Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GorillaPrice and WatGoup.exe


  • This topic is locked This topic is locked
23 replies to this topic

#1 chessmaster102

chessmaster102

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 16 July 2014 - 01:51 PM

(Edit: GorillaPrice and WatGorp.exe)

 

Hello, currently I am having troubles removing the 2 objects above from my computer. I am a complete noob when it comes to this stuff and your probably looking for a DDS log, but it will not download to my computer because it "cannot download in compatibility mode". I dont know what I have to fix in order to download it.

 

For the actual problem, I have found a similar topic to my problem: http://www.bleepingcomputer.com/forums/t/533912/weird-spyware-poping-up-all-over-my-computer-gorillapriceexe-watgorpexe/

 

I followed the steps there and that has not worked, here is the logs from those scans:

 

# AdwCleaner v3.215 - Report created 16/07/2014 at 08:18:25
# Updated 09/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Michael - MICHAELS_LAPTOP
# Running from : C:\Users\Michael\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : vToolbarUpdater18.1.7
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\Michael\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Michael\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Michael\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\END
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
 
-\\ Google Chrome v35.0.1916.153
 
*************************
 
AdwCleaner[R0].txt - [7583 octets] - [16/07/2014 08:15:55]
AdwCleaner[S0].txt - [6890 octets] - [16/07/2014 08:18:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6950 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Michael on Wed 07/16/2014 at  8:25:19.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] gorillaprice 
Successfully deleted: [Service] gorillaprice 
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/16/2014 at  8:48:50.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Michael (administrator) on MICHAELS_LAPTOP on 16-07-2014 08:57:54
Running from C:\Users\Michael\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
() C:\ProgramData\gorillaprice\WatGorp.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILAE.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\gorillaprice\GorillaPrice.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TUDefragBackend64.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe [7715160 2014-06-03] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKU\S-1-5-21-2646107381-3739728561-2652387464-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-2646107381-3739728561-2652387464-1001\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2733080 2014-06-01] ()
HKU\S-1-5-21-2646107381-3739728561-2652387464-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKLM - DefaultScope {6D30C8B4-59F9-49D0-8489-4F67A75CA1C8} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {6D30C8B4-59F9-49D0-8489-4F67A75CA1C8} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {6D30C8B4-59F9-49D0-8489-4F67A75CA1C8} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKCU - {6D30C8B4-59F9-49D0-8489-4F67A75CA1C8} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-16]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-16]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-16]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-14]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-16]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michael\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-01]
 
==================== Services (Whitelisted) =================
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-30] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-27] (WildTangent)
R2 GorillaPrice; C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe [494080 2014-02-06] () [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe [706864 2014-06-03] ()
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29181272 2008-12-18] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2102072 2013-12-18] (AVG)
R2 WatGorp; C:\ProgramData\gorillaprice\WatGorp.exe [70144 2014-02-06] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-06] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-05-14] (AVG Technologies CZ, s.r.o.)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2013-08-23] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-04-22] (BitDefender S.R.L.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-16 08:57 - 2014-07-16 08:58 - 00015819 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-07-16 08:57 - 2014-07-16 08:57 - 02086912 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-07-16 08:57 - 2014-07-16 08:57 - 00000000 ____D () C:\FRST
2014-07-16 08:56 - 2014-07-16 08:56 - 01077248 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2014-07-16 08:56 - 2014-07-16 08:56 - 01077248 _____ (Farbar) C:\Users\Michael\Downloads\FRST (1).exe
2014-07-16 08:48 - 2014-07-16 08:48 - 00000887 _____ () C:\Users\Michael\Desktop\JRT.txt
2014-07-16 08:35 - 2014-07-16 08:35 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-16 08:26 - 2014-07-16 08:26 - 01016261 _____ (Thisisu) C:\Users\Michael\Downloads\JRT (1).exe
2014-07-16 08:25 - 2014-07-16 08:25 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 08:24 - 2014-07-16 08:24 - 01016261 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-07-16 08:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-16 08:13 - 2014-07-16 08:18 - 00000000 ____D () C:\AdwCleaner
2014-07-16 08:12 - 2014-07-16 08:13 - 01348263 _____ () C:\Users\Michael\Downloads\AdwCleaner.exe
2014-07-13 17:43 - 2014-07-13 17:43 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\AlawarEntertainment
2014-07-12 02:57 - 2014-07-12 02:57 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Lavasoft
2014-07-12 02:26 - 2014-07-16 08:21 - 00002340 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-07-12 02:26 - 2014-07-12 02:26 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\LavasoftStatistics
2014-07-12 02:26 - 2014-07-12 02:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-07-12 02:25 - 2014-07-12 02:25 - 00000000 ____D () C:\Program Files\Lavasoft
2014-07-12 02:24 - 2014-07-12 02:24 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-12 02:24 - 2014-07-12 02:24 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-12 02:23 - 2014-07-12 02:23 - 01728896 _____ () C:\Users\Michael\Downloads\AdAwareWebInstaller_win32_11.1.5354.0.exe
2014-07-12 00:23 - 2014-07-12 00:23 - 00000000 _____ () C:\autoexec.bat
2014-07-12 00:22 - 2014-07-12 00:22 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-12 00:21 - 2014-07-12 02:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-12 00:20 - 2014-07-12 00:20 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michael\Downloads\SpyHunter-Installer.exe
2014-07-10 16:14 - 2014-07-10 16:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 21:04 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-09 07:10 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 07:10 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 07:10 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 07:10 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 07:10 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-09 07:10 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-09 07:10 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-09 07:10 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-09 07:10 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 07:10 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 07:09 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 07:09 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 07:09 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 07:09 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 07:08 - 2014-06-30 18:45 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 07:08 - 2014-06-28 03:48 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 07:08 - 2014-06-28 03:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-09 07:08 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 07:08 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 07:08 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 07:08 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 07:08 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 07:08 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 07:08 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 07:08 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 07:08 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 07:08 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 07:08 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 07:08 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 07:08 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 07:08 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 07:08 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 07:08 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 07:08 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 07:08 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 07:08 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 07:08 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 07:08 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 07:08 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 07:08 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 07:08 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 07:08 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 07:08 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-09 07:08 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-09 07:08 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-09 07:08 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-09 07:08 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 07:08 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-09 07:08 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-09 07:08 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 07:08 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-09 07:08 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-09 07:08 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-09 07:08 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-09 07:08 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 07:08 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-09 07:08 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-08 21:01 - 2014-07-08 21:01 - 00000148 _____ () C:\Users\Michael\Downloads\How_can_I_make_YouTube_videos_repeat
2014-07-08 18:08 - 2014-07-08 18:08 - 00000151 _____ () C:\Users\Michael\Downloads\pr
2014-07-08 17:50 - 2014-07-08 17:50 - 00000148 _____ () C:\Users\Michael\Downloads\impsc (1).php
2014-07-06 02:43 - 2014-07-06 02:43 - 10287035 _____ () C:\Users\Michael\Downloads\SFML-2.1-windows-vc9-32bits.zip
2014-07-02 21:42 - 2014-07-02 21:42 - 00000155 _____ () C:\Users\Michael\Downloads\receiver (1).html
2014-07-02 21:37 - 2014-07-02 21:37 - 00000148 _____ () C:\Users\Michael\Downloads\tmi_crossdomain_receiver (1).html
2014-06-22 11:18 - 2014-06-22 11:18 - 00000000 ____D () C:\Windows\System32\Tasks\GenericSettingsHandler
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-06-17 07:22 - 2014-06-17 07:22 - 00002773 _____ () C:\Users\Michael\Downloads\English Paper.txt
2014-06-16 12:14 - 2014-06-16 12:14 - 00010989 _____ () C:\Users\Michael\Documents\dfghdfgh.txt
2014-06-16 01:16 - 2014-06-16 01:16 - 00000148 _____ () C:\Users\Michael\Downloads\createASLId (1).jsp
 
==================== One Month Modified Files and Folders =======
 
2014-07-16 08:58 - 2014-07-16 08:57 - 00015819 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-07-16 08:57 - 2014-07-16 08:57 - 02086912 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-07-16 08:57 - 2014-07-16 08:57 - 00000000 ____D () C:\FRST
2014-07-16 08:56 - 2014-07-16 08:56 - 01077248 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2014-07-16 08:56 - 2014-07-16 08:56 - 01077248 _____ (Farbar) C:\Users\Michael\Downloads\FRST (1).exe
2014-07-16 08:54 - 2013-11-09 10:50 - 01197273 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 08:48 - 2014-07-16 08:48 - 00000887 _____ () C:\Users\Michael\Desktop\JRT.txt
2014-07-16 08:39 - 2013-12-14 19:53 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2646107381-3739728561-2652387464-1001
2014-07-16 08:35 - 2014-07-16 08:35 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-16 08:27 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-16 08:26 - 2014-07-16 08:26 - 01016261 _____ (Thisisu) C:\Users\Michael\Downloads\JRT (1).exe
2014-07-16 08:25 - 2014-07-16 08:25 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 08:24 - 2014-07-16 08:24 - 01016261 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-07-16 08:22 - 2014-03-11 12:05 - 00000000 ___RD () C:\Users\Michael\Google Drive
2014-07-16 08:22 - 2013-12-14 19:50 - 00000000 __RDO () C:\Users\Michael\SkyDrive
2014-07-16 08:22 - 2013-11-09 11:21 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 08:21 - 2014-07-12 02:26 - 00002340 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-07-16 08:21 - 2014-04-24 19:50 - 00000406 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-07-16 08:21 - 2014-04-24 19:50 - 00000406 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-07-16 08:21 - 2014-02-15 00:00 - 00000000 ____D () C:\Program Files (x86)\gorillaprice
2014-07-16 08:21 - 2014-02-06 21:30 - 00000414 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
2014-07-16 08:21 - 2014-02-06 21:30 - 00000412 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job
2014-07-16 08:20 - 2013-12-26 21:31 - 00000000 ____D () C:\Users\Michael\AppData\Local\AVG SafeGuard toolbar
2014-07-16 08:20 - 2013-09-12 23:14 - 00116660 _____ () C:\Windows\PFRO.log
2014-07-16 08:20 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 08:19 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-16 08:18 - 2014-07-16 08:13 - 00000000 ____D () C:\AdwCleaner
2014-07-16 08:16 - 2013-12-25 14:02 - 00000000 ____D () C:\Users\Michael\AppData\Local\Battle.net
2014-07-16 08:13 - 2014-07-16 08:12 - 01348263 _____ () C:\Users\Michael\Downloads\AdwCleaner.exe
2014-07-16 08:06 - 2013-11-09 11:21 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-16 08:04 - 2014-05-06 21:04 - 00000951 _____ () C:\Windows\Tasks\EPSON XP-410 Series Update {BAC40C81-FFF2-4529-8EBB-1D1EB2ED8AB5}.job
2014-07-16 08:04 - 2014-05-06 21:04 - 00000765 _____ () C:\Windows\Tasks\EPSON XP-410 Series Invitation {BAC40C81-FFF2-4529-8EBB-1D1EB2ED8AB5}.job
2014-07-16 08:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-16 03:56 - 2013-11-09 10:50 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-07-16 03:49 - 2013-12-14 19:54 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E32470CF-8DD5-4C27-9BC8-B30C172539D6}
2014-07-15 21:43 - 2013-12-24 21:18 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-14 23:16 - 2014-02-15 22:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\.minecraft
2014-07-13 22:21 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-13 18:45 - 2014-03-06 20:37 - 00000000 ____D () C:\Users\Michael\Documents\Visual Studio 2008
2014-07-13 17:43 - 2014-07-13 17:43 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\AlawarEntertainment
2014-07-13 11:32 - 2013-12-24 21:35 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2014-07-12 02:57 - 2014-07-12 02:57 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Lavasoft
2014-07-12 02:26 - 2014-07-12 02:26 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\LavasoftStatistics
2014-07-12 02:26 - 2014-07-12 02:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
2014-07-12 02:25 - 2014-07-12 02:25 - 00000000 ____D () C:\Program Files\Lavasoft
2014-07-12 02:24 - 2014-07-12 02:24 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-12 02:24 - 2014-07-12 02:24 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-07-12 02:23 - 2014-07-12 02:23 - 01728896 _____ () C:\Users\Michael\Downloads\AdAwareWebInstaller_win32_11.1.5354.0.exe
2014-07-12 02:21 - 2014-07-12 00:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-12 00:23 - 2014-07-12 00:23 - 00000000 _____ () C:\autoexec.bat
2014-07-12 00:22 - 2014-07-12 00:22 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-12 00:20 - 2014-07-12 00:20 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michael\Downloads\SpyHunter-Installer.exe
2014-07-11 07:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-07-10 17:43 - 2013-08-22 10:44 - 00379544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 16:14 - 2014-07-10 16:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 16:14 - 2013-08-22 15:12 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 16:14 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-10 16:14 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:14 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:14 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-09 21:10 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-09 21:08 - 2013-12-28 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 21:06 - 2013-12-28 02:01 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 13:25 - 2013-12-25 14:02 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-08 21:01 - 2014-07-08 21:01 - 00000148 _____ () C:\Users\Michael\Downloads\How_can_I_make_YouTube_videos_repeat
2014-07-08 19:09 - 2013-11-09 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-08 18:08 - 2014-07-08 18:08 - 00000151 _____ () C:\Users\Michael\Downloads\pr
2014-07-08 17:50 - 2014-07-08 17:50 - 00000148 _____ () C:\Users\Michael\Downloads\impsc (1).php
2014-07-08 10:25 - 2013-08-22 10:46 - 00022406 _____ () C:\Windows\setupact.log
2014-07-06 02:47 - 2013-12-25 21:27 - 00049152 ___SH () C:\Users\Michael\Downloads\Thumbs.db
2014-07-06 02:43 - 2014-07-06 02:43 - 10287035 _____ () C:\Users\Michael\Downloads\SFML-2.1-windows-vc9-32bits.zip
2014-07-03 12:26 - 2014-03-31 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-02 21:42 - 2014-07-02 21:42 - 00000155 _____ () C:\Users\Michael\Downloads\receiver (1).html
2014-07-02 21:37 - 2014-07-02 21:37 - 00000148 _____ () C:\Users\Michael\Downloads\tmi_crossdomain_receiver (1).html
2014-06-30 19:42 - 2013-12-25 14:04 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-06-30 18:45 - 2014-07-09 07:08 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-28 03:48 - 2014-07-09 07:08 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 03:07 - 2014-07-09 07:08 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-06-26 16:55 - 2013-08-22 11:38 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 16:55 - 2013-08-22 11:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-23 21:32 - 2014-03-30 17:00 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-06-22 11:18 - 2014-06-22 11:18 - 00000000 ____D () C:\Windows\System32\Tasks\GenericSettingsHandler
2014-06-22 01:01 - 2013-11-09 11:21 - 00003916 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-22 01:01 - 2013-11-09 11:21 - 00003680 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 07:54 - 2013-09-12 23:25 - 00929400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-18 21:39 - 2014-07-09 07:09 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 20:48 - 2014-07-09 07:08 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 20:16 - 2014-07-09 07:09 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 20:09 - 2014-07-09 07:08 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 19:51 - 2014-07-09 07:08 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-09 07:08 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-09 07:08 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 19:46 - 2014-07-09 07:09 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-18 19:39 - 2014-07-09 07:08 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 19:33 - 2014-07-09 07:08 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-09 07:08 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 19:27 - 2014-07-09 07:08 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 19:12 - 2014-07-09 07:08 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 18:59 - 2014-07-09 07:08 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-09 07:08 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-09 07:08 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 18:57 - 2014-07-09 07:09 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-18 18:52 - 2014-07-09 07:08 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-09 07:08 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-09 07:08 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 18:45 - 2014-07-09 07:08 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-09 07:08 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-09 07:08 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-09 07:08 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-09 07:08 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-09 07:08 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-09 07:08 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-17 16:21 - 2014-06-17 16:21 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-06-17 16:07 - 2014-06-17 16:07 - 00328984 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00242968 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00190744 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00153368 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00123672 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-06-17 07:22 - 2014-06-17 07:22 - 00002773 _____ () C:\Users\Michael\Downloads\English Paper.txt
2014-06-16 18:26 - 2014-07-09 07:10 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-16 18:24 - 2014-07-09 07:10 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-16 12:14 - 2014-06-16 12:14 - 00010989 _____ () C:\Users\Michael\Documents\dfghdfgh.txt
2014-06-16 01:16 - 2014-06-16 01:16 - 00000148 _____ () C:\Users\Michael\Downloads\createASLId (1).jsp
 
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\bdfilters.dll
C:\Users\Michael\AppData\Local\Temp\nsb211C.exe
C:\Users\Michael\AppData\Local\Temp\nsc163D.exe
C:\Users\Michael\AppData\Local\Temp\nsf1D91.exe
C:\Users\Michael\AppData\Local\Temp\nshDEB4.exe
C:\Users\Michael\AppData\Local\Temp\nsjD731.exe
C:\Users\Michael\AppData\Local\Temp\nsn188C.exe
C:\Users\Michael\AppData\Local\Temp\nspF376.exe
C:\Users\Michael\AppData\Local\Temp\nsq12A2.exe
C:\Users\Michael\AppData\Local\Temp\nsq12DE.exe
C:\Users\Michael\AppData\Local\Temp\nsuE9D8.exe
C:\Users\Michael\AppData\Local\Temp\nsvED82.exe
C:\Users\Michael\AppData\Local\Temp\nsxEDA9.exe
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael\AppData\Local\Temp\SHSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-11 07:23
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2014 01
Ran by Michael at 2014-07-16 09:00:30
Running from C:\Users\Michael\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
 
==================== Installed Programs ======================
 
Ad-Aware Antivirus (HKLM\...\{9F965DAA-2FFD-41E3-8125-893BFBBE01D6}_AdAwareUpdater) (Version: 11.2.5952.0 - Lavasoft)
AdAwareInstaller (Version: 11.2.5952.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.2.5952.0 - Lavasoft) Hidden
Adobe Reader XI (11.0.03)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B280788C-B671-E08D-4219-CE907B7BFF75}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
AMD Start Now (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.295 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.295 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.295 - AVG) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.2.455 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Crystal Reports Basic for Visual Studio 2008 (HKLM-x32\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-410 User's Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-410 User's Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089) (HKLM-x32\...\KB960089_SQL9) (Version: 9.2.3077 - Microsoft Corporation)
GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU (KB960089) (HKLM-x32\...\KB960089_SQLTools9) (Version: 9.2.3077 - Microsoft Corporation)
Goblin Defenders: Steel 'n' Wood (x32 Version: 3.0.2.51 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
gorillaprice (HKLM-x32\...\gorillaprice) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
Microsoft .NET Compact Framework 2.0 SP2 (HKLM-x32\...\{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft Device Emulator (64 bit) version 3.0 - ENU (HKLM\...\{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Document Explorer 2008 (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Visual Web Developer 2007 (x32 Version: 12.0.4518.1066 - Microsoft Corporation) Hidden
Microsoft Office Visual Web Developer MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM-x32\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM-x32\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{6E740973-8E71-42F9-A910-C18452E60450}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{50822200-2E95-4E62-A8D8-41C3B308DF5E}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Professional Edition - ENU (HKLM-x32\...\Microsoft Visual Studio 2008 Professional Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - ENU (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Remote Debugger - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - ENU (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{29C93182-34F6-3275-A18D-59326851CD57}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{A992BBAA-723D-4574-A07F-983BF8FAA3E1}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSDN Library for Visual Studio 2008 - ENU (HKLM-x32\...\MSDN Library for Visual Studio 2008 - ENU) (Version: 9.0 - Microsoft)
MSDN Library for Visual Studio 2008 - ENU (x32 Version: 9.0.21022 - Microsoft) Hidden
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Python 3.3.3 (HKLM-x32\...\{39B6EB84-331C-3657-AD2E-837537DDF04F}) (Version: 3.3.3150 - Python Software Foundation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Software Updater (HKLM-x32\...\{D60071DB-459C-465C-92EF-336E65F1A436}) (Version: 4.0.1 - SEIKO EPSON CORPORATION)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221) (HKLM-x32\...\{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}.KB972221) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Visual Studio .NET Prerequisites - English (HKLM\...\{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}) (Version: 9.0.21022 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM-x32\...\{6C9F6D23-E9AD-43C9-B43A-011562AAF876}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM-x32\...\{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
 
==================== Restore Points  =========================
 
18-06-2014 02:14:49 Scheduled Checkpoint
06-07-2014 22:03:47 Scheduled Checkpoint
10-07-2014 01:01:28 Windows Update
12-07-2014 04:21:58 Installed SpyHunter
 
==================== Hosts content: ==========================
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B4B499D-AD6E-48D8-AEA3-81BE6BE8205F} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2013-12-18] (AVG)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0D81E83A-E259-4E92-B9BC-569860EA3451} - System32\Tasks\AVG-Secure-Search-Update_0214b_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2FF75F02-297E-4919-98B4-C39565F06A8F} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3F4C7B53-255C-44F7-9523-7307E5FD234C} - System32\Tasks\EPSON XP-410 Series Update {BAC40C81-FFF2-4529-8EBB-1D1EB2ED8AB5} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A035611-A6CD-4A22-A1B5-EE677F219B10} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {587003CF-CF4E-4D5A-9A63-F7810EACE9EF} - System32\Tasks\AVG-Secure-Search-Update_0214b_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: {5DAAED5D-A0DE-48D3-A3DF-B18BFA0C237C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {5EF761AD-86F9-438E-BDB2-230C38ACA643} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6D568C4B-805A-485E-A71D-B9BA88D86EDE} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\SymErr.exe
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7D70569D-2D3B-4D62-9610-FD3D46D58515} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {84624816-ABCC-48B8-A9AA-2E3CCEB7FE48} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\SymErr.exe
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {87DAF9D9-DA9E-4643-9B7A-29221A28EBAD} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-06-01] ()
Task: {8820F4B6-9988-4A22-80E8-9836D3743986} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-23] (Synaptics Incorporated)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8FC0C858-39CF-4A19-A42E-E5F5B53E3FC9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\WSCStub.exe
Task: {9D4FF4D3-EBA7-4DB8-A96F-8DBBE6831249} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {9E053483-F86A-47A1-ABCD-6D8EB6315B17} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-06-01] ()
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A3F6A134-A26C-4175-B8DD-9BDED6849229} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {A6A01BFF-AC89-4185-B4E6-844F1EB150FE} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {CDE6D500-4825-4A23-8670-84EF931FC5AB} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {CFCC30CA-534F-48AE-AF91-1C09FB370B88} - System32\Tasks\EPSON XP-410 Series Invitation {BAC40C81-FFF2-4529-8EBB-1D1EB2ED8AB5} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DC58D46C-E0B4-46EF-BEB1-8DBC1B9BC20B} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F296D31E-CD3D-4DE5-B297-A69FE5C99952} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor)
Task: {F47B3259-5EE9-4D75-961E-9259F60472A6} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2646107381-3739728561-2652387464-1001
Task: {F599A948-680D-4A85-B0F0-E96BB7C98FAB} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {FC6AA6CF-B6FF-4048-B99C-4C5BE3FAE9BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-09] (Google Inc.)
Task: {FDE3E78F-3B48-4725-AD1C-A38E18B8C9C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-09] (Google Inc.)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\EPSON XP-410 Series Invitation {BAC40C81-FFF2-4529-8EBB-1D1EB2ED8AB5}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\Windows\Tasks\EPSON XP-410 Series Update {BAC40C81-FFF2-4529-8EBB-1D1EB2ED8AB5}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-30 23:47 - 2013-08-30 23:47 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-09-10 16:54 - 2013-09-10 16:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2014-06-03 15:47 - 2014-06-03 15:47 - 00706864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareService.exe
2014-06-03 16:19 - 2014-06-03 16:19 - 00103800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_thread-vc100-mt-1_55.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00024440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_system-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00055680 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_date_time-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00123776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_filesystem-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00033656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_chrono-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 10070888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareServiceKernel.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00685904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SQLite.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 03393352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\RCF.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00788856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_regex-vc100-mt-1_55.dll
2014-06-03 16:17 - 2014-06-03 16:17 - 00604520 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareActivation.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00158032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\pugixml.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00360312 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareApplicationUpdater.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00149840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\libssh2.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00106824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\zlib.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00142696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareGamingMode.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00098648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareReset.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00120152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTime.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00290168 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdater.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00198024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00417128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIgnoreList.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00245608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareQuarantine.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00336752 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiMalwareEngine.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00212336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiRootkitEngine.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00509808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerHistory.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00610144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScanner.dll
2014-06-03 16:19 - 2014-06-03 16:19 - 00035192 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_timer-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00326000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareScannerScheduler.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00453496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareRealTimeProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00227688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareIncompatibles.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00218976 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiSpam.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00171368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareAntiPhishing.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00786800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareParentalControl.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 01936744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareWebProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00422256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareEmailProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00650608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareNetworkProtection.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00358744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwarePromo.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00298336 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareFeedback.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00371576 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareThreatWorkAlliance.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00154464 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\SecurityCenter.dll
2013-12-18 10:38 - 2013-12-18 10:38 - 00742200 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2014-02-06 13:28 - 2014-02-06 13:28 - 00070144 _____ () C:\ProgramData\gorillaprice\WatGorp.exe
2014-04-24 19:50 - 2014-06-01 14:36 - 02733080 _____ () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 07715160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTray.exe
2014-06-03 16:18 - 2014-06-03 16:18 - 00500088 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\boost_locale-vc100-mt-1_55.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00364896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\HtmlFramework.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00066904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\DllStorage.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00803696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\AdAwareTrayDefaultSkin.dll
2014-06-03 16:18 - 2014-06-03 16:18 - 00139608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.2.5952.0\Localization.dll
2013-08-30 23:47 - 2013-08-30 23:47 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2014-07-16 08:21 - 2014-02-06 14:40 - 00494080 _____ () C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
2014-07-16 08:22 - 2014-07-16 08:22 - 00098816 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\win32api.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00110080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\pywintypes27.dll
2014-07-16 08:22 - 2014-07-16 08:22 - 00364544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\pythoncom27.dll
2014-07-16 08:22 - 2014-07-16 08:22 - 00045568 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\_socket.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 01160704 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\_ssl.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00320512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\win32com.shell.shell.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00713216 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\_hashlib.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 01175040 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\wx._core_.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00805888 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\wx._gdi_.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00811008 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\wx._windows_.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 01062400 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\wx._controls_.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00735232 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\wx._misc_.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00128512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\_elementtree.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00127488 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\pyexpat.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00557056 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\pysqlite2._sqlite.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00007168 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\hashobjs_ext.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00087552 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\_ctypes.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00119808 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\win32file.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00108544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\win32security.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00018432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\win32event.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00038912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\win32inet.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00070656 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\wx._html2.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00167936 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\win32gui.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00011264 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\win32crypt.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00027136 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\_multiprocessing.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00122368 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\wx._wizard.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00010240 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\select.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00024064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\win32pipe.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00686080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\unicodedata.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00025600 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\win32pdh.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00525640 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\windows._lib_cacheinvalidation.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00035840 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\win32process.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\win32profile.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00022528 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\win32ts.pyd
2014-07-16 08:22 - 2014-07-16 08:22 - 00078336 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI52442\wx._animate.pyd
2013-12-18 10:35 - 2013-12-18 10:35 - 00611128 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUKernel.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00152888 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUBasic.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00819000 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\MainControls.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00066360 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUTransl.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00129336 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\SchedAgent_2007.bpl
2013-12-18 10:36 - 2013-12-18 10:36 - 00456504 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\PowerManager.bpl
2013-12-18 10:36 - 2013-12-18 10:36 - 00271160 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\AppInitialization.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00493368 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\Html.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00449848 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\GR32_D6.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00335672 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUCompression.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00307000 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\ntrtl60.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00307000 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\DEC.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00210744 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\XMLComponents.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00161080 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\PerlRegEx.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00425784 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\VisControls.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00069944 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\dxGDIPlusD12.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00044856 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\dxCoreD12.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00154424 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\cefcomponent.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00143672 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUIcoEngineerDirTree.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00076600 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUShell.bpl
2013-12-18 10:36 - 2013-12-18 10:36 - 00629560 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUDiskCleanerClass.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 01145144 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\dxBarD12.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00852280 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\cxLibraryD12.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00055608 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\dxThemeD12.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00213304 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\ProgramRating.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00067896 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\SysControls.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00469816 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\SysInfo.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00489272 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\Traces.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00082744 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUOperaClass.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00047928 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUApplications.bpl
2013-12-18 10:36 - 2013-12-18 10:36 - 00598328 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\VirtualTreesR.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00033080 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUBase.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00091960 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUApps.bpl
2013-12-18 10:36 - 2013-12-18 10:36 - 00102712 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUDefragClient.bpl
2013-12-18 10:36 - 2013-12-18 10:36 - 00953656 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TuningWizard.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00042808 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUSafariClass.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00656184 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\MSI_D6.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00106296 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\Internet.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00207672 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\dxBarExtItemsD12.bpl
2013-12-18 10:36 - 2013-12-18 10:36 - 00289080 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\RegCleaner.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00023864 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\IEControl.bpl
2013-12-18 10:36 - 2013-12-18 10:36 - 00139576 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\CommonForms.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00106808 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUShredder.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00065848 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TUIECacheClass.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00016184 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\dxComnD12.bpl
2013-12-18 10:35 - 2013-12-18 10:35 - 00042808 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\TURar.bpl
2014-06-11 16:04 - 2014-06-05 09:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-11 16:04 - 2014-06-05 09:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-11 16:04 - 2014-06-05 09:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-11 16:04 - 2014-06-05 09:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-11 16:04 - 2014-06-05 09:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-11 13:02 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Michael\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Michael\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKCU\...\StartupApproved\Run: => "AVG-Secure-Search-Update_1213b"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 

Edited by chessmaster102, 16 July 2014 - 10:20 PM.


BC AdBot (Login to Remove)

 


#2 chessmaster102

chessmaster102
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 17 July 2014 - 09:19 PM

It wont let me edit my post again, but I am going on vacation for the next 2 weeks and wont be able to use my laptop, so if you guys want, someone can just post here saying that they'll work on it when I get back and I can pm them once I return. Sorry if I made you read this huge long report before you read this, I did intend to make another edit at the top.



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 19 July 2014 - 04:17 AM


Hello chessmaster102

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 23 July 2014 - 07:21 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 chessmaster102

chessmaster102
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 25 July 2014 - 09:50 PM

Hello Gringo, thanks for the help. I managed to find a little bit of time during my vacation to check up on this, but I will not be able to work with you much over the next week. While I'm away, I'll post the reports you wanted.
 
# AdwCleaner v3.216 - Report created 25/07/2014 at 20:05:09
# Updated 17/07/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Michael - MICHAELS_LAPTOP
# Running from : C:\Users\Michael\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [7583 octets] - [16/07/2014 08:15:55]
AdwCleaner[R1].txt - [997 octets] - [16/07/2014 14:00:16]
AdwCleaner[R2].txt - [1068 octets] - [25/07/2014 19:57:03]
AdwCleaner[S0].txt - [7082 octets] - [16/07/2014 08:18:25]
AdwCleaner[S1].txt - [1061 octets] - [16/07/2014 14:55:11]
AdwCleaner[S2].txt - [993 octets] - [25/07/2014 20:05:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1052 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Michael on Fri 07/25/2014 at 20:20:09.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] gorillaprice 
Successfully deleted: [Service] gorillaprice 
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 07/25/2014 at 20:43:37.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 chessmaster102

chessmaster102
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 26 July 2014 - 11:40 PM

bump



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 28 July 2014 - 03:52 AM


Hello chessmaster102

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 chessmaster102

chessmaster102
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 28 July 2014 - 12:00 PM

"Combofix is not meant to run in 'Compatibility Mode'. The program shall now exit." This is what pops up when I start the download process.



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 29 July 2014 - 04:35 AM



I would like to know how the computer is doing at this time and I would like you to rerun FRST for me and send me a new report

If you cannot find it here is the link again.

Please download the Farbar Recovery Scan Tool from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ - Click on the BLUE download buttons only - ( The GREEN ones are ads)

save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it.
When the tool opens click Yes to disclaimer.

I would like for you to use these settings
Under whitelist I would like everything to be checked
Under optional scan
Only have Addition.txt select (the other three blank)
Press the Scan button.
It will make a two logs (FRST.txt) and (Addition.txt) in the same directory the tool is run from.

Please attach both reports to your reply to me
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 chessmaster102

chessmaster102
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 30 July 2014 - 05:31 PM

Currently my computer is running at a normal speed. Every so often click.cpvrdr.com will open up in a IE browser and try to direct me to some ad sites. Other than that I have a little problem while playing some games. It tends to lag a bit, this was happening prior to getting the virus, however right before starting the process here it became so intense that I stopped playing. This could be a coincidence however because my graphics card is not meant to run at such a level. But besides all of that my computer runs fine.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2014 01
Ran by Michael (administrator) on MICHAELS_LAPTOP on 30-07-2014 18:17:23
Running from C:\Users\Michael\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
() C:\ProgramData\gorillaprice\WatGorp.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
() C:\Program Files (x86)\gorillaprice\GorillaPrice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILAE.EXE
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Farbar) C:\Users\Michael\Desktop\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057920 2012-07-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKU\S-1-5-21-2646107381-3739728561-2652387464-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [24477056 2014-06-27] (Google)
HKU\S-1-5-21-2646107381-3739728561-2652387464-1001\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2733080 2014-06-01] ()
HKU\S-1-5-21-2646107381-3739728561-2652387464-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKLM - DefaultScope {6D30C8B4-59F9-49D0-8489-4F67A75CA1C8} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {6D30C8B4-59F9-49D0-8489-4F67A75CA1C8} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {6D30C8B4-59F9-49D0-8489-4F67A75CA1C8} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=TNJB
SearchScopes: HKCU - DefaultScope {6D30C8B4-59F9-49D0-8489-4F67A75CA1C8} URL = 
SearchScopes: HKCU - {6D30C8B4-59F9-49D0-8489-4F67A75CA1C8} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}] - C:\Program Files (x86)\RelevantKnowledge\firefox
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-16]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-16]
CHR Extension: (Google Search) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-16]
CHR Extension: (Google Wallet) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-14]
CHR Extension: (Gmail) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-16]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michael\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-08-30] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-27] (WildTangent)
R2 GorillaPrice; C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe [494080 2014-02-06] () [File not signed]
R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29181272 2008-12-18] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2102072 2013-12-18] (AVG)
R2 WatGorp; C:\ProgramData\gorillaprice\WatGorp.exe [70144 2014-02-06] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [138240 2013-06-22] (Advanced Micro Devices)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-06] (AVG Technologies)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [274712 2014-05-14] (AVG Technologies CZ, s.r.o.)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [30448 2013-08-23] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-30 18:17 - 2014-07-30 18:18 - 00015749 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-07-30 17:40 - 2014-07-30 17:40 - 02094080 _____ (Farbar) C:\Users\Michael\Desktop\FRST64 (1).exe
2014-07-28 12:57 - 2014-07-28 12:57 - 05563277 _____ (Swearware) C:\Users\Michael\Downloads\ComboFix (2).exe
2014-07-28 12:55 - 2014-07-28 12:55 - 05563277 _____ (Swearware) C:\Users\Michael\Downloads\ComboFix (1).exe
2014-07-28 12:54 - 2014-07-28 12:54 - 05563277 _____ (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2014-07-28 12:51 - 2014-07-28 12:51 - 00001266 _____ () C:\Users\Michael\Desktop\Gringos Directions.txt
2014-07-27 15:35 - 2014-07-27 15:36 - 00001121 _____ () C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
2014-07-27 15:34 - 2014-07-29 10:14 - 00000000 ____D () C:\Program Files (x86)\Warcraft III
2014-07-27 15:34 - 2014-07-27 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2014-07-27 15:09 - 2014-07-27 15:32 - 00000000 ____D () C:\Users\Michael\Warcraft III 1.21b ROC Installer enUS
2014-07-27 15:09 - 2014-07-27 15:09 - 02693588 _____ (Blizzard Entertainment) C:\Users\Michael\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enUS.exe
2014-07-27 14:29 - 2014-07-27 14:44 - 00000000 ____D () C:\Users\Michael\Warcraft III 1.21b TFT Installer enUS
2014-07-27 14:28 - 2014-07-27 14:28 - 02687055 _____ (Blizzard Entertainment) C:\Users\Michael\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enUS.exe
2014-07-26 13:07 - 2014-07-26 13:07 - 00000150 _____ () C:\Users\Michael\Downloads\IB@x91 (1)
2014-07-25 20:43 - 2014-07-25 20:43 - 00000786 _____ () C:\Users\Michael\Desktop\JRT.txt
2014-07-25 20:19 - 2014-07-25 20:19 - 01016261 _____ (Thisisu) C:\Users\Michael\Downloads\JRT (2).exe
2014-07-25 19:56 - 2014-07-25 19:56 - 01354223 _____ () C:\Users\Michael\Downloads\AdwCleaner.exe
2014-07-16 14:39 - 2014-07-16 14:39 - 00000148 _____ () C:\Users\Michael\Downloads\618710283@x96
2014-07-16 14:22 - 2014-07-16 14:22 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds (4).com
2014-07-16 14:19 - 2014-07-16 14:19 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds (3).com
2014-07-16 14:15 - 2014-07-16 14:15 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds (2).com
2014-07-16 14:10 - 2014-07-16 14:10 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds.com
2014-07-16 14:10 - 2014-07-16 14:10 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds (1).com
2014-07-16 09:05 - 2014-07-16 09:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 09:04 - 2014-07-16 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-16 09:04 - 2014-07-16 12:31 - 00000000 ____D () C:\Users\Michael\Desktop\mbar
2014-07-16 09:04 - 2014-07-16 09:04 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 09:04 - 2014-07-16 09:04 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-16 09:03 - 2014-07-16 09:03 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Michael\Downloads\mbar-1.07.0.1012.exe
2014-07-16 09:00 - 2014-07-16 09:02 - 00051822 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-07-16 08:57 - 2014-07-30 18:17 - 00000000 ____D () C:\FRST
2014-07-16 08:57 - 2014-07-16 09:02 - 00041737 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-07-16 08:57 - 2014-07-16 08:57 - 02086912 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-07-16 08:56 - 2014-07-16 08:56 - 01077248 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2014-07-16 08:56 - 2014-07-16 08:56 - 01077248 _____ (Farbar) C:\Users\Michael\Downloads\FRST (1).exe
2014-07-16 08:35 - 2014-07-26 15:01 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-16 08:26 - 2014-07-16 08:26 - 01016261 _____ (Thisisu) C:\Users\Michael\Downloads\JRT (1).exe
2014-07-16 08:25 - 2014-07-16 08:25 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 08:24 - 2014-07-16 08:24 - 01016261 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-07-16 08:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-16 08:13 - 2014-07-25 20:05 - 00000000 ____D () C:\AdwCleaner
2014-07-13 17:43 - 2014-07-13 17:43 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\AlawarEntertainment
2014-07-12 02:57 - 2014-07-16 14:16 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Lavasoft
2014-07-12 02:26 - 2014-07-12 02:26 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\LavasoftStatistics
2014-07-12 02:25 - 2014-07-12 02:25 - 00000000 ____D () C:\Program Files\Lavasoft
2014-07-12 02:24 - 2014-07-12 02:24 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-12 02:23 - 2014-07-12 02:23 - 01728896 _____ () C:\Users\Michael\Downloads\AdAwareWebInstaller_win32_11.1.5354.0.exe
2014-07-12 00:23 - 2014-07-12 00:23 - 00000000 _____ () C:\autoexec.bat
2014-07-12 00:22 - 2014-07-12 00:22 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-12 00:21 - 2014-07-12 02:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-12 00:20 - 2014-07-12 00:20 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michael\Downloads\SpyHunter-Installer.exe
2014-07-10 16:14 - 2014-07-10 16:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 21:04 - 2014-04-13 23:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-09 07:10 - 2014-06-16 18:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 07:10 - 2014-06-16 18:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 07:10 - 2014-06-06 10:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 07:10 - 2014-05-29 23:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 07:10 - 2014-05-29 08:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-09 07:10 - 2014-05-29 03:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-09 07:10 - 2014-05-29 02:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-09 07:10 - 2014-05-29 02:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-09 07:10 - 2014-05-29 01:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-09 07:10 - 2014-05-29 01:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 07:09 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 07:09 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 07:09 - 2014-06-18 19:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 07:09 - 2014-06-18 18:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 07:08 - 2014-06-30 18:45 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 07:08 - 2014-06-28 03:48 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 07:08 - 2014-06-28 03:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-09 07:08 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 07:08 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 07:08 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 07:08 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 07:08 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 07:08 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 07:08 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 07:08 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 07:08 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 07:08 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 07:08 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 07:08 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 07:08 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 07:08 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 07:08 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 07:08 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 07:08 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 07:08 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 07:08 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 07:08 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 07:08 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 07:08 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 07:08 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 07:08 - 2014-06-06 09:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 07:08 - 2014-06-06 08:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 07:08 - 2014-05-31 06:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-09 07:08 - 2014-05-31 06:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-09 07:08 - 2014-05-30 23:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-09 07:08 - 2014-05-30 23:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-09 07:08 - 2014-05-30 23:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 07:08 - 2014-05-30 23:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-09 07:08 - 2014-05-30 23:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-09 07:08 - 2014-05-30 23:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 07:08 - 2014-05-30 22:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-09 07:08 - 2014-05-30 22:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-09 07:08 - 2014-05-30 22:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-09 07:08 - 2014-05-30 22:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-09 07:08 - 2014-05-30 22:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-09 07:08 - 2014-05-30 22:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-09 07:08 - 2014-05-30 22:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-08 21:01 - 2014-07-08 21:01 - 00000148 _____ () C:\Users\Michael\Downloads\How_can_I_make_YouTube_videos_repeat
2014-07-08 18:08 - 2014-07-08 18:08 - 00000151 _____ () C:\Users\Michael\Downloads\pr
2014-07-08 17:50 - 2014-07-08 17:50 - 00000148 _____ () C:\Users\Michael\Downloads\impsc (1).php
2014-07-06 02:43 - 2014-07-06 02:43 - 10287035 _____ () C:\Users\Michael\Downloads\SFML-2.1-windows-vc9-32bits.zip
2014-07-02 21:42 - 2014-07-02 21:42 - 00000155 _____ () C:\Users\Michael\Downloads\receiver (1).html
2014-07-02 21:37 - 2014-07-02 21:37 - 00000148 _____ () C:\Users\Michael\Downloads\tmi_crossdomain_receiver (1).html
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-30 18:18 - 2014-07-30 18:17 - 00015749 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-07-30 18:17 - 2014-07-16 08:57 - 00000000 ____D () C:\FRST
2014-07-30 18:16 - 2014-03-11 12:05 - 00000000 ___RD () C:\Users\Michael\Google Drive
2014-07-30 18:16 - 2013-11-09 11:21 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-30 18:15 - 2014-04-24 19:50 - 00000406 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-07-30 18:15 - 2014-04-24 19:50 - 00000406 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-07-30 18:15 - 2014-02-06 21:30 - 00000414 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
2014-07-30 18:15 - 2014-02-06 21:30 - 00000412 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job
2014-07-30 18:15 - 2013-12-14 19:50 - 00000000 __RDO () C:\Users\Michael\SkyDrive
2014-07-30 18:15 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-30 17:53 - 2013-11-09 10:50 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-07-30 17:49 - 2013-12-14 19:54 - 00003962 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E32470CF-8DD5-4C27-9BC8-B30C172539D6}
2014-07-30 17:40 - 2014-07-30 17:40 - 02094080 _____ (Farbar) C:\Users\Michael\Desktop\FRST64 (1).exe
2014-07-30 17:39 - 2013-12-24 21:18 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-30 17:37 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-30 17:36 - 2013-11-09 10:50 - 01931009 _____ () C:\Windows\WindowsUpdate.log
2014-07-30 10:32 - 2013-12-14 19:53 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2646107381-3739728561-2652387464-1001
2014-07-29 12:06 - 2013-11-09 11:21 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-29 12:04 - 2014-05-06 21:04 - 00000951 _____ () C:\Windows\Tasks\EPSON XP-410 Series Update {BAC40C81-FFF2-4529-8EBB-1D1EB2ED8AB5}.job
2014-07-29 12:04 - 2014-05-06 21:04 - 00000765 _____ () C:\Windows\Tasks\EPSON XP-410 Series Invitation {BAC40C81-FFF2-4529-8EBB-1D1EB2ED8AB5}.job
2014-07-29 10:14 - 2014-07-27 15:34 - 00000000 ____D () C:\Program Files (x86)\Warcraft III
2014-07-28 12:57 - 2014-07-28 12:57 - 05563277 _____ (Swearware) C:\Users\Michael\Downloads\ComboFix (2).exe
2014-07-28 12:55 - 2014-07-28 12:55 - 05563277 _____ (Swearware) C:\Users\Michael\Downloads\ComboFix (1).exe
2014-07-28 12:54 - 2014-07-28 12:54 - 05563277 _____ (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2014-07-28 12:51 - 2014-07-28 12:51 - 00001266 _____ () C:\Users\Michael\Desktop\Gringos Directions.txt
2014-07-28 03:21 - 2013-12-25 14:02 - 00000000 ____D () C:\Users\Michael\AppData\Local\Battle.net
2014-07-27 16:37 - 2013-12-14 19:47 - 00000000 ____D () C:\Users\Michael\AppData\Local\VirtualStore
2014-07-27 15:36 - 2014-07-27 15:35 - 00001121 _____ () C:\Users\Public\Desktop\Warcraft III - The Frozen Throne.lnk
2014-07-27 15:36 - 2014-07-27 15:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
2014-07-27 15:32 - 2014-07-27 15:09 - 00000000 ____D () C:\Users\Michael\Warcraft III 1.21b ROC Installer enUS
2014-07-27 15:09 - 2014-07-27 15:09 - 02693588 _____ (Blizzard Entertainment) C:\Users\Michael\Downloads\Downloader_Warcraft3_Reign_of_Chaos_enUS.exe
2014-07-27 15:09 - 2013-12-14 19:45 - 00000000 ____D () C:\Users\Michael
2014-07-27 14:44 - 2014-07-27 14:29 - 00000000 ____D () C:\Users\Michael\Warcraft III 1.21b TFT Installer enUS
2014-07-27 14:28 - 2014-07-27 14:28 - 02687055 _____ (Blizzard Entertainment) C:\Users\Michael\Downloads\Downloader_Warcraft3_The_Frozen_Throne_enUS.exe
2014-07-27 12:01 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-26 21:37 - 2014-03-07 16:03 - 00000360 _____ () C:\Users\Michael\Desktop\Copy Paste This.txt
2014-07-26 15:01 - 2014-07-16 08:35 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-26 13:07 - 2014-07-26 13:07 - 00000150 _____ () C:\Users\Michael\Downloads\IB@x91 (1)
2014-07-26 02:40 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-26 02:39 - 2013-08-22 09:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-07-25 20:43 - 2014-07-25 20:43 - 00000786 _____ () C:\Users\Michael\Desktop\JRT.txt
2014-07-25 20:19 - 2014-07-25 20:19 - 01016261 _____ (Thisisu) C:\Users\Michael\Downloads\JRT (2).exe
2014-07-25 20:06 - 2013-09-12 23:14 - 00117836 _____ () C:\Windows\PFRO.log
2014-07-25 20:05 - 2014-07-16 08:13 - 00000000 ____D () C:\AdwCleaner
2014-07-25 20:01 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-25 19:56 - 2014-07-25 19:56 - 01354223 _____ () C:\Users\Michael\Downloads\AdwCleaner.exe
2014-07-25 18:48 - 2013-12-25 14:04 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-25 18:45 - 2013-12-25 14:02 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-24 22:08 - 2014-02-15 22:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\.minecraft
2014-07-23 18:51 - 2013-08-22 10:46 - 00023390 _____ () C:\Windows\setupact.log
2014-07-19 21:41 - 2013-12-14 19:47 - 00000000 ____D () C:\Users\Michael\AppData\Local\Packages
2014-07-16 14:58 - 2014-07-16 09:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-16 14:39 - 2014-07-16 14:39 - 00000148 _____ () C:\Users\Michael\Downloads\618710283@x96
2014-07-16 14:22 - 2014-07-16 14:22 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds (4).com
2014-07-16 14:19 - 2014-07-16 14:19 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds (3).com
2014-07-16 14:16 - 2014-07-12 02:57 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Lavasoft
2014-07-16 14:15 - 2014-07-16 14:15 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds (2).com
2014-07-16 14:10 - 2014-07-16 14:10 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds.com
2014-07-16 14:10 - 2014-07-16 14:10 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds (1).com
2014-07-16 12:31 - 2014-07-16 09:04 - 00000000 ____D () C:\Users\Michael\Desktop\mbar
2014-07-16 09:05 - 2014-07-16 09:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-16 09:04 - 2014-07-16 09:04 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 09:04 - 2014-07-16 09:04 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-16 09:03 - 2014-07-16 09:03 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Michael\Downloads\mbar-1.07.0.1012.exe
2014-07-16 09:02 - 2014-07-16 09:00 - 00051822 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-07-16 09:02 - 2014-07-16 08:57 - 00041737 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-07-16 08:57 - 2014-07-16 08:57 - 02086912 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-07-16 08:56 - 2014-07-16 08:56 - 01077248 _____ (Farbar) C:\Users\Michael\Downloads\FRST.exe
2014-07-16 08:56 - 2014-07-16 08:56 - 01077248 _____ (Farbar) C:\Users\Michael\Downloads\FRST (1).exe
2014-07-16 08:26 - 2014-07-16 08:26 - 01016261 _____ (Thisisu) C:\Users\Michael\Downloads\JRT (1).exe
2014-07-16 08:25 - 2014-07-16 08:25 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 08:24 - 2014-07-16 08:24 - 01016261 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-07-16 08:21 - 2014-02-15 00:00 - 00000000 ____D () C:\Program Files (x86)\gorillaprice
2014-07-13 18:45 - 2014-03-06 20:37 - 00000000 ____D () C:\Users\Michael\Documents\Visual Studio 2008
2014-07-13 17:43 - 2014-07-13 17:43 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\AlawarEntertainment
2014-07-13 11:32 - 2013-12-24 21:35 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2014-07-12 02:26 - 2014-07-12 02:26 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\LavasoftStatistics
2014-07-12 02:25 - 2014-07-12 02:25 - 00000000 ____D () C:\Program Files\Lavasoft
2014-07-12 02:24 - 2014-07-12 02:24 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-07-12 02:23 - 2014-07-12 02:23 - 01728896 _____ () C:\Users\Michael\Downloads\AdAwareWebInstaller_win32_11.1.5354.0.exe
2014-07-12 02:21 - 2014-07-12 00:21 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-07-12 00:23 - 2014-07-12 00:23 - 00000000 _____ () C:\autoexec.bat
2014-07-12 00:22 - 2014-07-12 00:22 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-12 00:20 - 2014-07-12 00:20 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Michael\Downloads\SpyHunter-Installer.exe
2014-07-11 07:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-07-10 17:43 - 2013-08-22 10:44 - 00379544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 16:14 - 2014-07-10 16:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 16:14 - 2013-08-22 15:12 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 16:14 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-10 16:14 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:14 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:14 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-09 21:10 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-09 21:08 - 2013-12-28 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 21:06 - 2013-12-28 02:01 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-08 21:01 - 2014-07-08 21:01 - 00000148 _____ () C:\Users\Michael\Downloads\How_can_I_make_YouTube_videos_repeat
2014-07-08 19:09 - 2013-11-09 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-07-08 18:08 - 2014-07-08 18:08 - 00000151 _____ () C:\Users\Michael\Downloads\pr
2014-07-08 17:50 - 2014-07-08 17:50 - 00000148 _____ () C:\Users\Michael\Downloads\impsc (1).php
2014-07-06 02:47 - 2013-12-25 21:27 - 00049152 ___SH () C:\Users\Michael\Downloads\Thumbs.db
2014-07-06 02:43 - 2014-07-06 02:43 - 10287035 _____ () C:\Users\Michael\Downloads\SFML-2.1-windows-vc9-32bits.zip
2014-07-03 12:26 - 2014-03-31 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-02 21:42 - 2014-07-02 21:42 - 00000155 _____ () C:\Users\Michael\Downloads\receiver (1).html
2014-07-02 21:37 - 2014-07-02 21:37 - 00000148 _____ () C:\Users\Michael\Downloads\tmi_crossdomain_receiver (1).html
2014-06-30 18:45 - 2014-07-09 07:08 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-25 20:44
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2014 01
Ran by Michael at 2014-07-30 18:20:55
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.03)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{B280788C-B671-E08D-4219-CE907B7BFF75}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
AMD Start Now (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.295 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.295 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.295 - AVG) Hidden
Bandicam (HKLM-x32\...\Bandicam) (Version: 1.9.2.455 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0830.1943.33589 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0830.1944.33589 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Crystal Reports Basic for Visual Studio 2008 (HKLM-x32\...\{AA467959-A1D6-4F45-90CD-11DC57733F32}) (Version: 10.5.0.0 - Business Objects)
Crystal Reports Basic Runtime for Visual Studio 2008 (x64) (HKLM\...\{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}) (Version: 10.5.0.0 - Business Objects)
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{10144CFE-D76C-4CFA-81A1-37A1642349A3}) (Version: 3.01.0013 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-410 User's Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-410 User's Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089) (HKLM-x32\...\KB960089_SQL9) (Version: 9.2.3077 - Microsoft Corporation)
GDR 3077 for SQL Server Tools and Workstation Components 2005 ENU (KB960089) (HKLM-x32\...\KB960089_SQLTools9) (Version: 9.2.3077 - Microsoft Corporation)
Goblin Defenders: Steel 'n' Wood (x32 Version: 3.0.2.51 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
gorillaprice (HKLM-x32\...\gorillaprice) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
Microsoft .NET Compact Framework 2.0 SP2 (HKLM-x32\...\{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft Device Emulator (64 bit) version 3.0 - ENU (HKLM\...\{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Document Explorer 2008 (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Visual Web Developer 2007 (x32 Version: 12.0.4518.1066 - Microsoft Corporation) Hidden
Microsoft Office Visual Web Developer MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM-x32\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 for Devices ENU (HKLM-x32\...\{241F2BF7-69EB-42A4-9156-96B2426C7504}) (Version: 3.5.5386.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{6E740973-8E71-42F9-A910-C18452E60450}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{50822200-2E95-4E62-A8D8-41C3B308DF5E}) (Version: 9.00.3042.00 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Professional Edition - ENU (HKLM-x32\...\Microsoft Visual Studio 2008 Professional Edition - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Professional Edition - ENU (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2008 Remote Debugger - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger - ENU (Version: 9.0.21022 - Microsoft Corporation) Hidden
Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{29C93182-34F6-3275-A18D-59326851CD57}) (Version: 3.5.21022 - Microsoft)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{A992BBAA-723D-4574-A07F-983BF8FAA3E1}) (Version: 6.1.5288.17011 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSDN Library for Visual Studio 2008 - ENU (HKLM-x32\...\MSDN Library for Visual Studio 2008 - ENU) (Version: 9.0 - Microsoft)
MSDN Library for Visual Studio 2008 - ENU (x32 Version: 9.0.21022 - Microsoft) Hidden
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Python 3.3.3 (HKLM-x32\...\{39B6EB84-331C-3657-AD2E-837537DDF04F}) (Version: 3.3.3150 - Python Software Foundation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Software Updater (HKLM-x32\...\{D60071DB-459C-465C-92EF-336E65F1A436}) (Version: 4.0.1 - SEIKO EPSON CORPORATION)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221) (HKLM-x32\...\{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}.KB972221) (Version: 1 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden
Visual Studio .NET Prerequisites - English (HKLM\...\{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}) (Version: 9.0.21022 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - Blizzard Entertainment)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Mobile 5.0 SDK R2 for Pocket PC (HKLM-x32\...\{6C9F6D23-E9AD-43C9-B43A-011562AAF876}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
Windows Mobile 5.0 SDK R2 for Smartphone (HKLM-x32\...\{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}) (Version: 5.00.1700.5.14343.06 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B4B499D-AD6E-48D8-AEA3-81BE6BE8205F} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2013-12-18] (AVG)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0D81E83A-E259-4E92-B9BC-569860EA3451} - System32\Tasks\AVG-Secure-Search-Update_0214b_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: {11340AE3-2057-4CA6-9AED-79702479F270} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2FF75F02-297E-4919-98B4-C39565F06A8F} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3F4C7B53-255C-44F7-9523-7307E5FD234C} - System32\Tasks\EPSON XP-410 Series Update {BAC40C81-FFF2-4529-8EBB-1D1EB2ED8AB5} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A035611-A6CD-4A22-A1B5-EE677F219B10} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {587003CF-CF4E-4D5A-9A63-F7810EACE9EF} - System32\Tasks\AVG-Secure-Search-Update_0214b_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: {5DAAED5D-A0DE-48D3-A3DF-B18BFA0C237C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {5EF761AD-86F9-438E-BDB2-230C38ACA643} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6D568C4B-805A-485E-A71D-B9BA88D86EDE} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\SymErr.exe
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7D70569D-2D3B-4D62-9610-FD3D46D58515} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {84624816-ABCC-48B8-A9AA-2E3CCEB7FE48} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\SymErr.exe
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {87DAF9D9-DA9E-4643-9B7A-29221A28EBAD} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-06-01] ()
Task: {8820F4B6-9988-4A22-80E8-9836D3743986} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-23] (Synaptics Incorporated)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8FC0C858-39CF-4A19-A42E-E5F5B53E3FC9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.0.0.100\WSCStub.exe
Task: {9D4FF4D3-EBA7-4DB8-A96F-8DBBE6831249} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {9E053483-F86A-47A1-ABCD-6D8EB6315B17} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-06-01] ()
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A6A01BFF-AC89-4185-B4E6-844F1EB150FE} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {CDE6D500-4825-4A23-8670-84EF931FC5AB} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {CFCC30CA-534F-48AE-AF91-1C09FB370B88} - System32\Tasks\EPSON XP-410 Series Invitation {BAC40C81-FFF2-4529-8EBB-1D1EB2ED8AB5} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DC58D46C-E0B4-46EF-BEB1-8DBC1B9BC20B} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F296D31E-CD3D-4DE5-B297-A69FE5C99952} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor)
Task: {F47B3259-5EE9-4D75-961E-9259F60472A6} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2646107381-3739728561-2652387464-1001
Task: {F599A948-680D-4A85-B0F0-E96BB7C98FAB} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {FC6AA6CF-B6FF-4048-B99C-4C5BE3FAE9BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-09] (Google Inc.)
Task: {FDE3E78F-3B48-4725-AD1C-A38E18B8C9C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-09] (Google Inc.)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\EPSON XP-410 Series Invitation {BAC40C81-FFF2-4529-8EBB-1D1EB2ED8AB5}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\Windows\Tasks\EPSON XP-410 Series Update {BAC40C81-FFF2-4529-8EBB-1D1EB2ED8AB5}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLAE.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-08-30 23:47 - 2013-08-30 23:47 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-09-10 16:54 - 2013-09-10 16:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2013-12-18 10:38 - 2013-12-18 10:38 - 00742200 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2014-02-06 13:28 - 2014-02-06 13:28 - 00070144 _____ () C:\ProgramData\gorillaprice\WatGorp.exe
2014-04-24 19:50 - 2014-06-01 14:36 - 02733080 _____ () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
2014-07-16 08:21 - 2014-02-06 14:40 - 00494080 _____ () C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-07-30 18:15 - 2014-07-30 18:15 - 00098816 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\win32api.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00110080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\pywintypes27.dll
2014-07-30 18:15 - 2014-07-30 18:15 - 00364544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\pythoncom27.dll
2014-07-30 18:15 - 2014-07-30 18:15 - 00045568 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\_socket.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 01160704 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\_ssl.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00320512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\win32com.shell.shell.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00713216 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\_hashlib.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 01175040 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\wx._core_.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00805888 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\wx._gdi_.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00811008 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\wx._windows_.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 01062400 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\wx._controls_.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00735232 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\wx._misc_.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00128512 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\_elementtree.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00127488 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\pyexpat.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00557056 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\pysqlite2._sqlite.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00007168 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\hashobjs_ext.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00087552 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\_ctypes.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00119808 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\win32file.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00108544 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\win32security.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00018432 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\win32event.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00038912 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\win32inet.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00070656 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\wx._html2.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00167936 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\win32gui.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00011264 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\win32crypt.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00027136 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\_multiprocessing.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00122368 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\wx._wizard.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00010240 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\select.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00024064 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\win32pipe.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00686080 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\unicodedata.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00025600 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\win32pdh.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00525640 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\windows._lib_cacheinvalidation.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00035840 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\win32process.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00017408 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\win32profile.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00022528 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\win32ts.pyd
2014-07-30 18:15 - 2014-07-30 18:15 - 00078336 _____ () C:\Users\Michael\AppData\Local\Temp\_MEI55682\wx._animate.pyd
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Michael\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKCU\...\StartupApproved\Run: => "AVG-Secure-Search-Update_1213b"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/30/2014 06:16:42 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (07/30/2014 10:28:06 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (07/29/2014 11:41:19 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (07/29/2014 08:50:02 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (07/28/2014 00:50:18 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (07/27/2014 08:11:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
 
Error: (07/27/2014 03:03:23 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (07/26/2014 08:15:31 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSSQL$SQLEXPRESS8
 
Error: (07/26/2014 02:33:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
 
Error: (07/26/2014 01:13:59 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
 
System errors:
=============
Error: (07/28/2014 01:01:02 PM) (Source: DCOM) (EventID: 10010) (User: MICHAELS_LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/28/2014 01:01:02 PM) (Source: DCOM) (EventID: 10010) (User: MICHAELS_LAPTOP)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa
 
Error: (07/28/2014 01:01:02 PM) (Source: DCOM) (EventID: 10010) (User: MICHAELS_LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}
 
Error: (07/27/2014 03:35:58 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 20%
Total physical RAM: 7630.26 MB
Available physical RAM: 6069.46 MB
Total Pagefile: 8846.26 MB
Available Pagefile: 7099.15 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (TI10673700F) (Fixed) (Total:456.46 GB) (Free:379.49 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 31 July 2014 - 05:37 AM

Hello chessmaster102



I need you to download this script I have made for you --> Attached File  fixlist.txt   372bytes   5 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 chessmaster102

chessmaster102
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 31 July 2014 - 08:25 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2014 01
Ran by Michael at 2014-07-31 21:22:51 Run:1
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
() C:\ProgramData\gorillaprice\WatGorp.exe
() C:\Program Files (x86)\gorillaprice\GorillaPrice.exe
R2 GorillaPrice; C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe [494080 2014-02-06] () [File not signed]
R2 WatGorp; C:\ProgramData\gorillaprice\WatGorp.exe [70144 2014-02-06] () [File not signed]
C:\ProgramData\gorillaprice
C:\Program Files (x86)\gorillaprice
 
*****************
 
[3032] C:\ProgramData\gorillaprice\WatGorp.exe => Process closed successfully.
[6088] C:\Program Files (x86)\gorillaprice\GorillaPrice.exe => Process closed successfully.
GorillaPrice => Service stopped successfully.
GorillaPrice => Service deleted successfully.
WatGorp => Service deleted successfully.
C:\ProgramData\gorillaprice => Moved successfully.
C:\Program Files (x86)\gorillaprice => Moved successfully.
 
==== End of Fixlog ====


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 01 August 2014 - 05:25 PM

How are things working at this time?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 chessmaster102

chessmaster102
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:01:12 PM

Posted 02 August 2014 - 10:33 PM

The random openings of internet explorer stopped, but I can still find gorillaprice and watgorp in the Uninstall a Program list. Am I going to have to live with that or can we remove that as well?



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:12 PM

Posted 03 August 2014 - 04:02 AM

Hello chessmaster102

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users