Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer infested, repair shop couldn't do anything, possibly maki

Started by AlfredoGarcia , Jan 28 2013 11:28 AM

  • This topic is locked This topic is locked

#1
AlfredoGarcia
Posted 28 January 2013 - 11:28 AM

AlfredoGarcia

    Member

  • Member
  • PipPip
  • 14 posts
We got this computer computer back in 2009 or so (Dell Inspiron 530), over time it has begun to slow down in speed and produce other oddities. Eventually the cd drive started acting up. It would read certain cds but not others, if I were making a music cd it'd burn up until 98% then shoot out an error. Also even though i'm logged in as an Administrator, my computer will sometimes not treat me like one. It'll notify me that I don't have access to certain actions. Eventually we decided to send it in(only after my brother broke a pair of headphones and got the pin stuck in the jack) The repair guy said cleaning up the computer would be a waste of time and that it's too far gone and would be cheaper just to buy a new one. After running a couple of removal programs(Spyboy, Adaware,Malbytes,AVG) computer has gotten a little faster but the drive still acts up. Is my desktop really to far gone Geektogo Staff? My OTL log is below:

OTL logfile created on: 28/01/2013 12:05:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 47.93% Memory free
6.21 Gb Paging File | 4.78 Gb Available in Paging File | 77.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 96.29 Gb Free Space | 33.43% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.32 Gb Free Space | 43.15% Space Free | Partition Type: NTFS

Computer Name: TOBYOREO-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/28 12:02:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013/01/28 01:44:47 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/10/12 03:05:31 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/09/20 13:52:35 | 000,107,520 | ---- | M] () -- C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2011/10/13 23:23:57 | 000,149,904 | ---- | M] (Microsoft ® Corporation) -- C:\Users\user\Forefront UAG Remote Access Agent\mydocsocdsbca\portal1\uagqecsvc.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/08 21:52:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/09/16 20:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/07/01 10:30:35 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/11/12 12:56:18 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/03 08:36:40 | 000,410,248 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
PRC - [2007/07/03 08:36:34 | 000,455,304 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
PRC - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) -- C:\Windows\System32\dldfcoms.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/28 01:44:45 | 014,586,888 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/10/12 03:05:30 | 002,294,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/08 21:55:56 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/03/08 21:55:54 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/03/08 21:52:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2009/09/05 00:54:38 | 000,180,224 | ---- | M] () -- C:\Program Files\QuickTime\QTSystem\QTCF.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/09/04 22:14:56 | 000,120,096 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MOD - [2009/09/04 22:14:44 | 000,039,712 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2009/07/10 12:27:20 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/01 10:31:22 | 000,008,704 | ---- | M] () -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2007/07/03 08:36:40 | 000,410,248 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
MOD - [2007/07/03 08:36:34 | 000,455,304 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
MOD - [2007/05/08 13:44:28 | 000,278,528 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfscw.dll
MOD - [2007/05/03 10:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfdatr.dll
MOD - [2007/04/16 08:47:47 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfcfg.dll
MOD - [2007/04/09 08:16:00 | 000,147,456 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\DLDFptp.dll
MOD - [2006/12/28 10:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfcats.dll
MOD - [2006/10/26 16:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2013/01/28 01:44:47 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/28 01:44:24 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/12 03:05:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/20 13:52:35 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2011/10/13 23:23:57 | 000,149,904 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- C:\Users\user\Forefront UAG Remote Access Agent\mydocsocdsbca\portal1\uagqecsvc.exe -- (uagqecsvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/10/09 18:56:30 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2007/06/26 06:56:08 | 000,098,952 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe -- (dldfCATSCustConnectService)
SRV - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldfcoms.exe -- (dldf_device)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - File not found [File_System | Disabled | Running] -- system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ab0xpvcj)
DRV - File not found [Kernel | System | Running] -- C:\Users\user\Desktop\A-SQUARED\run\a2ddax86.sys -- (A2DDA)
DRV - [2013/01/27 17:19:44 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2011/12/19 21:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/03/08 21:52:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/02/03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/11 11:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 11:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 11:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 11:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/07/08 12:29:58 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/02/29 10:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/13 12:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.chatzum.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.chatzu...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca...=ca&ibd=0071211
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 04 00 59 01 1E 00 00 00 5D 3A B8 68 01 00 00 80 06 00 59 01 00 00 00 00 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alothome.com/en-ca
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
IE - HKCU\..\SearchScopes\{56D83BBD-1A9E-4512-BCDB-EA62E500E22F}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.chatzu...q={searchTerms}
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = Playbryte-fa-bndl/search/redirect/?type=default&user_id=73f85207-2391-4a73-9af0-726c455e050f&query={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.chatzu...q={SearchTerms}
IE - HKCU\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.2.2000.2(B)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.20.00
FF - prefs.js..extensions.enabledAddons: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledAddons: [email protected]:1.4.2
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledAddons: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.6.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.9.0.3
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.338: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.338: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.338: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/09/24 12:04:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/27 17:19:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/24 15:25:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/27 17:19:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/24 15:25:42 | 000,000,000 | ---D | M]

[2009/12/01 18:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2009/12/01 18:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/01/28 02:30:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions
[2010/07/22 15:37:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/01/27 17:06:00 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2012/10/11 20:16:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/01/27 17:21:18 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012/09/20 13:54:44 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/03/31 21:31:15 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\[email protected]
[2013/01/27 17:19:27 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/09/16 23:15:56 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\[email protected]
[2012/09/20 13:54:43 | 000,022,391 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\extensions\[email protected]
[2012/09/19 10:37:27 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2013/01/28 11:43:27 | 000,001,982 | ---- | M] () -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\searchplugins\search-here.xml
[2013/01/28 02:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/12 03:05:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/24 12:04:06 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/10/12 03:05:31 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/29 04:32:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 03:05:29 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll File not found
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Dell AIO Printer 948 Fax Server] C:\Program Files\Dell AIO Printer 948\fm3032.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dldfmon.exe] C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell AIO Printer 948\memcard.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Facebook Update] "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.2.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FF3D529-C1F7-4C17-BE22-94617E325428}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/17 10:37:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c81d8b0-870f-11de-9ac7-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{1c81d8b0-870f-11de-9ac7-001d0974d1a5}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{931a08f2-6516-11de-b78c-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{931a08f2-6516-11de-b78c-001d0974d1a5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b45b468f-6be6-11de-b28c-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{b45b468f-6be6-11de-b28c-001d0974d1a5}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/28 12:02:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/01/28 12:02:57 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Desktop
[2013/01/28 11:43:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Macromedia
[2013/01/28 11:09:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/28 11:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/28 10:59:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{BDF13614-BDEA-43A5-A8B6-11AB68392E05}
[2013/01/28 10:57:05 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013/01/28 02:30:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\yahoo!
[2013/01/27 19:18:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVG2013
[2013/01/27 19:14:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2013/01/27 19:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/01/27 19:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/01/27 19:05:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\MFAData
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Avg2013
[2013/01/27 17:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/01/27 17:26:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\LavasoftStatistics
[2013/01/27 17:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/01/27 17:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013/01/27 17:20:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Downloaded Installations
[2013/01/27 17:19:44 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/27 17:19:44 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/01/27 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ad-Aware Antivirus
[2013/01/27 16:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/01/27 16:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/01/27 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{7C942744-E264-470D-9200-BBAD3921F3F5}
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/28 12:02:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/01/28 11:03:12 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN.job
[2013/01/28 11:03:12 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/28 11:03:03 | 000,658,352 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/28 11:03:03 | 000,131,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/28 10:56:48 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/28 10:56:48 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/28 10:56:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/28 02:39:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/28 01:44:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/28 01:39:30 | 000,330,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/27 17:33:07 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/01/27 17:19:44 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/27 17:19:44 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/28 11:03:12 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN.job
[2013/01/28 11:03:12 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/27 17:37:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/27 17:37:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/01/27 17:33:07 | 000,000,942 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/09/16 23:05:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/09/15 16:58:58 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2010/12/07 21:04:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/28 20:59:03 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2009/07/08 12:43:21 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/07/03 14:46:48 | 000,124,416 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/08 17:21:12 | 000,001,268 | ---- | C] () -- C:\ProgramData\dldf

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/30 17:56:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.doomseeker
[2012/03/16 14:53:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2011/12/12 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\3v
[2009/08/27 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\948 Series
[2013/01/28 01:34:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ad-Aware Antivirus
[2010/12/26 23:32:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AnvSoft
[2010/10/02 22:58:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Apowersoft
[2010/06/10 18:01:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
[2013/01/27 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2013
[2011/01/05 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Coby
[2011/01/05 22:32:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Coby Media Manager
[2011/10/28 11:58:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.doubleperfect.ggpo
[2009/07/08 12:50:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Pro
[2011/02/16 09:53:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataSafeOnline
[2012/09/20 13:52:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DefaultTab
[2012/09/02 19:16:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ESPNOfflineDraft.87EFDF5C5ABF3073574165E816459613033FD48A.1
[2010/07/02 18:09:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ImgBurn
[2009/08/16 19:17:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2012/09/18 10:38:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Cleaners
[2012/09/18 10:38:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PCPro
[2010/07/28 20:59:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PeerNetworking
[2011/10/05 13:45:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SLADE3
[2011/10/28 12:29:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Supercade
[2013/01/27 19:14:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2009/09/26 17:51:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UltimateBet
[2010/09/23 14:43:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uqm
[2012/10/17 12:14:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2009/07/22 16:45:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\X-Chat 2

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F5FEB7C0

< End of report >
  • 0

Advertisements

#2
Satchfan
Posted 28 January 2013 - 12:36 PM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Hello AlfredoGarcia and welcome to GeeksToGo .

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Download and run Junkware Removal Tool

Posted Image Please download Junkware Removal Tool to your desktop.
  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.
===================================================

Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.
===================================================

Run aswMBR

  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.

Please also post a new OTL log.

Logs to include with next post:

JRT.txt
checkup.txt
aswMBR log
New OTL log

Thanks

Satchfan
  • 0

#3
AlfredoGarcia
Posted 28 January 2013 - 01:36 PM

AlfredoGarcia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hey Satchfan!

Thanks for the quick reply and stepping up to the plate. I believe I have turned off all protection and i'm ready to work my way through this. For future posts would you like me to just paste the logs here? Or maybe add them on pastebin?

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.2 (01.26.2013:2)
OS: Windows Vista ™ Home Premium x86
Ran by user on 28/01/2013 at 13:50:10.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] defaulttabupdate
Successfully deleted: [Service] defaulttabupdate
Successfully stopped: [Service] wajamupdater
Successfully deleted: [Service] wajamupdater



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{37483b40-c254-4a72-bda4-22ee90182c1e}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{37483b40-c254-4a72-bda4-22ee90182c1e}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{b278d9f8-0fa9-465e-9938-0c392605d8e3}
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1495230073-1844752731-2533488428-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1495230073-1844752731-2533488428-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}\\DisplayName
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}\\URL
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}\\URL
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\default tab
Successfully deleted: [Registry Key] hkey_local_machine\software\default tab
Successfully deleted: [Registry Key] hkey_current_user\software\defaulttab
Successfully deleted: [Registry Key] hkey_local_machine\software\playbryte
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer
Successfully deleted: [Registry Key] hkey_local_machine\software\wajam
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\defaulttab
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\pricegongie.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\axshdocvw.axwebbrowser
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\pricefactorie.pricegongbho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\pricefactorie.pricegongbho.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\pricegongie.pricegongctrl
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\pricegongie.pricegongctrl.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajambho.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\wajam.wajamdownloader.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT2801948
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{1631550f-191d-4826-b069-d9439253d926}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{1631550f-191d-4826-b069-d9439253d926}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{7f6afbf1-e065-4627-a2fd-810366367d01}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{a531d99c-5a22-449b-83da-872725c6d0ed}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a6174f27-1fff-e1d6-a93f-ba48ad5dd448}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a6174f27-1fff-e1d6-a93f-ba48ad5dd448}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{a7a6995d-6ee1-4fd1-a258-49395d5bf99c}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d2a2595c-4fe4-4315-aa9b-19dbd6271b71}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\pc cleaners"
Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\pcpro"
Successfully deleted: [Folder] "C:\Users\user\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\playbryte"
Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\conduit"



~~~ FireFox

Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\user.js
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\extensions\[email protected]
Successfully deleted: [File] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\searchplugins\search-here.xml
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\conduitcommon
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\extensions\{8a9386b4-e958-4c4c-adf4-8f26db3e4829}
Successfully deleted the following from C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\prefs.js

user_pref("CT2801948..clientLogIsEnabled", false);
user_pref("CT2801948..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2801948..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2801948.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2801948.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2801948.AppTrackingLastCheckTime", "Sun Apr 29 2012 16:59:14 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2801948.BrowserCompStateIsOpen_129797777221477754", true);
user_pref("CT2801948.BrowserCompStateIsOpen_129797786124759251", true);
user_pref("CT2801948.BrowserCompStateIsOpen_129798077186217960", true);
user_pref("CT2801948.BrowserCompStateIsOpen_129799503686523541", true);
user_pref("CT2801948.BrowserCompStateIsOpen_129815072111847605", true);
user_pref("CT2801948.CTID", "CT2801948");
user_pref("CT2801948.CurrentServerDate", "30-5-2012");
user_pref("CT2801948.DSInstall", false);
user_pref("CT2801948.DialogsAlignMode", "LTR");
user_pref("CT2801948.DialogsGetterLastCheckTime", "Wed May 30 2012 05:46:32 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2801948.DownloadReferralCookieData", "");
user_pref("CT2801948.EMailNotifierPollDate", "Fri Jan 20 2012 17:15:44 GMT-0500 (Eastern Standard Time)");
user_pref("CT2801948.EnableClickToSearchBox", false);
user_pref("CT2801948.EnableSearchHistory", false);
user_pref("CT2801948.EnableSearchSuggest", false);
user_pref("CT2801948.FirstServerDate", "20-1-2012");
user_pref("CT2801948.FirstTime", true);
user_pref("CT2801948.FirstTimeFF3", true);
user_pref("CT2801948.FixPageNotFoundErrors", false);
user_pref("CT2801948.GroupingServerCheckInterval", 1440);
user_pref("CT2801948.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2801948.HPInstall", false);
user_pref("CT2801948.HasUserGlobalKeys", true);
user_pref("CT2801948.HomePageProtectorEnabled", false);
user_pref("CT2801948.HomepageBeforeUnload", "resource:/browserconfig.properties");
user_pref("CT2801948.Initialize", true);
user_pref("CT2801948.InitializeCommonPrefs", true);
user_pref("CT2801948.InstallationAndCookieDataSentCount", 3);
user_pref("CT2801948.InstallationId", "ConduitNSISIntegration");
user_pref("CT2801948.InstallationType", "ConduitXPEIntegration");
user_pref("CT2801948.InstalledDate", "Fri Jan 20 2012 12:00:36 GMT-0500 (Eastern Standard Time)");
user_pref("CT2801948.InvalidateCache", false);
user_pref("CT2801948.IsAlertDBUpdated", true);
user_pref("CT2801948.IsGrouping", false);
user_pref("CT2801948.IsInitSetupIni", true);
user_pref("CT2801948.IsMulticommunity", false);
user_pref("CT2801948.IsOpenThankYouPage", false);
user_pref("CT2801948.IsOpenUninstallPage", true);
user_pref("CT2801948.LanguagePackLastCheckTime", "Wed May 30 2012 18:06:23 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2801948.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2801948.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2801948.LastLogin_3.10.0.1", "Wed Apr 18 2012 05:26:25 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2801948.LastLogin_3.12.0.7", "Wed Apr 25 2012 13:59:37 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2801948.LastLogin_3.12.2.3", "Wed May 30 2012 05:28:24 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2801948.LastLogin_3.13.0.6", "Wed May 30 2012 15:50:20 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2801948.LastLogin_3.9.0.3", "Tue Mar 06 2012 22:17:37 GMT-0500 (Eastern Standard Time)");
user_pref("CT2801948.LatestVersion", "3.13.0.6");
user_pref("CT2801948.Locale", "en-us");
user_pref("CT2801948.MCDetectTooltipHeight", "83");
user_pref("CT2801948.MCDetectTooltipShow", false);
user_pref("CT2801948.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2801948.MCDetectTooltipWidth", "295");
user_pref("CT2801948.MyStuffEnabledAtInstallation", true);
user_pref("CT2801948.OriginalFirstVersion", "3.9.0.3");
user_pref("CT2801948.RadioIsPodcast", false);
user_pref("CT2801948.RadioLastCheckTime", "Fri Jan 20 2012 12:00:43 GMT-0500 (Eastern Standard Time)");
user_pref("CT2801948.RadioLastUpdateIPServer", "3");
user_pref("CT2801948.RadioLastUpdateServer", "129307496595170000");
user_pref("CT2801948.RadioMediaID", "21435220");
user_pref("CT2801948.RadioMediaType", "Media Player");
user_pref("CT2801948.RadioMenuSelectedID", "EBRadioMenu_CT280194821435220");
user_pref("CT2801948.RadioShrinkedFromSetup", false);
user_pref("CT2801948.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
user_pref("CT2801948.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb");
user_pref("CT2801948.SHRINK_TOOLBAR", 1);
user_pref("CT2801948.SearchBackToDefaultEngine", false);
user_pref("CT2801948.SearchBoxWidth", 100);
user_pref("CT2801948.SearchCaption", "NCH EN Customized Web Search");
user_pref("CT2801948.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
user_pref("CT2801948.SearchFromAddressBarIsInit", true);
user_pref("CT2801948.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&q=");
user_pref("CT2801948.SearchInNewTabEnabled", true);
user_pref("CT2801948.SearchInNewTabIntervalMM", 1440);
user_pref("CT2801948.SearchInNewTabLastCheckTime", "Wed May 30 2012 18:06:23 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2801948.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2801948.SearchInNewTabUserEnabled", false);
user_pref("CT2801948.SearchProtectorEnabled", false);
user_pref("CT2801948.SearchProtectorToolbarDisabled", true);
user_pref("CT2801948.SendProtectorDataViaLogin", true);
user_pref("CT2801948.ServiceMapLastCheckTime", "Wed May 30 2012 18:06:23 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2801948.SettingsLastCheckTime", "Wed May 30 2012 17:59:11 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2801948.SettingsLastUpdate", "1337788326");
user_pref("CT2801948.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2801948&SearchSource=13");
user_pref("CT2801948.ThirdPartyComponentsInterval", 504);
user_pref("CT2801948.ThirdPartyComponentsLastCheck", "Sun May 27 2012 05:46:31 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2801948.ThirdPartyComponentsLastUpdate", "1331805997");
user_pref("CT2801948.ToolbarDisabled", false);
user_pref("CT2801948.ToolbarShrinkedFromSetup", false);
user_pref("CT2801948.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2801948");
user_pref("CT2801948.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2801948.UserID", "UN33306709606852288");
user_pref("CT2801948.ValidationData_Search", 0);
user_pref("CT2801948.WeatherNetwork", "");
user_pref("CT2801948.WeatherPollDate", "Wed May 30 2012 18:50:22 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2801948.WeatherUnit", "C");
user_pref("CT2801948.alertChannelId", "1194029");
user_pref("CT2801948.approveUntrustedApps", true);
user_pref("CT2801948.backendstorage.amazonnew_all", "323432343133312C323530393738312C323535333936312C323536303237312C323535383338312C323530393739312C3139383430312C323533343230
user_pref("CT2801948.backendstorage.cb_firstuse0100", "31");
user_pref("CT2801948.backendstorage.cb_user_id_000", "43423930333732383434393834325F46697265666F78");
user_pref("CT2801948.backendstorage.cbcountry_000", "4341");
user_pref("CT2801948.backendstorage.cbfirsttime", "5765642041707220323520323031322030353A35393A343420474D542D3034303020284561737465726E204461796C696768742054696D6529");
user_pref("CT2801948.backendstorage.dealplyhardid", "333038383937393431383032333238373836");
user_pref("CT2801948.backendstorage.dealplyheartbitdate", "3131325F335F3237");
user_pref("CT2801948.backendstorage.dealplywasshownctsettingswidget", "31");
user_pref("CT2801948.backendstorage.hxxp://pinterest_aot_im.guid", "313333353334373938323737362D323161396438313866313631");
user_pref("CT2801948.backendstorage.hxxp://pinterest_aot_im.instts", "31333335333437393833303637");
user_pref("CT2801948.backendstorage.hxxp://pinterest_aot_im.isenabled", "59");
user_pref("CT2801948.backendstorage.shoppingapp.gk.exipres", "4D6F6E2041707220333020323031322030353A35393A343220474D542D3034303020284561737465726E204461796C696768742054696D652
user_pref("CT2801948.backendstorage.shoppingapp.gk.geolocation", "63616E616461");
user_pref("CT2801948.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");
user_pref("CT2801948.backendstorage.twitter_v1.9.0_twitter_app_open_t_f", "66616C7365");
user_pref("CT2801948.backendstorage.url_history0001", "687474703A2F2F742E636F2F313670787979474F3A3A3A636C69636B68616E646C65723A3A3A313333353337353332313538392C2C2C687474703A2F
user_pref("CT2801948.componentAlertEnabled", false);
user_pref("CT2801948.components.1000034", false);
user_pref("CT2801948.components.1000080", false);
user_pref("CT2801948.components.1000082", false);
user_pref("CT2801948.components.129306881624250628", false);
user_pref("CT2801948.components.129306881624563129", false);
user_pref("CT2801948.components.129306881632844577", false);
user_pref("CT2801948.components.129311958650656383", false);
user_pref("CT2801948.components.129311959839444431", false);
user_pref("CT2801948.components.129343840936544328", false);
user_pref("CT2801948.components.129797777221477754", false);
user_pref("CT2801948.components.129797778032571509", false);
user_pref("CT2801948.components.129797781958509142", false);
user_pref("CT2801948.components.129799503686523541", false);
user_pref("CT2801948.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2801948.globalFirstTimeInfoLastCheckTime", "Tue May 22 2012 16:54:58 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2801948.homepageProtectorEnableByLogin", true);
user_pref("CT2801948.initDone", true);
user_pref("CT2801948.isAppTrackingManagerOn", true);
user_pref("CT2801948.isFirstRadioInstallation", false);
user_pref("CT2801948.isSearchProtectorNotifyChanges", false);
user_pref("CT2801948.myStuffEnabled", true);
user_pref("CT2801948.myStuffPublihserMinWidth", 400);
user_pref("CT2801948.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2801948.myStuffServiceIntervalMM", 1440);
user_pref("CT2801948.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2801948.oldAppsList", "129306881620344305,129306881621438061,111,129306881624250628,129306881624563129,129797777221477754,129797778032571509,129797781958509142,12
user_pref("CT2801948.revertSettingsEnabled", false);
user_pref("CT2801948.searchProtectorDialogDelayInSec", 10);
user_pref("CT2801948.searchProtectorEnableByLogin", true);
user_pref("CT2801948.testingCtid", "");
user_pref("CT2801948.toolbarAppMetaDataLastCheckTime", "Wed May 30 2012 18:06:22 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2801948.toolbarContextMenuLastCheckTime", "Sun May 27 2012 16:59:08 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2801948.usageEnabled", false);
user_pref("CT2801948.usagesFlag", 2);
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801948/CT2801948", "\"890c1dd06b7749a234588facae12f6c61\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194029/1189706/CA", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801948", "\"1337033611\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "G9mW7heT/8xIX1frcduu0A==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "2E1/v7EfCEDbv3VaBQMELg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "k9un27OkAvkwB2ZmvXxTnA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "4BgM4MhF/sOgPsDNmIs3Yw==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:12e4\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801948", "\"d76323372b05c3748a3d6b1c93a98292\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\"802b1fef4e19c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"6a998dbe1a10be371b546957d8d4b125\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\user\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\l9d7e0x1.default\\conduitCommon\\modules\\3.13.0.6");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.ToolbarsList", "CT2801948");
user_pref("CommunityToolbar.ToolbarsList2", "CT2801948");
user_pref("CommunityToolbar.ToolbarsList4", "CT2801948");
user_pref("CommunityToolbar.globalUserId", "6f9119ec-c1b1-4243-be9c-b6c659777b27");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun May 27 2012 16:59:02 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue May 29 2012 22:17:34 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 29 2012 22:17:27 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "1e00393f-d2a8-4318-94da-9e7684b13d16");
user_pref("CommunityToolbar.originalHomepage", "resource:/browserconfig.properties");
user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
user_pref("extensions.crossrider.bic", "139e5083fcc6904fb2ee743f36f27191");
user_pref("extensions.defaulttab.active.affiliate", 4501);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.browserID", "9D3A325177F6A4549E72169E969EE079");
user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search Here|Search He
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "1.4.2");
user_pref("extensions.defaulttab.lastUsed", 1349739237);
user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
user_pref("extentions.y2layers.installId", "50D95470-5504-AF69-E32D-8145A9979BFA");
Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\minidumps [8 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/01/2013 at 13:52:48.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


checkup.txt(Should have mentioned my OS is Vista Home)

UNSUPPORTED OPERATING SYSTEM! ABORTED!



aswMBR Log


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-28 13:58:03
-----------------------------
13:58:03.003 OS Version: Windows 6.0.6002 Service Pack 2
13:58:03.003 Number of processors: 2 586 0xF0D
13:58:03.003 ComputerName: TOBYOREO-PC UserName: user
13:58:04.063 Initialize success
13:59:14.185 AVAST engine defs: 13012800
13:59:53.154 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:59:53.154 Disk 0 Vendor: ST3320620AS 3.ADG Size: 305245MB BusType: 3
13:59:53.170 Disk 0 MBR read successfully
13:59:53.185 Disk 0 MBR scan
13:59:53.201 Disk 0 Windows VISTA default MBR code
13:59:53.201 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
13:59:53.217 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 98304
13:59:53.232 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294956 MB offset 21069824
13:59:53.248 Disk 0 scanning sectors +625139712
13:59:53.310 Disk 0 scanning C:\Windows\system32\drivers
14:00:05.338 Service scanning
14:00:24.961 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
14:00:34.025 Modules scanning
14:00:40.665 Disk 0 trace - called modules:
14:00:40.697 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x857171f8]<<
14:00:40.704 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8600c528]
14:00:40.712 3 CLASSPNP.SYS[8aba48b3] -> nt!IofCallDriver -> [0x8578b918]
14:00:40.719 5 acpi.sys[805c16bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8578fb98]
14:00:40.726 \Driver\atapi[0x85771ac0] -> IRP_MJ_CREATE -> 0x857171f8
14:00:41.646 AVAST engine scan C:\Windows
14:00:45.995 AVAST engine scan C:\Windows\system32
14:04:54.469 AVAST engine scan C:\Windows\system32\drivers
14:05:08.923 AVAST engine scan C:\Users\user
14:18:08.725 AVAST engine scan C:\ProgramData
14:21:23.913 Scan finished successfully
14:23:06.076 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
14:23:06.091 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"


New OTL log

OTL logfile created on: 28/01/2013 2:25:13 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 53.58% Memory free
6.21 Gb Paging File | 4.93 Gb Available in Paging File | 79.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 95.35 Gb Free Space | 33.10% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.32 Gb Free Space | 43.15% Space Free | Partition Type: NTFS

Computer Name: TOBYOREO-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/28 12:02:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013/01/28 01:44:47 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/10/12 03:05:31 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/13 23:23:57 | 000,149,904 | ---- | M] (Microsoft ® Corporation) -- C:\Users\user\Forefront UAG Remote Access Agent\mydocsocdsbca\portal1\uagqecsvc.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/08 21:52:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/09/16 20:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/07/01 10:30:35 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/06/30 14:48:35 | 001,404,928 | ---- | M] (www.zdaemon.org) -- C:\zdaemon\distr\zlauncher.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/11/12 12:56:18 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/03 08:36:40 | 000,410,248 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
PRC - [2007/07/03 08:36:34 | 000,455,304 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
PRC - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) -- C:\Windows\System32\dldfcoms.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/28 01:44:45 | 014,586,888 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/10/12 03:05:30 | 002,294,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/20 21:38:45 | 000,738,304 | ---- | M] () -- C:\zdaemon\distr\ip2c.dll
MOD - [2010/07/22 15:40:43 | 000,520,192 | ---- | M] () -- C:\zdaemon\distr\zrc.dll
MOD - [2010/03/08 21:55:54 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/03/08 21:52:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2009/09/05 00:54:38 | 000,180,224 | ---- | M] () -- C:\Program Files\QuickTime\QTSystem\QTCF.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/09/04 22:14:56 | 000,120,096 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MOD - [2009/09/04 22:14:44 | 000,039,712 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2009/07/10 12:27:20 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/01 10:31:22 | 000,008,704 | ---- | M] () -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2007/07/03 08:36:40 | 000,410,248 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
MOD - [2007/07/03 08:36:34 | 000,455,304 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
MOD - [2007/05/08 13:44:28 | 000,278,528 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfscw.dll
MOD - [2007/05/03 10:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfdatr.dll
MOD - [2007/04/16 08:47:47 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfcfg.dll
MOD - [2007/04/09 08:16:00 | 000,147,456 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\DLDFptp.dll
MOD - [2006/12/28 10:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfcats.dll
MOD - [2006/10/26 16:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL


========== Services (SafeList) ==========

SRV - [2013/01/28 01:44:47 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/28 01:44:24 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/12 03:05:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/13 23:23:57 | 000,149,904 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- C:\Users\user\Forefront UAG Remote Access Agent\mydocsocdsbca\portal1\uagqecsvc.exe -- (uagqecsvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/10/09 18:56:30 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2007/06/26 06:56:08 | 000,098,952 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe -- (dldfCATSCustConnectService)
SRV - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldfcoms.exe -- (dldf_device)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgtdix.sys -- (Avgtdix)
DRV - File not found [File_System | Disabled | Running] -- system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\user\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ab0xpvcj)
DRV - File not found [Kernel | System | Running] -- C:\Users\user\Desktop\A-SQUARED\run\a2ddax86.sys -- (A2DDA)
DRV - [2013/01/27 17:19:44 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2011/12/19 21:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/03/08 21:52:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/02/03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/11 11:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 11:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 11:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 11:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/07/08 12:29:58 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/02/29 10:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/13 12:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca...=ca&ibd=0071211
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 04 00 59 01 1E 00 00 00 5D 3A B8 68 01 00 00 80 06 00 59 01 00 00 00 00 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKCU\..\SearchScopes\{56D83BBD-1A9E-4512-BCDB-EA62E500E22F}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledAddons: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.9.0.3
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.338: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.338: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.338: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/09/24 12:04:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/27 17:19:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/24 15:25:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/27 17:19:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/24 15:25:42 | 000,000,000 | ---D | M]

[2009/12/01 18:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2009/12/01 18:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/01/28 13:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions
[2010/07/22 15:37:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/01/27 17:06:00 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2012/10/11 20:16:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/09/20 13:54:44 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/03/31 21:31:15 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\[email protected]
[2012/09/19 10:37:27 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2013/01/28 02:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/12 03:05:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/24 12:04:06 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/10/12 03:05:31 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/29 04:32:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 03:05:29 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Dell AIO Printer 948 Fax Server] C:\Program Files\Dell AIO Printer 948\fm3032.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dldfmon.exe] C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell AIO Printer 948\memcard.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Facebook Update] "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.2.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FF3D529-C1F7-4C17-BE22-94617E325428}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/17 10:37:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c81d8b0-870f-11de-9ac7-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{1c81d8b0-870f-11de-9ac7-001d0974d1a5}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{931a08f2-6516-11de-b78c-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{931a08f2-6516-11de-b78c-001d0974d1a5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b45b468f-6be6-11de-b28c-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{b45b468f-6be6-11de-b28c-001d0974d1a5}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/28 13:56:37 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013/01/28 13:50:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/28 13:49:22 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/28 13:48:41 | 000,536,387 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013/01/28 12:02:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/01/28 12:02:57 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Desktop
[2013/01/28 11:43:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Macromedia
[2013/01/28 11:09:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/28 11:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/28 10:59:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{BDF13614-BDEA-43A5-A8B6-11AB68392E05}
[2013/01/28 10:57:05 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2013/01/28 02:30:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\yahoo!
[2013/01/27 19:18:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVG2013
[2013/01/27 19:14:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2013/01/27 19:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/01/27 19:10:07 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/01/27 19:05:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\MFAData
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Avg2013
[2013/01/27 17:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/01/27 17:26:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\LavasoftStatistics
[2013/01/27 17:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/01/27 17:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013/01/27 17:20:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Downloaded Installations
[2013/01/27 17:19:44 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/27 17:19:44 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/01/27 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ad-Aware Antivirus
[2013/01/27 16:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/01/27 16:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2013/01/27 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{7C942744-E264-470D-9200-BBAD3921F3F5}
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/28 14:23:06 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2013/01/28 13:57:50 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013/01/28 13:53:54 | 000,881,914 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013/01/28 13:48:46 | 000,536,387 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013/01/28 12:56:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/28 12:56:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/28 12:02:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/01/28 11:03:12 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN.job
[2013/01/28 11:03:12 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/28 11:03:03 | 000,658,352 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/28 11:03:03 | 000,131,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/28 10:56:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/28 02:39:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/28 01:44:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/28 01:39:30 | 000,330,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/27 17:33:07 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/01/27 17:19:44 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/27 17:19:44 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/28 14:23:06 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2013/01/28 13:53:51 | 000,881,914 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013/01/28 11:03:12 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN.job
[2013/01/28 11:03:12 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/27 17:37:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/27 17:37:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/01/27 17:33:07 | 000,000,942 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/09/16 23:05:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/09/15 16:58:58 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2010/12/07 21:04:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/28 20:59:03 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2009/07/08 12:43:21 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/07/03 14:46:48 | 000,124,416 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/08 17:21:12 | 000,001,268 | ---- | C] () -- C:\ProgramData\dldf

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/30 17:56:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.doomseeker
[2012/03/16 14:53:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2011/12/12 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\3v
[2009/08/27 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\948 Series
[2013/01/28 01:34:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ad-Aware Antivirus
[2010/12/26 23:32:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AnvSoft
[2010/10/02 22:58:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Apowersoft
[2010/06/10 18:01:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
[2013/01/27 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2013
[2011/01/05 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Coby
[2011/01/05 22:32:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Coby Media Manager
[2011/10/28 11:58:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.doubleperfect.ggpo
[2009/07/08 12:50:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Pro
[2011/02/16 09:53:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataSafeOnline
[2012/09/02 19:16:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ESPNOfflineDraft.87EFDF5C5ABF3073574165E816459613033FD48A.1
[2010/07/02 18:09:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ImgBurn
[2009/08/16 19:17:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2010/07/28 20:59:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PeerNetworking
[2011/10/05 13:45:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SLADE3
[2011/10/28 12:29:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Supercade
[2013/01/27 19:14:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2009/09/26 17:51:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UltimateBet
[2010/09/23 14:43:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uqm
[2012/10/17 12:14:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2009/07/22 16:45:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\X-Chat 2

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F5FEB7C0

< End of report >
  • 0

#4
Satchfan
Posted 28 January 2013 - 04:22 PM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

checkup.txt(Should have mentioned my OS is Vista Home)

UNSUPPORTED OPERATING SYSTEM! ABORTED!


The operating system should not affect it. Please try it again.

We have a power cut here which won't be fixed for another 3 hours. I am using my phone as a hotspot plus a torch to reply so will not reply again until tomorrow, (10 20 pm here at the moment).
  • 0

#5
AlfredoGarcia
Posted 28 January 2013 - 05:05 PM

AlfredoGarcia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Alright worked this time, weird how it didn't work the 3 previous times I tried it. Looking forward to your response tomorrow, good luck with the outage!


checkup.txt

Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.5.502.146
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (15.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 11 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#6
Satchfan
Posted 28 January 2013 - 05:26 PM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

good luck with the outage!

Just got it back 5 minutes ago so they were probably giving themselves breathing space.

That log shows less than I expected so we’ll need a different scan.


Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Run OTL

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKCU..\Run: [Facebook Update] "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.2.0.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
[2013/01/28 10:59:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{BDF13614-BDEA-43A5-A8B6-11AB68392E05}
[2013/01/27 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{7C942744-E264-470D-9200-BBAD3921F3F5}
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F5FEB7C0

:Commands
[purity]
[emptytemp]
[Reboot]

  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • post the OTL fix log and a new OTL log.
========================================

Run MiniToolBox

Note: Please make sure Firefox is closed before you run this.

Please download MiniToolBox, save it to your desktop and run it.

Place a checkmark in the following checkboxes:

  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Logs to include in the next post:

OTL fix log
New OTL log
Result.txt

Can you tell me if there is any improvement.

Satchfan
  • 0

#7
AlfredoGarcia
Posted 28 January 2013 - 06:07 PM

AlfredoGarcia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Not going to lie, I was a little worried for a bit. The OTL froze for 30 seconds or so and read Not Responding, eventually it worked thankfully. In regards to there being any improvement, it seems so, just a tiny bit so far. Is there anything that you see that's suspicious?

As requested:

OTL Fix

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
C:\Windows\Downloaded Program Files\SystemRequirementsLab.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\x-sdch\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1759355-3EEC-4C1E-B0F1-B719FE26E377}\ deleted successfully.
C:\Users\user\AppData\Local\{BDF13614-BDEA-43A5-A8B6-11AB68392E05} folder moved successfully.
C:\Users\user\AppData\Local\{7C942744-E264-470D-9200-BBAD3921F3F5} folder moved successfully.
ADS C:\ProgramData\TEMP:F5FEB7C0 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: user
->Temp folder emptied: 426327391 bytes
->Temporary Internet Files folder emptied: 361648351 bytes
->Java cache emptied: 34790726 bytes
->FireFox cache emptied: 270509958 bytes
->Flash cache emptied: 61487 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 522417993 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,541.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01282013_183121

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

New OTL Log

OTL logfile created on: 28/01/2013 6:51:27 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 59.24% Memory free
6.17 Gb Paging File | 5.06 Gb Available in Paging File | 82.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 96.67 Gb Free Space | 33.56% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.32 Gb Free Space | 43.15% Space Free | Partition Type: NTFS

Computer Name: TOBYOREO-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/28 12:02:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2012/10/12 03:05:31 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/13 23:23:57 | 000,149,904 | ---- | M] (Microsoft ® Corporation) -- C:\Users\user\Forefront UAG Remote Access Agent\mydocsocdsbca\portal1\uagqecsvc.exe
PRC - [2011/09/15 13:16:57 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/08 21:52:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/09/16 20:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/07/01 10:30:35 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/11/12 12:56:18 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/03 08:36:40 | 000,410,248 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
PRC - [2007/07/03 08:36:34 | 000,455,304 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
PRC - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) -- C:\Windows\System32\dldfcoms.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/12 03:05:30 | 002,294,240 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/15 13:16:57 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/08 21:55:54 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/03/08 21:52:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2009/09/05 00:54:38 | 000,180,224 | ---- | M] () -- C:\Program Files\QuickTime\QTSystem\QTCF.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/09/04 22:14:56 | 000,120,096 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MOD - [2009/09/04 22:14:44 | 000,039,712 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2009/07/01 10:31:22 | 000,008,704 | ---- | M] () -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2007/07/03 08:36:40 | 000,410,248 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
MOD - [2007/07/03 08:36:34 | 000,455,304 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
MOD - [2007/05/08 13:44:28 | 000,278,528 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfscw.dll
MOD - [2007/05/03 10:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfdatr.dll
MOD - [2007/04/16 08:47:47 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfcfg.dll
MOD - [2007/04/09 08:16:00 | 000,147,456 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\DLDFptp.dll
MOD - [2006/12/28 10:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfcats.dll


========== Services (SafeList) ==========

SRV - [2013/01/28 01:44:47 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/28 01:44:24 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/12 03:05:30 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/13 23:23:57 | 000,149,904 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- C:\Users\user\Forefront UAG Remote Access Agent\mydocsocdsbca\portal1\uagqecsvc.exe -- (uagqecsvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/10/09 18:56:30 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2007/06/26 06:56:08 | 000,098,952 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe -- (dldfCATSCustConnectService)
SRV - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldfcoms.exe -- (dldf_device)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | System | Stopped] -- C:\Users\user\Desktop\A-SQUARED\run\a2ddax86.sys -- (A2DDA)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a1cgfvvj)
DRV - [2013/01/27 17:19:44 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2011/12/19 21:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/03/08 21:52:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/02/03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/11 11:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 11:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 11:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 11:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/07/08 12:29:58 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/02/29 10:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/13 12:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca...=ca&ibd=0071211
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 04 00 59 01 1E 00 00 00 5D 3A B8 68 01 00 00 80 06 00 59 01 00 00 00 00 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKCU\..\SearchScopes\{56D83BBD-1A9E-4512-BCDB-EA62E500E22F}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledAddons: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.3
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {37483b40-c254-4a72-bda4-22ee90182c1e}:3.9.0.3
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.8.0.8855
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.338: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.338: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.338: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/09/24 12:04:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/27 17:19:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/24 15:25:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/27 17:19:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/24 15:25:42 | 000,000,000 | ---D | M]

[2009/12/01 18:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2009/12/01 18:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/01/28 13:52:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions
[2010/07/22 15:37:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/01/27 17:06:00 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2012/10/11 20:16:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/09/20 13:54:44 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/03/31 21:31:15 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\[email protected]
[2012/09/19 10:37:27 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2013/01/28 02:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/12 03:05:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/24 12:04:06 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/10/12 03:05:31 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/29 04:32:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/12 03:05:29 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Dell AIO Printer 948 Fax Server] C:\Program Files\Dell AIO Printer 948\fm3032.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dldfmon.exe] C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell AIO Printer 948\memcard.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FF3D529-C1F7-4C17-BE22-94617E325428}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/17 10:37:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c81d8b0-870f-11de-9ac7-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{1c81d8b0-870f-11de-9ac7-001d0974d1a5}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{931a08f2-6516-11de-b78c-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{931a08f2-6516-11de-b78c-001d0974d1a5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b45b468f-6be6-11de-b28c-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{b45b468f-6be6-11de-b28c-001d0974d1a5}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/28 18:31:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/28 13:56:37 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013/01/28 13:50:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/28 13:49:22 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/28 13:48:41 | 000,536,387 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013/01/28 12:02:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/01/28 12:02:57 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Desktop
[2013/01/28 11:43:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Macromedia
[2013/01/28 11:09:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/28 11:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/28 02:30:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\yahoo!
[2013/01/27 19:18:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVG2013
[2013/01/27 19:14:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2013/01/27 19:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/01/27 19:05:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\MFAData
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Avg2013
[2013/01/27 17:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/01/27 17:26:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\LavasoftStatistics
[2013/01/27 17:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/01/27 17:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013/01/27 17:20:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Downloaded Installations
[2013/01/27 17:19:44 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/27 17:19:44 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/01/27 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ad-Aware Antivirus
[2013/01/27 16:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/01/27 16:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/28 18:50:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{78E4CC24-3078-45B9-820F-2726F5D0DEBC}.job
[2013/01/28 18:49:57 | 000,658,352 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/28 18:49:57 | 000,131,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/28 18:43:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/28 18:43:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/28 18:43:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/28 18:41:56 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/28 14:23:06 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2013/01/28 13:57:50 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013/01/28 13:53:54 | 000,881,914 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013/01/28 13:48:46 | 000,536,387 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013/01/28 12:02:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/01/28 11:03:12 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN.job
[2013/01/28 11:03:12 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/28 01:44:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/28 01:39:30 | 000,330,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/27 17:33:07 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/01/27 17:19:44 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/27 17:19:44 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/28 14:23:06 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2013/01/28 13:53:51 | 000,881,914 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013/01/28 11:03:12 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN.job
[2013/01/28 11:03:12 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/27 17:37:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/27 17:37:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/01/27 17:33:07 | 000,000,942 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/09/16 23:05:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/09/15 16:58:58 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2010/12/07 21:04:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/28 20:59:03 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2009/07/08 12:43:21 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/07/03 14:46:48 | 000,124,416 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/08 17:21:12 | 000,001,268 | ---- | C] () -- C:\ProgramData\dldf

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/30 17:56:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.doomseeker
[2012/03/16 14:53:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2011/12/12 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\3v
[2009/08/27 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\948 Series
[2013/01/28 01:34:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ad-Aware Antivirus
[2010/12/26 23:32:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AnvSoft
[2010/10/02 22:58:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Apowersoft
[2010/06/10 18:01:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
[2013/01/27 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2013
[2011/01/05 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Coby
[2011/01/05 22:32:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Coby Media Manager
[2011/10/28 11:58:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.doubleperfect.ggpo
[2009/07/08 12:50:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Pro
[2011/02/16 09:53:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataSafeOnline
[2012/09/02 19:16:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ESPNOfflineDraft.87EFDF5C5ABF3073574165E816459613033FD48A.1
[2010/07/02 18:09:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ImgBurn
[2009/08/16 19:17:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2010/07/28 20:59:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PeerNetworking
[2011/10/05 13:45:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SLADE3
[2011/10/28 12:29:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Supercade
[2013/01/27 19:14:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2009/09/26 17:51:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UltimateBet
[2010/09/23 14:43:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uqm
[2012/10/17 12:14:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2009/07/22 16:45:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\X-Chat 2

========== Purity Check ==========



< End of report >


Result.txt

MiniToolBox by Farbar Version:10-01-2013
Ran by user (administrator) on 28-01-2013 at 19:01:22
Running from "C:\Users\user\Desktop"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============
Error: (01/28/2013 06:44:08 PM) (Source: Service Control Manager) (User: )
Description: SBRE

Error: (01/28/2013 04:24:00 PM) (Source: Service Control Manager) (User: )
Description: SBRE


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-01-28 11:09:03.376
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 11:09:03.126
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 11:09:02.876
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 11:09:02.596
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2013\Drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 11:09:00.443
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 11:09:00.178
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 11:08:59.912
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 11:08:59.647
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\AVG\AVG2013\Drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 02:32:41.316
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Ad-Aware Antivirus\Drivers\i386\wlh\sbhips.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-01-28 02:32:41.066
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Ad-Aware Antivirus\Drivers\i386\wlh\sbhips.sys because the set of per-page image hashes could not be found on the system.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 4.62
Absolute Poker
AC3Filter 1.61b (Version: 1.61b)
Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.5.502.146)
Adobe Reader 8.3.1 (Version: 8.3.1)
Adobe Shockwave Player 11.6 (Version: 11.6.0.626)
Adobe® Photoshop® Album Starter Edition 3.2 (Version: 3.2.0)
Any Video Converter Professional 3.1.2
Apple Application Support (Version: 1.0)
Apple Mobile Device Support (Version: 2.6.0.32)
Apple Software Update (Version: 2.1.1.116)
µTorrent (Version: 1.8.3)
µTorrent (Version: 2.2.0)
Bodog Poker
Bonjour (Version: 1.0.106)
Browser Address Error Redirector (Version: 1.00.0000)
Cake Poker
Canon Camera Window DC_DV 6 for ZoomBrowser EX (Version: 6.4.0.9)
Canon Camera Window MC 6 for ZoomBrowser EX (Version: 6.3.0.8)
Canon G.726 WMP-Decoder (Version: 1.1.0.4)
Canon MovieEdit Task for ZoomBrowser EX (Version: 2.4.0.14)
Canon RAW Image Task for ZoomBrowser EX (Version: 2.5.0.8)
Canon RemoteCapture Task for ZoomBrowser EX (Version: 1.7.0.8)
Canon Utilities PhotoStitch (Version: 3.1.19.43)
Canon Utilities ZoomBrowser EX (Version: 5.8.0.74)
Corel Snapfire muvee autoProducer add-on (Version: 1.00.0000)
Corel Snapfire Plus (Version: 1.30.0000)
Counter-Strike
D3DX10 (Version: 15.4.2368.0902)
Day of Defeat
DefaultTab (Version: 1.2.8.0)
Dell AIO Printer 948
Dell DataSafe Online (Version: 1.0.15)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Version: 2.1.08060)
Deus Ex
DirectVobSub (remove only)
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.6.1.9)
DivX Version Checker (Version: 7.1.0.2)
Doom Builder 2.1
Dungeon Keeper Gold
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
Futuremark SystemInfo (Version: 3.17.0.1)
GameSpy Arcade
Heroes of Might and Magic 2 GOLD
ImgBurn (Version: 2.5.1.0)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.11.0 (Version: )
Intel® TV Wizard
iTunes (Version: 9.0.1.8)
Junk Mail filter update (Version: 15.4.3502.0922)
Kobo (Version: 2.1.6)
Logitech Gaming Software 5.08 (Version: 5.08.146)
Medal of Honor Allied Assault
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Age of Empires
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MKV Converter Studio V2.0.2 (Version: 2.0.2)
Mozilla Firefox 15.0 (x86 en-US) (Version: 15.0)
Mozilla Firefox 16.0.1 (x86 en-US) (Version: 16.0.1)
Mozilla Maintenance Service (Version: 16.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
Norton Security Scan (Version: 2.3.0.44)
Pando Media Booster (Version: 2.3.6.0)
PDFCreator (Version: 1.2.0)
PokerStars
Portal
QuickTime (Version: 7.64.17.73)
RadarSync PC Updater 2011 (driver updates & patches) (Version: )
RealPlayer
Realtek High Definition Audio Driver (Version: 6.0.1.5548)
Rise of The Triad
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.116)
Roxio Update Manager (Version: 3.0.0)
Segoe UI (Version: 15.4.2271.0615)
Skype Click to Call (Version: 5.8.8855)
SlimDX Redistributable (March 2009) (Version: 2.0.7.41)
Sonic Activation Module (Version: 1.0)
Steam (Version: 1.0.0.0)
Supercade (Version: 2.0.0.72)
swMSM (Version: 12.0.0.1)
UltimateBet
Unlocker 1.8.9 (Version: 1.8.9)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User's Guides
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Ventrilo Client (Version: 3.0.7)
Vice City Online Release RC1 Patch 1
VobSub v2.23 (Remove Only)
Winamp (Version: 5.552 )
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Mobile Device Center (Version: 6.1.6965.0)
Windows Mobile Device Center Driver Update (Version: 6.1.6965.0)
WinRAR archiver
XChat 2 (remove only)
Xvid 1.2.2 final uninstall (Version: 1.2)
Yontoo 1.10.02 (Version: 1.10.02)
Zandronum (Version: 1.0)

========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 3060.45 MB
Available physical RAM: 1930.91 MB
Total Pagefile: 6355.18 MB
Available Pagefile: 5356.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.33 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:96.67 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.32 GB) NTFS

========================= Users: ========================================

User accounts for \\TOBYOREO-PC

Administrator ASPNET Guest
user

========================= Minidump Files ==================================

C:\Windows\Minidump\Mini010712-01.dmp
C:\Windows\Minidump\Mini011312-01.dmp
C:\Windows\Minidump\Mini012012-01.dmp
C:\Windows\Minidump\Mini012812-01.dmp
C:\Windows\Minidump\Mini020712-01.dmp
C:\Windows\Minidump\Mini030312-01.dmp
C:\Windows\Minidump\Mini030412-01.dmp
C:\Windows\Minidump\Mini032412-01.dmp
C:\Windows\Minidump\Mini040812-01.dmp
C:\Windows\Minidump\Mini041712-01.dmp
C:\Windows\Minidump\Mini042412-01.dmp
C:\Windows\Minidump\Mini042712-01.dmp
C:\Windows\Minidump\Mini051312-01.dmp
C:\Windows\Minidump\Mini051912-01.dmp
C:\Windows\Minidump\Mini052712-01.dmp
C:\Windows\Minidump\Mini090212-01.dmp
C:\Windows\Minidump\Mini100111-01.dmp
C:\Windows\Minidump\Mini100811-01.dmp
C:\Windows\Minidump\Mini100911-01.dmp
C:\Windows\Minidump\Mini110211-01.dmp
C:\Windows\Minidump\Mini110811-01.dmp
C:\Windows\Minidump\Mini112011-01.dmp
C:\Windows\Minidump\Mini112211-01.dmp
C:\Windows\Minidump\Mini112611-01.dmp
C:\Windows\Minidump\Mini120311-01.dmp
C:\Windows\Minidump\Mini120811-01.dmp
C:\Windows\Minidump\Mini121811-01.dmp
C:\Windows\Minidump\Mini122311-01.dmp
C:\Windows\Minidump\Mini122611-01.dmp
C:\Windows\Minidump\Mini123111-01.dmp

**** End of log ****
  • 0

#8
Satchfan
Posted 29 January 2013 - 02:21 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Uninstall the following program, if present:

Yontoo 1.10.02(Version: 1.10.02)


1. Click Start, Control Panel, Programs, and then Programs and Features.
2. Click on Yontoo and then Uninstall.
If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

============================================

Run AVG removal tool

Let’s get rid of AVG. Please download and run AVG Removal Tool. You can download it from here.

NEXT


Ad-Aware

You also have remnants of Ad-Aware on your computer.

Please go here
and follow the instructions.

============================================

Run OTL

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services

:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2013/01/27 17:06:00 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2012/09/20 13:54:44 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

:Commands
[purity]
[emptytemp]
[Reboot]

  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • post the OTL fix log and a new OTL log.

Thanks

Satchfan
  • 0

#9
AlfredoGarcia
Posted 29 January 2013 - 09:32 AM

AlfredoGarcia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Alright attempted to remove Yontoo and was prompted with: An error occurred while trying to uninstall Yontoo 1.10.02. It May have already been uninstalled. Would you like to remove Yontoo 1.10.02 from the Programs and Features List? I clicked No until your response.

Also just to aware you Firefox seemed to update and did some sort of check when I ran it today. It said Skype and some other Microsoft Add-on weren't compatible add-ons and that it wanted to check for updates, i clicked don't check. Waiting for your response to move forward to the other steps.
  • 0

#10
Satchfan
Posted 29 January 2013 - 10:02 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts

Would you like to remove Yontoo 1.10.02 from the Programs and Features List? I clicked No

Say "Yes" as you do wish to remove it from the list.

While you are removing programs you should consider removing Pando Media Booster as it could be causing your computer to slow down. See here and decide for tourself.

Firefox seemed to update and did some sort of check when I ran it today. It said Skype and some other Microsoft Add-on weren't compatible add-ons and that it wanted to check for updates, i clicked don't check.

Leave this for now as I want to see the result of the OTL "fix".

A colleague here at G2G has advised me of a program that will speed up Firefox. I'll advise you of that and more when we are finished.

Please finish the instructions.

Thanks

Satchfan
  • 0

Advertisements

#11
AlfredoGarcia
Posted 29 January 2013 - 10:17 AM

AlfredoGarcia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ran Avg removal successfully. Alright removed Yontoo and Pando Media Booster from Programs and Features, if you have any other suggestions i'm all ears if it increases my computers speed! Also just to let you know, before I started posting here, I attempted to remove a bunch of programs that I deemed not necessary. Looking at the programs list they seem to still be there. The Programs are:

Absolute Poker
Cake Poker
Facebook Calling 1.2.0.287
Pokerstars
Skype Click to Call
UltimateBet

In regards to Ad-Aware, I went through all steps and can't find the remenants in either of those prcedures. There appears to be no lavasoft folder. Awaiting your response before continuing(Appologize for the constant stops, just want to make sure I do everything under your guidance)
  • 0

#12
Satchfan
Posted 29 January 2013 - 11:49 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
We can deal with all these issues later.

Now please go ahead with the OTL fix.
  • 0

#13
AlfredoGarcia
Posted 29 January 2013 - 12:17 PM

AlfredoGarcia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here are the requested logs:

OTL FIX

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\searchplugin folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\Plugins folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\modules folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: user
->Temp folder emptied: 316789 bytes
->Temporary Internet Files folder emptied: 68011 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 136075731 bytes
->Flash cache emptied: 1217 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 469450 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 131.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01292013_130420

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

New OTL Log:


OTL logfile created on: 29/01/2013 1:08:07 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 67.55% Memory free
6.17 Gb Paging File | 5.31 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 96.15 Gb Free Space | 33.38% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.27 Gb Free Space | 42.73% Space Free | Partition Type: NTFS

Computer Name: TOBYOREO-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/28 23:42:39 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/28 12:02:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2011/10/13 23:23:57 | 000,149,904 | ---- | M] (Microsoft ® Corporation) -- C:\Users\user\Forefront UAG Remote Access Agent\mydocsocdsbca\portal1\uagqecsvc.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/08 21:52:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/09/16 20:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/07/01 10:30:35 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007/11/12 12:56:18 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/07/03 08:36:40 | 000,410,248 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
PRC - [2007/07/03 08:36:34 | 000,455,304 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
PRC - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) -- C:\Windows\System32\dldfcoms.exe
PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/28 23:42:38 | 003,022,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/03/08 21:55:54 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/03/08 21:52:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2009/09/05 00:54:38 | 000,180,224 | ---- | M] () -- C:\Program Files\QuickTime\QTSystem\QTCF.dll
MOD - [2009/09/04 22:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/09/04 22:14:56 | 000,120,096 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MOD - [2009/09/04 22:14:44 | 000,039,712 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2009/07/01 10:31:22 | 000,008,704 | ---- | M] () -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2007/07/03 08:36:40 | 000,410,248 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\memcard.exe
MOD - [2007/07/03 08:36:34 | 000,455,304 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfmon.exe
MOD - [2007/05/08 13:44:28 | 000,278,528 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfscw.dll
MOD - [2007/05/03 10:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfdatr.dll
MOD - [2007/04/16 08:47:47 | 000,077,906 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfcfg.dll
MOD - [2007/04/09 08:16:00 | 000,147,456 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\DLDFptp.dll
MOD - [2006/12/28 10:47:42 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell AIO Printer 948\dldfcats.dll


========== Services (SafeList) ==========

SRV - [2013/01/28 23:42:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/28 01:44:47 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/28 01:44:24 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/13 23:23:57 | 000,149,904 | ---- | M] (Microsoft ® Corporation) [Auto | Running] -- C:\Users\user\Forefront UAG Remote Access Agent\mydocsocdsbca\portal1\uagqecsvc.exe -- (uagqecsvc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/10/09 18:56:30 | 000,202,544 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2007/06/26 06:56:08 | 000,098,952 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldfserv.exe -- (dldfCATSCustConnectService)
SRV - [2007/06/26 06:56:06 | 000,598,664 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldfcoms.exe -- (dldf_device)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ad4bjrng)
DRV - File not found [Kernel | System | Stopped] -- C:\Users\user\Desktop\A-SQUARED\run\a2ddax86.sys -- (A2DDA)
DRV - [2013/01/27 17:19:44 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2011/12/19 21:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/03/08 21:52:44 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/02/03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/11 11:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 11:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 11:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 11:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/07/08 12:29:58 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/02/29 10:13:48 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/04/13 12:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/02/08 20:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/08 20:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/10/26 16:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 16:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 16:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 16:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 16:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 16:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 16:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 16:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca...=ca&ibd=0071211
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 04 00 59 01 1E 00 00 00 5D 3A B8 68 01 00 00 80 06 00 59 01 00 00 00 00 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKCU\..\SearchScopes\{56D83BBD-1A9E-4512-BCDB-EA62E500E22F}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.338: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.338: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.338: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/09/24 12:04:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/28 23:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/28 23:42:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/28 23:42:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/28 23:42:33 | 000,000,000 | ---D | M]

[2009/12/01 18:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2009/12/01 18:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/01/29 13:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions
[2010/07/22 15:37:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/11 20:16:45 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/03/31 21:31:15 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\l9d7e0x1.default\extensions\[email protected]
[2012/09/19 10:37:27 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\l9d7e0x1.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2013/01/28 23:42:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/28 23:42:32 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/24 12:04:06 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/01/28 23:42:39 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/01/28 23:42:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/28 23:42:36 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Dell AIO Printer 948 Fax Server] C:\Program Files\Dell AIO Printer 948\fm3032.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dldfmon.exe] C:\Program Files\Dell AIO Printer 948\dldfmon.exe ()
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell AIO Printer 948\memcard.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FF3D529-C1F7-4C17-BE22-94617E325428}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/17 10:37:31 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c81d8b0-870f-11de-9ac7-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{1c81d8b0-870f-11de-9ac7-001d0974d1a5}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{931a08f2-6516-11de-b78c-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{931a08f2-6516-11de-b78c-001d0974d1a5}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{b45b468f-6be6-11de-b28c-001d0974d1a5}\Shell - "" = AutoRun
O33 - MountPoints2\{b45b468f-6be6-11de-b28c-001d0974d1a5}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/29 11:09:44 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\user\Desktop\avgremover.exe
[2013/01/29 10:22:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{CF98CD99-2C2F-4048-BB70-30DDD9A31B83}
[2013/01/28 23:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/28 18:59:32 | 000,752,287 | ---- | C] (Farbar) -- C:\Users\user\Desktop\MiniToolBox.exe
[2013/01/28 18:31:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/28 13:56:37 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013/01/28 13:50:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/28 13:49:22 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/28 13:48:41 | 000,536,387 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013/01/28 12:02:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/01/28 12:02:57 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Desktop
[2013/01/28 11:43:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Macromedia
[2013/01/28 11:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/28 02:30:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\yahoo!
[2013/01/27 19:18:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVG2013
[2013/01/27 19:14:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2013/01/27 19:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/01/27 19:05:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\MFAData
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/01/27 19:05:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Avg2013
[2013/01/27 17:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus
[2013/01/27 17:26:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\LavasoftStatistics
[2013/01/27 17:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2013/01/27 17:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ad-Aware Antivirus
[2013/01/27 17:20:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Downloaded Installations
[2013/01/27 17:19:44 | 000,044,424 | ---- | C] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/27 17:19:44 | 000,013,560 | ---- | C] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[2013/01/27 17:18:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Ad-Aware Antivirus
[2013/01/27 16:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/01/27 16:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/29 13:13:07 | 000,658,352 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/29 13:13:07 | 000,131,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/29 13:10:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{78E4CC24-3078-45B9-820F-2726F5D0DEBC}.job
[2013/01/29 13:05:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 13:05:49 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 13:05:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/29 13:04:33 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/29 11:09:45 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\user\Desktop\avgremover.exe
[2013/01/28 18:59:33 | 000,752,287 | ---- | M] (Farbar) -- C:\Users\user\Desktop\MiniToolBox.exe
[2013/01/28 14:23:06 | 000,000,512 | ---- | M] () -- C:\Users\user\Desktop\MBR.dat
[2013/01/28 13:57:50 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\user\Desktop\aswMBR.exe
[2013/01/28 13:53:54 | 000,881,914 | ---- | M] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013/01/28 13:48:46 | 000,536,387 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe
[2013/01/28 12:02:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/01/28 11:03:12 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN.job
[2013/01/28 11:03:12 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/28 01:44:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/28 01:39:30 | 000,330,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/27 17:33:07 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/01/27 17:19:44 | 000,044,424 | ---- | M] (GFI Software) -- C:\Windows\System32\sbbd.exe
[2013/01/27 17:19:44 | 000,013,560 | ---- | M] (GFI Software) -- C:\Windows\System32\drivers\gfibto.sys
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/28 14:23:06 | 000,000,512 | ---- | C] () -- C:\Users\user\Desktop\MBR.dat
[2013/01/28 13:53:51 | 000,881,914 | ---- | C] () -- C:\Users\user\Desktop\SecurityCheck.exe
[2013/01/28 11:03:12 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN.job
[2013/01/28 11:03:12 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/27 17:37:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/27 17:37:14 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/01/27 17:33:07 | 000,000,942 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/09/16 23:05:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/09/15 16:58:58 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2010/12/07 21:04:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/28 20:59:03 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2009/07/08 12:43:21 | 000,001,356 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/07/03 14:46:48 | 000,124,416 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/08 17:21:12 | 000,001,268 | ---- | C] () -- C:\ProgramData\dldf

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/30 17:56:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.doomseeker
[2012/03/16 14:53:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2011/12/12 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\3v
[2009/08/27 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\948 Series
[2013/01/28 01:34:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ad-Aware Antivirus
[2010/12/26 23:32:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AnvSoft
[2010/10/02 22:58:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Apowersoft
[2010/06/10 18:01:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
[2013/01/27 19:18:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG2013
[2011/01/05 18:09:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Coby
[2011/01/05 22:32:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Coby Media Manager
[2011/10/28 11:58:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.doubleperfect.ggpo
[2009/07/08 12:50:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Pro
[2011/02/16 09:53:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DataSafeOnline
[2012/09/02 19:16:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ESPNOfflineDraft.87EFDF5C5ABF3073574165E816459613033FD48A.1
[2010/07/02 18:09:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ImgBurn
[2009/08/16 19:17:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2010/07/28 20:59:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PeerNetworking
[2011/10/05 13:45:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SLADE3
[2011/10/28 12:29:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Supercade
[2013/01/27 19:14:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2009/09/26 17:51:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UltimateBet
[2010/09/23 14:43:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uqm
[2012/10/17 12:14:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2009/07/22 16:45:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\X-Chat 2

========== Purity Check ==========



< End of report >
  • 0

#14
Satchfan
Posted 29 January 2013 - 06:03 PM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Things are looking good.

Run OTL
  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services

:OTL

:Files
C:\ProgramData\Ad-Aware Antivirus
C:\Program Files\Ad-Aware Antivirus
C:\Users\user\AppData\Roaming\Ad-Aware Antivirus
C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
C:\Windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
C:\Users\user\AppData\Roaming\Ad-Aware Antivirus
C:\Users\user\AppData\Roaming\LavasoftStatistics
C:\ProgramData\Lavasoft

:Commands
[purity]
[emptytemp]
[Reboot]

  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done.
=====================================================

Download Malwarebytes-Anti-Malware

Click here.
  • double-click mbam-setup.exe and follow the prompts to install the program.
  • at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
  • if an update is found, it will download and install the latest version.
  • once the program has loaded, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with the next post:

Mbam.txt

Can you tell me if there are any outstanding problems.

Satchfan
  • 0

#15
AlfredoGarcia
Posted 29 January 2013 - 06:34 PM

AlfredoGarcia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Alright ran the OTL Fix, computer rebooted then I was greeted with a message from Steam:

Steam - Error

This account 'xXxWhitexMikexXx' has never been accessed on this machine before and a connection to steam servers cannot be made. Some services will not be available. Steam will continue to attempt the connection and services will be available upon success.

First time seeing that message. Besides that no outstanding problems. Cd rom seems to be working okay, can't test burning music cds, don't have any blank disks.


Mbam.txt


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.29.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
user :: TOBYOREO-PC [administrator]

29/01/2013 7:22:37 PM
mbam-log-2013-01-29 (19-22-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216816
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow|playbryte.com (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|playbrytetoolbar_Playbryte (PUP.PlayBryte) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP