10 27632] R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-4 203776] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-5-13 292424] R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-7-14 32240] R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\Windows\System32\drivers\CLBUDF.sys [2011-4-10 376816] R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-6-9 180136] R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688] R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2011-4-9 22408] R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2011-4-9 16008] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-21 452200] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-5-13 3644432] S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/09/18 14:36:55;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-6-11 111616] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456] S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-13 56832] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-8 1255736] . =============== Created Last 30 ================ . 2014-06-20 07:31:27 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll 2014-06-19 02:29:43 -------- d-----w- C:\ProgramData\GRETECH 2014-06-18 07:48:03 -------- d-----w- C:\Users\Redog\AppData\Local\webkit 2014-06-16 01:02:55 -------- d-----w- C:\Program Files (x86)\Easy GIF Animator 2014-06-12 14:44:56 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2014-06-12 14:44:43 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-06-12 14:44:43 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys 2014-06-11 11:28:10 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-06-11 11:06:58 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2014-06-09 12:08:35 180136 ----a-w- C:\Windows\System32\drivers\idmwfp.sys 2014-05-30 12:24:06 -------- d-----w- C:\Users\Redog\AppData\Roaming\OpenOffice 2014-05-30 12:23:16 -------- d-----w- C:\Program Files (x86)\OpenOffice 4 2014-05-30 12:22:15 -------- d-----w- C:\Program Files (x86)\OpenOffice . ==================== Find3M ==================== . 2014-05-30 10:02:37 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2014-05-30 10:02:09 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2014-05-30 09:39:43 548352 ----a-w- C:\Windows\System32\vbscript.dll 2014-05-30 09:39:23 66048 ----a-w- C:\Windows\System32\iesetup.dll 2014-05-30 09:38:29 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2014-05-30 09:21:23 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2014-05-30 09:21:05 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2014-05-30 09:20:36 752640 ----a-w- C:\Windows\System32\jscript9diag.dll 2014-05-30 09:11:24 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2014-05-30 09:08:22 5782528 ----a-w- C:\Windows\System32\jscript9.dll 2014-05-30 09:02:39 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-05-30 08:55:36 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2014-05-30 08:44:28 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-05-30 08:43:06 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll 2014-05-30 08:42:16 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2014-05-30 08:28:33 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2014-05-30 08:27:56 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2014-05-30 08:24:19 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2014-05-30 08:23:22 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl 2014-05-30 08:10:46 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll 2014-05-30 07:56:56 2266112 ----a-w- C:\Windows\System32\wininet.dll 2014-05-30 07:56:50 4244992 ----a-w- C:\Windows\SysWow64\jscript9.dll 2014-05-30 07:50:09 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll 2014-05-30 07:49:38 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2014-05-30 07:21:10 1790976 ----a-w- C:\Windows\SysWow64\wininet.dll 2014-05-13 18:20:26 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys 2014-05-13 18:20:06 273176 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2014-05-13 18:06:06 323352 ----a-w- C:\Windows\System32\drivers\avgloga.sys 2014-05-13 18:05:40 191768 ----a-w- C:\Windows\System32\drivers\avgidsha.sys 2014-05-13 18:05:08 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys 2014-05-13 18:05:06 130328 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys 2014-05-13 18:04:56 236312 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys 2014-05-13 18:04:30 31512 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys 2014-05-12 11:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll 2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll 2014-05-08 09:32:11 3178496 ----a-w- C:\Windows\System32\rdpcorets.dll 2014-05-08 09:32:11 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll 2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll 2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll 2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll 2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll 2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll 2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe 2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2014-04-11 21:23:27 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-04-11 21:23:27 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2014-04-05 02:47:20 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll 2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll 2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll 2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll 2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll 2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll . ============= FINISH: 20:18:08.62 =============== DDS2: DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2/15/2011 2:24:28 AM System Uptime: 6/20/2014 7:29:03 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5E3 Deluxe Processor: Intel® Core2 Quad CPU Q9300 @ 2.50GHz | LGA775 | 2497/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 79 GiB total, 18.867 GiB free. D: is FIXED (NTFS) - 33 GiB total, 4.21 GiB free. E: is CDROM () F: is CDROM () G: is CDROM () J: is FIXED (NTFS) - 635 GiB total, 48.481 GiB free. K: is FIXED (NTFS) - 296 GiB total, 92.215 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318} Description: Standard PS/2 Keyboard Device ID: ACPI\PNP0303\4&23F9C1E3&0 Manufacturer: (Standard keyboards) Name: Standard PS/2 Keyboard PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0 Service: i8042prt . ==== System Restore Points =================== . RP272: 5/29/2014 10:28:24 PM - Adblock Plus for IE RP273: 5/29/2014 10:29:36 PM - Adblock Plus for IE RP274: 5/30/2014 8:23:02 AM - Installed OpenOffice 4.1.0 RP275: 6/11/2014 7:12:11 AM - Windows Update RP276: 6/11/2014 7:20:50 AM - Windows Update RP277: 6/11/2014 7:27:39 AM - Installed Java 7 Update 60 . ==== Installed Programs ====================== . 1Click DVD Copy Pro 4.2.7.9 7-Zip 9.21 (x64 edition) Adobe Flash Player 12 Plugin Adobe Flash Player 13 ActiveX Adobe Reader X (10.1.10) AMD Drag and Drop Transcoding ATI Catalyst Install Manager AVG 2014 BitTorrent Chessmaster 10th Edition Click-N-Ship for Business® CodeStuff Starter CyberLink Blu-ray Disc Suite CyberLink InstantBurn CyberLink LabelPrint CyberLink Power2Go CyberLink PowerBackup CyberLink PowerDirector CyberLink PowerDVD 9 CyberLink PowerProducer D3DX10 Damnation Daum PotPlayer 1.5.45955 x64 Edition DVD Shrink 3.2 DVD43 Plug-in v1.0.0.5 EA Download Manager Easy GIF Animator 6.1 eReg FW LiveUpdate GIMP 2.8.4 GOM Player Host OpenAL (ADI) Internet Download Manager Java 7 Update 60 Java Auto Updater JavaFX 2.1.0 Just Cause 2 LightScribe System Software Logitech Gaming Software 7.00 Logitech SetPoint 6.22 Malwarebytes Anti-Malware version 2.0.2.1012 Microsoft .NET Framework 4.5.1 Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Office Access database engine 2007 (English) Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Streets & Trips 2010 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable Package Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MotoGP 08 Movie Maker Mozilla Firefox 30.0 (x86 en-US) Mozilla Maintenance Service MPC-HC 1.7.3 (64-bit) MSVCRT MSVCRT110 MSVCRT110_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA PhysX v8.10.13 OpenAL OpenOffice 4.1.0 Photo Common Photo Gallery Quantum of Solace Quantum of Solace 1.1 Patch RBVirtualFolder64Inst Roxio BackOnTrack Roxio BackOnTrackPE Roxio Burn - Secure Roxio CinePlayer Roxio CinePlayer Decoder Pack Roxio Creator 2011 Pro Roxio PhotoShow Roxio Video Capture USB Security Update for Microsoft .NET Framework 4.5.1 (KB2898869) Security Update for Microsoft .NET Framework 4.5.1 (KB2901126) Security Update for Microsoft .NET Framework 4.5.1 (KB2931368) SecuROM Diagnostic Tool Shellshock 2 SmartSound Common Data SmartSound Quicktracks 5 SoundMAX SRWare Iron version SRWare Iron 30.0.1650.0 Steam STL Viewer 2.3 The Saboteurâ„¢ Updater VD64Inst Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables VLC media player 2.1.3 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== Event Viewer Messages From Past Week ======== . 6/20/2014 7:31:51 PM, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found. 6/20/2014 7:29:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect. . ==== End Of File ===========================
  23. OK, I'll try and run these tonight. I did run ADW this morning. It automatically removed the old version and installed new version. I ran it but nothing came up. That one is confusing because above the dialog box are choices: services, folders, files, shortcut, registry, internet explorer, firefox. Should I be looking in all of those?