Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

VIRUS [Solved]


  • This topic is locked This topic is locked

#1
chsg

chsg

    Member

  • Member
  • PipPip
  • 12 posts
OTL logfile created on: 2/5/2013 9:24:05 AM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Andrea\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 67.64% Memory free
7.81 Gb Paging File | 6.28 Gb Available in Paging File | 80.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.24 Gb Total Space | 30.64 Gb Free Space | 25.70% Space Free | Partition Type: NTFS
Drive D: | 153.85 Gb Total Space | 0.01 Gb Free Space | 0.01% Space Free | Partition Type: NTFS

Computer Name: SWEETIE | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/01 16:27:58 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Downloads\OTL.exe
PRC - [2012/01/07 21:17:56 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011/10/04 14:14:10 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011/10/04 14:14:06 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2011/10/03 17:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/08 16:48:32 | 000,100,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
PRC - [2011/09/08 16:48:30 | 000,092,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
PRC - [2011/07/21 17:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/15 12:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010/08/20 11:57:06 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/06/19 12:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/04 14:14:06 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2010/08/20 11:57:06 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010/08/20 11:57:00 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/03/03 18:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/09/14 16:13:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/04 08:50:35 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/26 20:41:02 | 000,794,560 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/06/15 11:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/08 16:48:30 | 000,092,800 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/06/17 11:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/03/01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/03 03:41:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/03 03:41:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/15 21:35:40 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/09/15 21:35:18 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/31 01:42:04 | 002,769,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/06/02 12:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/06/02 12:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/25 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/31 04:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/20 07:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/24 03:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/20 03:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/09/07 11:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\URLSearchHook: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\InprocServer32 File not found
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - No CLSID value found
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\SearchScopes,DefaultScope = {4B766296-2716-4159-98E6-DE00038FC7E2}
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\SearchScopes\{4B766296-2716-4159-98E6-DE00038FC7E2}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGHP_enUS472
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\SearchScopes\{ED358191-76A4-4D80-AF05-59D365B619F9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519_yserp3tst"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.realsimple.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=994519&p="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Users\Andrea\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/09/02 12:19:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/14 16:13:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/20 01:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Extensions
[2012/09/04 09:37:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions
[2012/08/14 21:03:51 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/09/01 07:22:23 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]
[2012/06/12 12:58:09 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]
[2013/02/04 09:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/04 09:37:29 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012/09/04 09:37:29 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\PROGRAM FILES (X86)\VUZE REMOTE TOOLBAR\FF
[2012/03/16 13:00:26 | 000,023,443 | ---- | M] () (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MP3IKG4O.DEFAULT\EXTENSIONS\{68836A21-FC7D-4EA1-A065-7EFABD99D414}.XPI
[2012/08/02 10:09:20 | 000,447,304 | ---- | M] () (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MP3IKG4O.DEFAULT\EXTENSIONS\{C07D1A49-9894-49FF-A594-38960EDE8FB9}.XPI
[2012/08/05 07:47:11 | 000,088,908 | ---- | M] () (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MP3IKG4O.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI
[2012/07/09 15:35:15 | 000,014,714 | ---- | M] () (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MP3IKG4O.DEFAULT\EXTENSIONS\{E6C1199F-E687-42DA-8C24-E7770CC3AE66}.XPI
[1832/11/28 22:37:17 | 000,002,095 | ---- | M] () (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MP3IKG4O.DEFAULT\EXTENSIONS\[email protected]
[2012/09/14 16:13:12 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/14 16:12:53 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/14 16:12:53 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Domain Error Assistant = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.0_0\
CHR - Extension: Savings-Slider = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.1_0\
CHR - Extension: Vuze Remote = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.17.1_0\
CHR - Extension: Gmail = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/02 14:32:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\Toolbar\WebBrowser: (no name) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-735253538-622638780-3005358582-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-735253538-622638780-3005358582-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA99E6A4-0090-4232-ADB1-A32A4D50F9BF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Users\Andrea\Documents\*.tmp files -> C:\Users\Andrea\Documents\*.tmp -> ]
[1 C:\Users\Andrea\Desktop\*.tmp files -> C:\Users\Andrea\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/05 09:18:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/05 09:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/05 09:17:45 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/05 09:17:16 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-735253538-622638780-3005358582-1001UA.job
[2013/02/05 09:17:16 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-735253538-622638780-3005358582-1001Core.job
[2013/02/05 09:17:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/04 09:40:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 09:40:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 09:37:28 | 000,794,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/04 09:37:28 | 000,672,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/04 09:37:28 | 000,125,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/04 09:32:48 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/04 03:35:31 | 000,434,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/04 03:30:01 | 000,789,138 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/04 03:23:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[1 C:\Users\Andrea\Documents\*.tmp files -> C:\Users\Andrea\Documents\*.tmp -> ]
[1 C:\Users\Andrea\Desktop\*.tmp files -> C:\Users\Andrea\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/04 03:19:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/02/04 03:07:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/02/04 00:25:29 | 3145,826,304 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/06 14:36:22 | 000,225,413 | ---- | C] () -- C:\Users\Andrea\AVGInstLog.cab
[2012/04/29 11:33:51 | 000,002,235 | ---- | C] () -- C:\Users\Andrea\Kindle.lnk
[2012/04/20 11:35:25 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/18 11:24:54 | 000,033,134 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\UserTile.png
[2012/04/01 13:44:14 | 000,240,855 | ---- | C] () -- C:\Users\Andrea\StudentNotebook.onepkg
[2012/04/01 08:27:39 | 000,005,632 | ---- | C] () -- C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 19:30:58 | 000,007,607 | ---- | C] () -- C:\Users\Andrea\AppData\Local\Resmon.ResmonCfg
[2012/01/07 21:19:43 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011/11/03 04:19:25 | 000,789,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/17 21:50:05 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/17 21:49:58 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/17 21:49:53 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/17 21:49:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/17 21:49:47 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== LOP Check ==========

[2012/02/20 00:51:01 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ASUS WebStorage
[2012/06/06 23:40:32 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\AVG
[2012/09/21 13:58:57 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Azureus
[2012/03/30 11:25:26 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Babylon
[2012/04/23 09:39:47 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\com.Shutterfly.ExpressUploader
[2012/09/22 18:07:13 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Dropbox
[2012/06/07 14:38:44 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\IObit
[2012/09/04 14:07:13 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Nico Mak Computing
[2012/02/24 01:07:50 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Nuance
[2012/05/02 18:49:16 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Primal 3D Body
[2012/03/11 21:40:02 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Shutterfly
[2012/07/19 06:50:45 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\SoftGrid Client
[2012/05/02 12:59:19 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\TeamViewer
[2012/03/10 13:27:06 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\TP
[2012/03/09 19:01:58 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Windows Live Writer
[2012/02/20 03:20:42 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Zeon
[2009/07/13 23:08:49 | 000,020,866 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Andrea\Documents\encore background.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Andrea\Documents\background encore signed.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
  • 0

Advertisements


#2
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts
Hello chsg and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Hi there,
You are using an old copy of OTL, so I would like to see that updated and ran with a custom scan. Please download it to your desktop, and not the downloads folder.
Also, your system drive c: is starting to get a little low on space. Some of what I will do here may free up some more space. It's ok now, but I usually don't recommend free space getting lower than %25, and that's right where you are now.

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in


netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
winsock.*
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs in your next response

Step 2
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 3
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Scan

Posted Image

A log will be produced at C:\ADWCleaner[XX].txt please attach that in your next post

In your next reply I would like to see:
  • New OTL scan
  • ADWCleaner log file
  • RogueKiller log file
  • What are the current symptoms on this computer?

  • 0

#3
chsg

chsg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL logfile created on: 2/5/2013 9:43:45 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrea\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 48.19% Memory free
7.81 Gb Paging File | 5.64 Gb Available in Paging File | 72.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.24 Gb Total Space | 30.26 Gb Free Space | 25.38% Space Free | Partition Type: NTFS
Drive D: | 153.85 Gb Total Space | 0.01 Gb Free Space | 0.01% Space Free | Partition Type: NTFS

Computer Name: SWEETIE | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/05 21:23:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe
PRC - [2013/02/05 09:46:50 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/04 08:50:34 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012/01/07 21:17:56 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011/10/04 14:14:10 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011/10/04 14:14:06 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2011/10/03 17:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/08 16:48:32 | 000,100,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
PRC - [2011/09/08 16:48:30 | 000,092,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
PRC - [2011/07/21 17:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/15 12:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010/08/20 11:57:06 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/06/19 12:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/05 09:46:34 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/09/04 08:50:34 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2011/10/04 14:14:06 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/08/20 11:57:06 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010/08/20 11:57:00 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/03/03 18:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/02/05 09:46:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/04 08:50:35 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/26 20:41:02 | 000,794,560 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/06/15 11:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/08 16:48:30 | 000,092,800 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/06/17 11:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/03/01 22:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/03 03:41:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/03 03:41:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/15 21:35:40 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/09/15 21:35:18 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/31 01:42:04 | 002,769,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/06/02 12:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/06/02 12:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/25 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/31 04:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/20 07:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/24 03:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/20 03:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/09/07 11:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\URLSearchHook: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\InprocServer32 File not found
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - No CLSID value found
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\SearchScopes,DefaultScope = {4B766296-2716-4159-98E6-DE00038FC7E2}
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\SearchScopes\{4B766296-2716-4159-98E6-DE00038FC7E2}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGHP_enUS472
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\SearchScopes\{ED358191-76A4-4D80-AF05-59D365B619F9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519_yserp3tst"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.realsimple.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:2.2.1.611
FF - prefs.js..extensions.enabledAddons: [email protected]:0.1.8.0
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:6.2
FF - prefs.js..extensions.enabledAddons: [email protected]:6.2
FF - prefs.js..extensions.enabledAddons: {68836a21-fc7d-4ea1-a065-7efabd99d414}:3.05
FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.16.0
FF - prefs.js..extensions.enabledAddons: {c07d1a49-9894-49ff-a594-38960ede8fb9}:3.1.10
FF - prefs.js..extensions.enabledAddons: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledAddons: {E6C1199F-E687-42da-8C24-E7770CC3AE66}:1.8.0
FF - prefs.js..keyword.URL: "http://search.yahoo....type=994519&p="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Users\Andrea\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/09/02 12:19:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/05 09:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/20 01:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Extensions
[2013/02/05 21:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions
[2012/08/14 21:03:51 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/09/01 07:22:23 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]
[2013/02/05 09:38:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\staged
[1832/11/28 22:37:17 | 000,002,095 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]
[2012/03/16 13:00:26 | 000,023,443 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}.xpi
[2012/08/02 10:09:20 | 000,447,304 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi
[2012/08/05 07:47:11 | 000,088,908 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}.xpi
[2012/07/09 15:35:15 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2013/02/04 09:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/04 09:37:29 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012/09/04 09:37:29 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\PROGRAM FILES (X86)\VUZE REMOTE TOOLBAR\FF
File not found (No name found) -- C:\USERS\ANDREA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MP3IKG4O.DEFAULT\EXTENSIONS\[email protected]
[2013/02/05 09:46:51 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/05 09:46:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/05 09:46:31 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: McAfee (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Domain Error Assistant = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.0_0\
CHR - Extension: Savings-Slider = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.1_0\
CHR - Extension: Vuze Remote = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.17.1_0\
CHR - Extension: Gmail = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/02 14:32:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O3 - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\Toolbar\WebBrowser: (no name) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-735253538-622638780-3005358582-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-735253538-622638780-3005358582-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-735253538-622638780-3005358582-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA99E6A4-0090-4232-ADB1-A32A4D50F9BF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/05 21:23:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe
[1 C:\Users\Andrea\Documents\*.tmp files -> C:\Users\Andrea\Documents\*.tmp -> ]
[1 C:\Users\Andrea\Desktop\*.tmp files -> C:\Users\Andrea\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/05 21:23:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe
[2013/02/05 21:21:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-735253538-622638780-3005358582-1001UA.job
[2013/02/05 20:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/05 20:54:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/05 20:21:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-735253538-622638780-3005358582-1001Core.job
[2013/02/05 20:10:24 | 000,253,301 | ---- | M] () -- C:\Users\Andrea\Desktop\lotus business png.jpg
[2013/02/05 18:44:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/05 09:18:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/04 09:40:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 09:40:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 09:37:28 | 000,794,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/04 09:37:28 | 000,672,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/04 09:37:28 | 000,125,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/04 09:32:48 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/04 03:35:31 | 000,434,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/04 03:30:01 | 000,789,138 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/04 03:23:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[1 C:\Users\Andrea\Documents\*.tmp files -> C:\Users\Andrea\Documents\*.tmp -> ]
[1 C:\Users\Andrea\Desktop\*.tmp files -> C:\Users\Andrea\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/04 03:19:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/02/04 03:07:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/02/04 00:25:29 | 3145,826,304 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/06 14:36:22 | 000,225,413 | ---- | C] () -- C:\Users\Andrea\AVGInstLog.cab
[2012/04/29 11:33:51 | 000,002,235 | ---- | C] () -- C:\Users\Andrea\Kindle.lnk
[2012/04/20 11:35:25 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/18 11:24:54 | 000,033,134 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\UserTile.png
[2012/04/01 13:44:14 | 000,240,855 | ---- | C] () -- C:\Users\Andrea\StudentNotebook.onepkg
[2012/04/01 08:27:39 | 000,005,632 | ---- | C] () -- C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 19:30:58 | 000,007,607 | ---- | C] () -- C:\Users\Andrea\AppData\Local\Resmon.ResmonCfg
[2012/01/07 21:19:43 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011/11/03 04:19:25 | 000,789,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/17 21:50:05 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/17 21:49:58 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/17 21:49:53 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/17 21:49:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/17 21:49:47 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/02/20 00:51:01 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ASUS WebStorage
[2012/06/06 23:40:32 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\AVG
[2012/09/21 13:58:57 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Azureus
[2012/03/30 11:25:26 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Babylon
[2012/04/23 09:39:47 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\com.Shutterfly.ExpressUploader
[2012/09/22 18:07:13 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Dropbox
[2012/06/07 14:38:44 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\IObit
[2012/09/04 14:07:13 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Nico Mak Computing
[2012/02/24 01:07:50 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Nuance
[2012/05/02 18:49:16 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Primal 3D Body
[2012/03/11 21:40:02 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Shutterfly
[2012/07/19 06:50:45 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\SoftGrid Client
[2012/05/02 12:59:19 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\TeamViewer
[2012/03/10 13:27:06 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\TP
[2012/03/09 19:01:58 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Windows Live Writer
[2012/02/20 03:20:42 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Zeon

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/13 23:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 23:08:49 | 000,020,866 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/23 02:55:33 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/02/23 02:55:33 | 000,000,898 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/03/15 10:19:24 | 000,000,860 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-735253538-622638780-3005358582-1001Core.job
[2012/03/15 10:19:25 | 000,000,912 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-735253538-622638780-3005358582-1001UA.job
[2012/09/04 08:50:35 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 07:25:42 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 07:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 07:25:46 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/01 23:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/01 22:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 07:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 07:26:06 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 06:18:32 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/11/03 03:37:44 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 07:26:40 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/11/03 03:49:03 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 07:27:26 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 07:27:26 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 07:27:26 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 07:27:28 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 07:27:26 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 06:21:20 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 07:27:26 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 07:27:28 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 06:21:30 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 07:25:28 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 07:25:44 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 07:25:44 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 07:27:26 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:64bit: - [2010/11/20 07:27:30 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 07:27:00 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 07:27:30 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 07:25:00 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 06:17:24 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 07:26:08 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 07:27:30 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/11/03 03:41:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/11/03 03:41:04 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/11/03 03:41:04 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/11/03 03:41:04 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/11/03 03:41:04 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/11/03 03:41:04 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/11/03 03:41:04 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/11/03 03:41:04 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/11/03 03:41:04 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/11/03 03:41:04 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 07:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/11/03 03:41:04 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 07:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\ERDNT\cache64\qmgr.dll
[2010/11/20 07:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 07:27:24 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 19:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/07/27 14:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.JSM >
[2012/02/19 05:54:15 | 000,004,467 | ---- | M] () MD5=40DB03A83C58D02B94CE4B33F6B7D0CC -- C:\Users\Andrea\Downloads\Tor Browser\FirefoxPortable\App\Firefox\modules\Services.jsm

< MD5 for: SERVICES.LNK >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.PY >
[2012/09/07 16:21:19 | 000,006,704 | ---- | M] () MD5=0DEC7DB0E7E9F21FF6F499AD1EC8965F -- C:\Users\Andrea\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\handlers\services.py
[2012/09/07 16:21:19 | 000,031,686 | ---- | M] () MD5=6083D6EF5A4FB7E6D7352592B2710B9B -- C:\Users\Andrea\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\components\services.py

< MD5 for: SERVICES.PYC >
[2012/09/07 16:21:32 | 000,030,342 | ---- | M] () MD5=4BB20FDD1536A66D6BEA55F857CA0AF6 -- C:\Users\Andrea\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\components\services.pyc
[2012/09/07 16:21:32 | 000,006,461 | ---- | M] () MD5=9C0A76E72D33FF1F0DFE968C2A26734F -- C:\Users\Andrea\AppData\Local\Plex Media Server\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\handlers\services.pyc

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 06:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 07:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 07:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 12:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Andrea\Documents\encore background.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Andrea\Documents\background encore signed.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >


RogueKiller V8.4.4 [Feb 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Andrea [Admin rights]
Mode : Scan -- Date : 02/06/2013 07:35:27
| ARK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] {0D69848E-D5C6-4C4E-9D68-CCA29C210668} : msiexec.exe /package "C:\Users\Andrea\AppData\Local\Apple\Apple Software Update\iTunes64.msi" -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

RogueKiller V8.4.4 [Feb 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Andrea [Admin rights]
Mode : Scan -- Date : 02/06/2013 07:36:00
| ARK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] notepad.exe -- C:\Windows\notepad.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] {0D69848E-D5C6-4C4E-9D68-CCA29C210668} : msiexec.exe /package "C:\Users\Andrea\AppData\Local\Apple\Apple Software Update\iTunes64.msi" -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BPVT-80JJ5T0 +++++
--- User ---
[MBR] 2d7d94ba8776bd501073fc5c5b67dc55
[BSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 122098 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 302487552 | Size: 157545 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_S_02062013_02d0736.txt >>
RKreport[1]_S_02062013_02d0735.txt ; RKreport[2]_S_02062013_02d0736.txt



# AdwCleaner v2.111 - Logfile created 02/06/2013 at 08:01:27
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Andrea - SWEETIE
# Boot Mode : Normal
# Running from : C:\Users\Andrea\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Application Updater

***** [Files / Folders] *****

File Found : C:\user.js
Folder Found : C:\Program Files (x86)\Application Updater
Folder Found : C:\Program Files (x86)\Common Files\spigot
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Vuze Remote toolbar
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\Users\Andrea\AppData\Local\APN
Folder Found : C:\Users\Andrea\AppData\Local\Conduit
Folder Found : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Folder Found : C:\Users\Andrea\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Andrea\AppData\LocalLow\Conduit
Folder Found : C:\Users\Andrea\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Andrea\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Andrea\AppData\Roaming\Babylon
Folder Found : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\ConduitCommon

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\RewardsArcade
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Search Settings
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\RewardsArcade.FBApi
Key Found : HKLM\SOFTWARE\Classes\RewardsArcade.FBApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3061355
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25514C64-8321-494E-BD3E-3DBAB3F8CEBA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\prefs.js

Found : user_pref("CT2504091..clientLogIsEnabled", false);
Found : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
Found : user_pref("CT2504091.CTID", "CT2504091");
Found : user_pref("CT2504091.CurrentServerDate", "2-9-2012");
Found : user_pref("CT2504091.DSInstall", false);
Found : user_pref("CT2504091.DialogsAlignMode", "LTR");
Found : user_pref("CT2504091.DialogsGetterLastCheckTime", "Thu Aug 30 2012 05:23:16 GMT-0500 (Central Daylig[...]
Found : user_pref("CT2504091.DownloadReferralCookieData", "");
Found : user_pref("CT2504091.EMailNotifierPollDate", "Thu May 10 2012 10:28:15 GMT-0500 (Central Daylight Ti[...]
Found : user_pref("CT2504091.FeedLastCount129079840422964131", 7);
Found : user_pref("CT2504091.FeedPollDate128891351169457140", "Thu May 10 2012 12:30:38 GMT-0500 (Central Da[...]
Found : user_pref("CT2504091.FeedPollDate129079840422964131", "Thu May 10 2012 10:28:16 GMT-0500 (Central Da[...]
Found : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Found : user_pref("CT2504091.FirstServerDate", "10-5-2012");
Found : user_pref("CT2504091.FirstTime", true);
Found : user_pref("CT2504091.FirstTimeFF3", true);
Found : user_pref("CT2504091.FirstTimeHiddenVer", true);
Found : user_pref("CT2504091.FixPageNotFoundErrors", true);
Found : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2504091.HPInstall", false);
Found : user_pref("CT2504091.HasUserGlobalKeys", true);
Found : user_pref("CT2504091.HomePageProtectorEnabled", false);
Found : user_pref("CT2504091.HomepageBeforeUnload", "www.whyeat.net/forum/entries/3162-50-Reasons-to-be-thin[...]
Found : user_pref("CT2504091.Initialize", true);
Found : user_pref("CT2504091.InitializeCommonPrefs", true);
Found : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2504091.InstallationId", "ConduitNSISIntegration");
Found : user_pref("CT2504091.InstallationType", "ConduitNSISIntegration");
Found : user_pref("CT2504091.InstalledDate", "Thu May 10 2012 10:28:15 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT2504091.IsAlertDBUpdated", true);
Found : user_pref("CT2504091.IsGrouping", false);
Found : user_pref("CT2504091.IsInitSetupIni", true);
Found : user_pref("CT2504091.IsMulticommunity", false);
Found : user_pref("CT2504091.IsOpenThankYouPage", false);
Found : user_pref("CT2504091.IsOpenUninstallPage", false);
Found : user_pref("CT2504091.LanguagePackLastCheckTime", "Sun Sep 02 2012 09:15:25 GMT-0500 (Central Dayligh[...]
Found : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2504091.LastLogin_3.12.2.3", "Tue May 22 2012 12:58:10 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2504091.LastLogin_3.13.0.6", "Fri Jul 13 2012 17:39:22 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2504091.LastLogin_3.14.1.0", "Tue Aug 21 2012 11:06:08 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2504091.LastLogin_3.15.1.0", "Sun Sep 02 2012 08:03:58 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2504091.LatestVersion", "3.15.1.0");
Found : user_pref("CT2504091.Locale", "en-us");
Found : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Found : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Found : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Found : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2504091.OriginalFirstVersion", "3.12.2.3");
Found : user_pref("CT2504091.SearchCaption", "Web Search");
Found : user_pref("CT2504091.SearchEngineBeforeUnload", "Google");
Found : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Found : user_pref("CT2504091.SearchInNewTabEnabled", true);
Found : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Sun Sep 02 2012 09:15:26 GMT-0500 (Central Dayli[...]
Found : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2504091.SearchProtectorEnabled", false);
Found : user_pref("CT2504091.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2504091.SendProtectorDataViaLogin", true);
Found : user_pref("CT2504091.ServiceMapLastCheckTime", "Sun Sep 02 2012 09:15:26 GMT-0500 (Central Daylight [...]
Found : user_pref("CT2504091.SettingsLastCheckTime", "Sun Sep 02 2012 08:03:57 GMT-0500 (Central Daylight Ti[...]
Found : user_pref("CT2504091.SettingsLastUpdate", "1346236147");
Found : user_pref("CT2504091.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13");
Found : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Thu May 10 2012 10:28:15 GMT-0500 (Central Day[...]
Found : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Found : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2504091.UserID", "UN02913512173888022");
Found : user_pref("CT2504091.alertChannelId", "897164");
Found : user_pref("CT2504091.autoDisableScopes", -1);
Found : user_pref("CT2504091.backendstorage.cbcountry_000", "5553");
Found : user_pref("CT2504091.backendstorage.cbfirsttime", "546875204D617920313020323031322031303A32383A32312[...]
Found : user_pref("CT2504091.backendstorage.shoppingapp.gk.exipres", "547565204D617920313520323031322031303A[...]
Found : user_pref("CT2504091.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Found : user_pref("CT2504091.backendstorage.url_history0001", "687474703A2F2F7777772E676F6F676C652E636F6D2F7[...]
Found : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Thu May 10 2012 10:28:17 GMT-0500 (Central [...]
Found : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2504091.initDone", true);
Found : user_pref("CT2504091.isAppTrackingManagerOn", true);
Found : user_pref("CT2504091.myStuffEnabled", true);
Found : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2504091.navigateToUrlOnSearch", false);
Found : user_pref("CT2504091.revertSettingsEnabled", false);
Found : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Found : user_pref("CT2504091.testingCtid", "");
Found : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Sat Sep 01 2012 09:15:25 GMT-0500 (Central D[...]
Found : user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Thu May 10 2012 10:28:17 GMT-0500 (Central D[...]
Found : user_pref("CT2504091.usagesFlag", 2);
Found : user_pref("CT3061355..clientLogIsEnabled", false);
Found : user_pref("CT3061355..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3061355..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3061355.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT3061355.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3061355.BrowserCompStateIsOpen_129559837146690083", true);
Found : user_pref("CT3061355.CTID", "CT3061355");
Found : user_pref("CT3061355.CurrentServerDate", "22-5-2012");
Found : user_pref("CT3061355.DSInstall", false);
Found : user_pref("CT3061355.DialogsAlignMode", "LTR");
Found : user_pref("CT3061355.DialogsGetterLastCheckTime", "Sun May 20 2012 20:01:16 GMT-0500 (Central Daylig[...]
Found : user_pref("CT3061355.DownloadReferralCookieData", "");
Found : user_pref("CT3061355.FirstServerDate", "10-4-2012");
Found : user_pref("CT3061355.FirstTime", true);
Found : user_pref("CT3061355.FirstTimeFF3", true);
Found : user_pref("CT3061355.FixPageNotFoundErrors", false);
Found : user_pref("CT3061355.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3061355.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3061355.HPInstall", false);
Found : user_pref("CT3061355.HasUserGlobalKeys", true);
Found : user_pref("CT3061355.Initialize", true);
Found : user_pref("CT3061355.InitializeCommonPrefs", true);
Found : user_pref("CT3061355.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT3061355.InstallationId", "ConduitNSISIntegration");
Found : user_pref("CT3061355.InstallationType", "ConduitXPEIntegration");
Found : user_pref("CT3061355.InstalledDate", "Tue Apr 10 2012 14:23:38 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT3061355.InvalidateCache", false);
Found : user_pref("CT3061355.IsAlertDBUpdated", true);
Found : user_pref("CT3061355.IsGrouping", false);
Found : user_pref("CT3061355.IsInitSetupIni", true);
Found : user_pref("CT3061355.IsMulticommunity", false);
Found : user_pref("CT3061355.IsOpenThankYouPage", false);
Found : user_pref("CT3061355.IsOpenUninstallPage", true);
Found : user_pref("CT3061355.LanguagePackLastCheckTime", "Tue May 22 2012 00:12:22 GMT-0500 (Central Dayligh[...]
Found : user_pref("CT3061355.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3061355.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3061355.LastLogin_3.10.0.1", "Wed Apr 11 2012 15:28:56 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT3061355.LastLogin_3.12.2.3", "Tue May 22 2012 12:58:10 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT3061355.LatestVersion", "3.12.2.3");
Found : user_pref("CT3061355.Locale", "en");
Found : user_pref("CT3061355.MCDetectTooltipHeight", "83");
Found : user_pref("CT3061355.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Found : user_pref("CT3061355.MCDetectTooltipWidth", "295");
Found : user_pref("CT3061355.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT3061355.OriginalFirstVersion", "3.10.0.1");
Found : user_pref("CT3061355.RadioIsPodcast", false);
Found : user_pref("CT3061355.RadioLastCheckTime", "Thu Apr 12 2012 16:09:16 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT3061355.RadioLastUpdateIPServer", "3");
Found : user_pref("CT3061355.RadioLastUpdateServer", "3");
Found : user_pref("CT3061355.RadioMediaID", "9962");
Found : user_pref("CT3061355.RadioMediaType", "Media Player");
Found : user_pref("CT3061355.RadioMenuSelectedID", "EBRadioMenu_CT30613559962");
Found : user_pref("CT3061355.RadioShrinkedFromSetup", false);
Found : user_pref("CT3061355.RadioStationName", "California%20Rock");
Found : user_pref("CT3061355.RadioStationURL", "hxxp://feedlive.net/california.asx");
Found : user_pref("CT3061355.SHRINK_TOOLBAR", 1);
Found : user_pref("CT3061355.SearchCaption", "SmileBox EN Customized Web Search");
Found : user_pref("CT3061355.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3061355.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT306[...]
Found : user_pref("CT3061355.SearchInNewTabEnabled", true);
Found : user_pref("CT3061355.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3061355.SearchInNewTabLastCheckTime", "Fri May 18 2012 23:32:05 GMT-0500 (Central Dayli[...]
Found : user_pref("CT3061355.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3061355.SendProtectorDataViaLogin", true);
Found : user_pref("CT3061355.ServiceMapLastCheckTime", "Sat May 19 2012 23:12:40 GMT-0500 (Central Daylight [...]
Found : user_pref("CT3061355.SettingsLastCheckTime", "Tue May 22 2012 10:17:38 GMT-0500 (Central Daylight Ti[...]
Found : user_pref("CT3061355.SettingsLastUpdate", "1337169810");
Found : user_pref("CT3061355.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3061355&SearchSource=13");
Found : user_pref("CT3061355.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3061355.ThirdPartyComponentsLastCheck", "Tue Apr 10 2012 14:23:38 GMT-0500 (Central Day[...]
Found : user_pref("CT3061355.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT3061355.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT3061355.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3061355");
Found : user_pref("CT3061355.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3061355.UserID", "UN75241545479120367");
Found : user_pref("CT3061355.ValidationData_Search", 2);
Found : user_pref("CT3061355.ValidationData_Toolbar", 2);
Found : user_pref("CT3061355.WeatherNetwork", "");
Found : user_pref("CT3061355.WeatherPollDate", "Wed Apr 11 2012 18:17:19 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT3061355.WeatherUnit", "F");
Found : user_pref("CT3061355.alertChannelId", "1452883");
Found : user_pref("CT3061355.autoDisableScopes", -1);
Found : user_pref("CT3061355.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3061355.globalFirstTimeInfoLastCheckTime", "Tue Apr 10 2012 14:23:39 GMT-0500 (Central [...]
Found : user_pref("CT3061355.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3061355.initDone", true);
Found : user_pref("CT3061355.isAppTrackingManagerOn", true);
Found : user_pref("CT3061355.isFirstRadioInstallation", false);
Found : user_pref("CT3061355.myStuffEnabled", true);
Found : user_pref("CT3061355.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3061355.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3061355.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3061355.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3061355.navigateToUrlOnSearch", false);
Found : user_pref("CT3061355.revertSettingsEnabled", false);
Found : user_pref("CT3061355.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3061355.searchProtectorEnableByLogin", true);
Found : user_pref("CT3061355.testingCtid", "");
Found : user_pref("CT3061355.toolbarAppMetaDataLastCheckTime", "Fri May 18 2012 11:59:06 GMT-0500 (Central D[...]
Found : user_pref("CT3061355.toolbarContextMenuLastCheckTime", "Tue Apr 10 2012 14:23:40 GMT-0500 (Central D[...]
Found : user_pref("CT3061355.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3061355/CT3061355[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1452883/1448538/US", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3061355", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3061355",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Andrea\\AppData\\Roaming\\Mozilla\\[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.smilebox.com/?loc=SB_FF_A[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT3061355,CT2504091");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3061355,CT2504091");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3061355,CT2504091");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Apr 12 2012 17:35:39 GMT-0500 (Cen[...]
Found : user_pref("CommunityToolbar.globalUserId", "5a2eb043-2652-4bfa-8a00-a9c582d420e9");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2504091");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu May 10 2012 10:28:1[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu May 10 2012 10:28:24 GMT-050[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu May 10 2012 10:28:17 GMT-0500 (C[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "549e2f3b-b0ca-4b0f-8c45-ab2e87d9e914");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://mystart.smilebox.com?a=6OyytkGr1t");
Found : user_pref("CommunityToolbar.originalSearchEngine", "MyStart Search");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935&tt=290312_bexdll");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "008edbb0000000000000c860000a5ac7");
Found : user_pref("extensions.BabylonToolbar_i.id", "008edbb0000000000000c860000a5ac7");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15440");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109935&tt=29031[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:41:55");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.wajam.affiliate_id", "6447");
Found : user_pref("extensions.wajam.firstrun", "false");
Found : user_pref("extensions.wajam.log_info_only_error", "false");
Found : user_pref("extensions.wajam.log_send_info", "true");
Found : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21082\",\"supported_sites\":{\[...]
Found : user_pref("extensions.wajam.no_trace", "false");
Found : user_pref("extensions.wajam.server_current_mapping_version", "0.21082");
Found : user_pref("extensions.wajam.trace_log", "1334019852319 - getMatchingSiteName - url: hxxp://www.babyl[...]
Found : user_pref("extensions.wajam.unique_id", "695002221C51E8AF60E98E6EBF2F2F5C");
Found : user_pref("extensions.wajam.user_current_mapping_version", "0");
Found : user_pref("extensions.wajam.version", "1.24");

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [31040 octets] - [06/02/2013 08:01:27]

########## EOF - C:\AdwCleaner[R1].txt - [31101 octets] ##########
  • 0

#4
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts
Hi there,
Just want to let you know that I will be working on your logs this morning. Sorry, I had a long hard day at work yesterday.
  • 0

#5
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts
Hi there,
Let's get busy removing junk.
You never did answer my question, what are the current symptoms on your computer?
Can you please post the extras.txt file that was created when you first ran OTL? It's most likely in your downloads folder.
if you can't find it, that's ok, I can generate a new one.


Step 1
Before we really start, I would like you to start Chrome and remove some bad extensions.
Start Chrome
Click on the Chrome menu on the browsers toolbar (it looks like 3 bars stacked up)
Click Tools
Select Extensions
Click on the Trash Can icon next to these extensions:
  • Domain Error Assistant
  • Savings-Slider
  • Vuze Remote
A confirmation will appear for each one of these, so click on Remove when prompted

Step 2
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 3
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    SRV - [2012/07/26 20:41:02 | 000,794,560 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\URLSearchHook: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\InprocServer32 File not found
    IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - No CLSID value found
    IE - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\SearchScopes,DefaultScope = {4B766296-2716-4159-98E6-DE00038FC7E2}
    FF - prefs.js..keyword.URL: "http://search.yahoo....type=994519&p="
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519_yserp3tst"
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
    FF - prefs.js..extensions.enabledAddons: [email protected]:6.2
    FF - prefs.js..extensions.enabledAddons: [email protected]:6.2
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Users\Andrea\AppData\Local\RewardsArcade\498\Firefox
    [2013/02/05 09:38:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\staged
    [1832/11/28 22:37:17 | 000,002,095 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]
    [2012/09/04 09:37:29 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
    [2012/09/04 09:37:29 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\PROGRAM FILES (X86)\VUZE REMOTE TOOLBAR\FF
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - Reg Error: Value error. File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
    O3 - HKU\S-1-5-21-735253538-622638780-3005358582-1001\..\Toolbar\WebBrowser: (no name) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-735253538-622638780-3005358582-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe (Adobe Systems Incorporated)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
    [2012/03/30 11:25:26 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Babylon
    [2012/06/07 14:38:44 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\IObit
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 4
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 5
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.

Posted Image

  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

In your next reply I would like to see:
  • Was removing the bad extensions in Chrome successful?
  • checkup.txt from Security Check
  • OTL fix log
  • ADWCleaner log
  • All the new roguekiller logs, if you post the old one too, that's ok. I can tell by the scan dates which one is which.
  • How is your computer doing now?

  • 0

#6
chsg

chsg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The symptoms on my computer were SEVERELY slow; however,I went to a restore point from months ago and got the computer up and running again.

I believe the Chrome applications (or whatever you call them) were removed successfully.

Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
McAfee SiteAdvisor
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.4.402.265 Flash Player out of Date!
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (18.0.2)
Google Chrome 21.0.1180.89
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-735253538-622638780-3005358582-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-735253538-622638780-3005358582-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
Registry value HKEY_USERS\S-1-5-21-735253538-622638780-3005358582-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f897eb0e-a3a4-46c3-80eb-2729699d8892} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f897eb0e-a3a4-46c3-80eb-2729699d8892}\ not found.
HKEY_USERS\S-1-5-21-735253538-622638780-3005358582-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: "http://search.yahoo....type=994519&p=" removed from keyword.URL
Prefs.js: "chr-greentree_ff&ilc=12&type=994519_yserp3tst" removed from browser.search.param.yahoo-fr
Prefs.js: [email protected]:1.0 removed from extensions.enabledAddons
Prefs.js: [email protected]:6.2 removed from extensions.enabledAddons
Prefs.js: [email protected]:6.2 removed from extensions.enabledAddons
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected] deleted successfully.
File C:\Users\Andrea\AppData\Local\RewardsArcade\498\Firefox not found.
Folder C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\staged\ not found.
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected] moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\chrome\content folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.
C:\PROGRAM FILES (X86)\VUZE REMOTE TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\VUZE REMOTE TOOLBAR\FF folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{05478A66-EDB6-4A22-A870-A5987F80A7DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-735253538-622638780-3005358582-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-735253538-622638780-3005358582-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
Registry value HKEY_USERS\S-1-5-21-735253538-622638780-3005358582-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F897EB0E-A3A4-46C3-80EB-2729699D8892} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F897EB0E-A3A4-46C3-80EB-2729699D8892}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-735253538-622638780-3005358582-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate deleted successfully.
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_Plugin.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Folder C:\Users\Andrea\AppData\Roaming\Babylon\ not found.
C:\Users\Andrea\AppData\Roaming\IObit\Advanced SystemCare V5\Toolbox folder moved successfully.
C:\Users\Andrea\AppData\Roaming\IObit\Advanced SystemCare V5\Log folder moved successfully.
C:\Users\Andrea\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime folder moved successfully.
C:\Users\Andrea\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\Users\Andrea\AppData\Roaming\IObit folder moved successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andrea
->Temp folder emptied: 269650676 bytes
->Temporary Internet Files folder emptied: 155861329 bytes
->Java cache emptied: 98390 bytes
->FireFox cache emptied: 129761387 bytes
->Google Chrome cache emptied: 6851411 bytes
->Flash cache emptied: 3894 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 128073503 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 1666383468 bytes

Total Files Cleaned = 2,248.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02082013_170910

Files\Folders moved on Reboot...
C:\Users\Andrea\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Andrea\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Andrea\AppData\Local\Mozilla\Firefox\Profiles\mp3ikg4o.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Andrea\AppData\Local\Mozilla\Firefox\Profiles\mp3ikg4o.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Andrea\AppData\Local\Mozilla\Firefox\Profiles\mp3ikg4o.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Andrea\AppData\Local\Mozilla\Firefox\Profiles\mp3ikg4o.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Andrea\AppData\Local\Mozilla\Firefox\Profiles\mp3ikg4o.default\_CACHE_CLEAN_ moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



# AdwCleaner v2.111 - Logfile created 02/08/2013 at 17:37:22
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Andrea - SWEETIE
# Boot Mode : Normal
# Running from : C:\Users\Andrea\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Vuze Remote toolbar
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Andrea\AppData\Local\APN
Folder Deleted : C:\Users\Andrea\AppData\Local\Conduit
Folder Deleted : C:\Users\Andrea\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Andrea\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Andrea\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Andrea\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\ConduitCommon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\RewardsArcade
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\RewardsArcade.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\RewardsArcade.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3061355
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25514C64-8321-494E-BD3E-3DBAB3F8CEBA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\prefs.js

C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\user.js ... Deleted !

Deleted : user_pref("CT2504091..clientLogIsEnabled", false);
Deleted : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
Deleted : user_pref("CT2504091.CTID", "CT2504091");
Deleted : user_pref("CT2504091.CurrentServerDate", "2-9-2012");
Deleted : user_pref("CT2504091.DSInstall", false);
Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2504091.DialogsGetterLastCheckTime", "Thu Aug 30 2012 05:23:16 GMT-0500 (Central Daylig[...]
Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");
Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Thu May 10 2012 10:28:15 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 7);
Deleted : user_pref("CT2504091.FeedPollDate128891351169457140", "Thu May 10 2012 12:30:38 GMT-0500 (Central Da[...]
Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Thu May 10 2012 10:28:16 GMT-0500 (Central Da[...]
Deleted : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Deleted : user_pref("CT2504091.FirstServerDate", "10-5-2012");
Deleted : user_pref("CT2504091.FirstTime", true);
Deleted : user_pref("CT2504091.FirstTimeFF3", true);
Deleted : user_pref("CT2504091.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2504091.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2504091.HPInstall", false);
Deleted : user_pref("CT2504091.HasUserGlobalKeys", true);
Deleted : user_pref("CT2504091.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2504091.HomepageBeforeUnload", "www.whyeat.net/forum/entries/3162-50-Reasons-to-be-thin[...]
Deleted : user_pref("CT2504091.Initialize", true);
Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2504091.InstallationId", "ConduitNSISIntegration");
Deleted : user_pref("CT2504091.InstallationType", "ConduitNSISIntegration");
Deleted : user_pref("CT2504091.InstalledDate", "Thu May 10 2012 10:28:15 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT2504091.IsAlertDBUpdated", true);
Deleted : user_pref("CT2504091.IsGrouping", false);
Deleted : user_pref("CT2504091.IsInitSetupIni", true);
Deleted : user_pref("CT2504091.IsMulticommunity", false);
Deleted : user_pref("CT2504091.IsOpenThankYouPage", false);
Deleted : user_pref("CT2504091.IsOpenUninstallPage", false);
Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Sun Sep 02 2012 09:15:25 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2504091.LastLogin_3.12.2.3", "Tue May 22 2012 12:58:10 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2504091.LastLogin_3.13.0.6", "Fri Jul 13 2012 17:39:22 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2504091.LastLogin_3.14.1.0", "Tue Aug 21 2012 11:06:08 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2504091.LastLogin_3.15.1.0", "Sun Sep 02 2012 08:03:58 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT2504091.LatestVersion", "3.15.1.0");
Deleted : user_pref("CT2504091.Locale", "en-us");
Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2504091.OriginalFirstVersion", "3.12.2.3");
Deleted : user_pref("CT2504091.SearchCaption", "Web Search");
Deleted : user_pref("CT2504091.SearchEngineBeforeUnload", "Google");
Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Sun Sep 02 2012 09:15:26 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2504091.SearchProtectorEnabled", false);
Deleted : user_pref("CT2504091.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2504091.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2504091.ServiceMapLastCheckTime", "Sun Sep 02 2012 09:15:26 GMT-0500 (Central Daylight [...]
Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Sun Sep 02 2012 08:03:57 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT2504091.SettingsLastUpdate", "1346236147");
Deleted : user_pref("CT2504091.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13");
Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Thu May 10 2012 10:28:15 GMT-0500 (Central Day[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Deleted : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2504091.UserID", "UN02913512173888022");
Deleted : user_pref("CT2504091.alertChannelId", "897164");
Deleted : user_pref("CT2504091.autoDisableScopes", -1);
Deleted : user_pref("CT2504091.backendstorage.cbcountry_000", "5553");
Deleted : user_pref("CT2504091.backendstorage.cbfirsttime", "546875204D617920313020323031322031303A32383A32312[...]
Deleted : user_pref("CT2504091.backendstorage.shoppingapp.gk.exipres", "547565204D617920313520323031322031303A[...]
Deleted : user_pref("CT2504091.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Deleted : user_pref("CT2504091.backendstorage.url_history0001", "687474703A2F2F7777772E676F6F676C652E636F6D2F7[...]
Deleted : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Thu May 10 2012 10:28:17 GMT-0500 (Central [...]
Deleted : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2504091.initDone", true);
Deleted : user_pref("CT2504091.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2504091.myStuffEnabled", true);
Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2504091.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2504091.revertSettingsEnabled", false);
Deleted : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2504091.testingCtid", "");
Deleted : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Sat Sep 01 2012 09:15:25 GMT-0500 (Central D[...]
Deleted : user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Thu May 10 2012 10:28:17 GMT-0500 (Central D[...]
Deleted : user_pref("CT2504091.usagesFlag", 2);
Deleted : user_pref("CT3061355..clientLogIsEnabled", false);
Deleted : user_pref("CT3061355..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3061355..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3061355.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3061355.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3061355.BrowserCompStateIsOpen_129559837146690083", true);
Deleted : user_pref("CT3061355.CTID", "CT3061355");
Deleted : user_pref("CT3061355.CurrentServerDate", "22-5-2012");
Deleted : user_pref("CT3061355.DSInstall", false);
Deleted : user_pref("CT3061355.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3061355.DialogsGetterLastCheckTime", "Sun May 20 2012 20:01:16 GMT-0500 (Central Daylig[...]
Deleted : user_pref("CT3061355.DownloadReferralCookieData", "");
Deleted : user_pref("CT3061355.FirstServerDate", "10-4-2012");
Deleted : user_pref("CT3061355.FirstTime", true);
Deleted : user_pref("CT3061355.FirstTimeFF3", true);
Deleted : user_pref("CT3061355.FixPageNotFoundErrors", false);
Deleted : user_pref("CT3061355.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3061355.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3061355.HPInstall", false);
Deleted : user_pref("CT3061355.HasUserGlobalKeys", true);
Deleted : user_pref("CT3061355.Initialize", true);
Deleted : user_pref("CT3061355.InitializeCommonPrefs", true);
Deleted : user_pref("CT3061355.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3061355.InstallationId", "ConduitNSISIntegration");
Deleted : user_pref("CT3061355.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT3061355.InstalledDate", "Tue Apr 10 2012 14:23:38 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT3061355.InvalidateCache", false);
Deleted : user_pref("CT3061355.IsAlertDBUpdated", true);
Deleted : user_pref("CT3061355.IsGrouping", false);
Deleted : user_pref("CT3061355.IsInitSetupIni", true);
Deleted : user_pref("CT3061355.IsMulticommunity", false);
Deleted : user_pref("CT3061355.IsOpenThankYouPage", false);
Deleted : user_pref("CT3061355.IsOpenUninstallPage", true);
Deleted : user_pref("CT3061355.LanguagePackLastCheckTime", "Tue May 22 2012 00:12:22 GMT-0500 (Central Dayligh[...]
Deleted : user_pref("CT3061355.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3061355.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3061355.LastLogin_3.10.0.1", "Wed Apr 11 2012 15:28:56 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT3061355.LastLogin_3.12.2.3", "Tue May 22 2012 12:58:10 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT3061355.LatestVersion", "3.12.2.3");
Deleted : user_pref("CT3061355.Locale", "en");
Deleted : user_pref("CT3061355.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3061355.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT3061355.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3061355.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3061355.OriginalFirstVersion", "3.10.0.1");
Deleted : user_pref("CT3061355.RadioIsPodcast", false);
Deleted : user_pref("CT3061355.RadioLastCheckTime", "Thu Apr 12 2012 16:09:16 GMT-0500 (Central Daylight Time)[...]
Deleted : user_pref("CT3061355.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3061355.RadioLastUpdateServer", "3");
Deleted : user_pref("CT3061355.RadioMediaID", "9962");
Deleted : user_pref("CT3061355.RadioMediaType", "Media Player");
Deleted : user_pref("CT3061355.RadioMenuSelectedID", "EBRadioMenu_CT30613559962");
Deleted : user_pref("CT3061355.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3061355.RadioStationName", "California%20Rock");
Deleted : user_pref("CT3061355.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT3061355.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT3061355.SearchCaption", "SmileBox EN Customized Web Search");
Deleted : user_pref("CT3061355.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3061355.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT306[...]
Deleted : user_pref("CT3061355.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3061355.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3061355.SearchInNewTabLastCheckTime", "Fri May 18 2012 23:32:05 GMT-0500 (Central Dayli[...]
Deleted : user_pref("CT3061355.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3061355.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3061355.ServiceMapLastCheckTime", "Sat May 19 2012 23:12:40 GMT-0500 (Central Daylight [...]
Deleted : user_pref("CT3061355.SettingsLastCheckTime", "Tue May 22 2012 10:17:38 GMT-0500 (Central Daylight Ti[...]
Deleted : user_pref("CT3061355.SettingsLastUpdate", "1337169810");
Deleted : user_pref("CT3061355.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3061355&SearchSource=13");
Deleted : user_pref("CT3061355.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3061355.ThirdPartyComponentsLastCheck", "Tue Apr 10 2012 14:23:38 GMT-0500 (Central Day[...]
Deleted : user_pref("CT3061355.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT3061355.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3061355.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3061355");
Deleted : user_pref("CT3061355.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3061355.UserID", "UN75241545479120367");
Deleted : user_pref("CT3061355.ValidationData_Search", 2);
Deleted : user_pref("CT3061355.ValidationData_Toolbar", 2);
Deleted : user_pref("CT3061355.WeatherNetwork", "");
Deleted : user_pref("CT3061355.WeatherPollDate", "Wed Apr 11 2012 18:17:19 GMT-0500 (Central Daylight Time)");
Deleted : user_pref("CT3061355.WeatherUnit", "F");
Deleted : user_pref("CT3061355.alertChannelId", "1452883");
Deleted : user_pref("CT3061355.autoDisableScopes", -1);
Deleted : user_pref("CT3061355.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3061355.globalFirstTimeInfoLastCheckTime", "Tue Apr 10 2012 14:23:39 GMT-0500 (Central [...]
Deleted : user_pref("CT3061355.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3061355.initDone", true);
Deleted : user_pref("CT3061355.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3061355.isFirstRadioInstallation", false);
Deleted : user_pref("CT3061355.myStuffEnabled", true);
Deleted : user_pref("CT3061355.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3061355.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3061355.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3061355.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3061355.navigateToUrlOnSearch", false);
Deleted : user_pref("CT3061355.revertSettingsEnabled", false);
Deleted : user_pref("CT3061355.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3061355.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3061355.testingCtid", "");
Deleted : user_pref("CT3061355.toolbarAppMetaDataLastCheckTime", "Fri May 18 2012 11:59:06 GMT-0500 (Central D[...]
Deleted : user_pref("CT3061355.toolbarContextMenuLastCheckTime", "Tue Apr 10 2012 14:23:40 GMT-0500 (Central D[...]
Deleted : user_pref("CT3061355.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3061355/CT3061355[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1452883/1448538/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3061355", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3061355",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"67e[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Andrea\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.smilebox.com/?loc=SB_FF_A[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3061355,CT2504091");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3061355,CT2504091");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3061355,CT2504091");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Apr 12 2012 17:35:39 GMT-0500 (Cen[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "5a2eb043-2652-4bfa-8a00-a9c582d420e9");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2504091");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu May 10 2012 10:28:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu May 10 2012 10:28:24 GMT-050[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu May 10 2012 10:28:17 GMT-0500 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "549e2f3b-b0ca-4b0f-8c45-ab2e87d9e914");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://mystart.smilebox.com?a=6OyytkGr1t");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "MyStart Search");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935&tt=290312_bexdll");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "008edbb0000000000000c860000a5ac7");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "008edbb0000000000000c860000a5ac7");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15440");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109935&tt=29031[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:41:55");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.wajam.affiliate_id", "6447");
Deleted : user_pref("extensions.wajam.firstrun", "false");
Deleted : user_pref("extensions.wajam.log_info_only_error", "false");
Deleted : user_pref("extensions.wajam.log_send_info", "true");
Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21082\",\"supported_sites\":{\[...]
Deleted : user_pref("extensions.wajam.no_trace", "false");
Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21082");
Deleted : user_pref("extensions.wajam.trace_log", "1334019852319 - getMatchingSiteName - url: hxxp://www.babyl[...]
Deleted : user_pref("extensions.wajam.unique_id", "695002221C51E8AF60E98E6EBF2F2F5C");
Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
Deleted : user_pref("extensions.wajam.version", "1.24");

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [31157 octets] - [06/02/2013 08:01:27]
AdwCleaner[S1].txt - [33923 octets] - [08/02/2013 17:37:22]

########## EOF - C:\AdwCleaner[S1].txt - [33984 octets] ##########



RogueKiller V8.5.0 [Feb 8 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Andrea [Admin rights]
Mode : Scan -- Date : 02/08/2013 18:14:17
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] {0D69848E-D5C6-4C4E-9D68-CCA29C210668} : msiexec.exe /package "C:\Users\Andrea\AppData\Local\Apple\Apple Software Update\iTunes64.msi" -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BPVT-80JJ5T0 +++++
--- User ---
[MBR] 2d7d94ba8776bd501073fc5c5b67dc55
[BSP] 6038da5abdb86a32e945c2c6aa172f56 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 122098 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 302487552 | Size: 157545 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SanDisk Cruzer Switch USB Device +++++
--- User ---
[MBR] 33a0f33fb7e7f518f64aedcb9dad35b0
[BSP] df4f83c1f72e36823a12b0dfc7617313 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 32 | Size: 7633 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3]_S_02082013_02d1814.txt >>
RKreport[1]_S_02062013_02d0735.txt ; RKreport[2]_S_02062013_02d0736.txt ; RKreport[3]_S_02082013_02d1814.txt



RogueKiller V8.5.0 [Feb 8 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Andrea [Admin rights]
Mode : Shortcuts HJfix -- Date : 02/08/2013 18:32:13
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 5 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 162 / Fail 0
My documents: Success 13 / Fail 13
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 28 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1004 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[Q:] \Device\SftVol -- 0x3 --> Restored

Finished : << RKreport[4]_SC_02082013_02d1832.txt >>
RKreport[1]_S_02062013_02d0735.txt ; RKreport[2]_S_02062013_02d0736.txt ; RKreport[3]_S_02082013_02d1814.txt ; RKreport[4]_SC_02082013_02d1832.txt


thank you thank you thank you thank you thank you thank you!!
  • 0

#7
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts
Hi there --
the computer is feeling better now?
Let's continue, I would like to sweep for any remnants next -

Step 1
Posted Image Please run Malwarebytes' Anti-Malware

  • Go to the Update tab and check for updates, please install any updates found.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2

Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply I would like to see:
  • MalwareBytes log
  • ESET online scan results - careful this one is easy to miss
  • How is the computer? Any symptoms or issues?

  • 0

#8
chsg

chsg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.10.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andrea :: SWEETIE [administrator]

2/12/2013 2:26:02 PM
mbam-log-2013-02-12 (14-26-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213110
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Default\aadadjgdgbgbdgdgdigcdedidedgdhda\ContentScript.js Win32/BHO.OEI trojan
C:\Users\Andrea\Downloads\Endocrinology_for_dummies_downloader_407.exe a variant of Win32/YourFileDownloader application
C:\Users\Andrea\Downloads\WinZip170.exe a variant of Win32/OpenInstall application
D:\SWEETIE\Backup Set 2013-02-04 013550\Backup Files 2013-02-04 013550\Backup files 2.zip a variant of Win32/YourFileDownloader application
D:\SWEETIE\Backup Set 2013-02-04 013550\Backup Files 2013-02-08 183924\Backup files 1.zip multiple threats
  • 0

#9
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts
Hi -
That looks very good, let's remove those files that ESET found -
Please be aware that 2 of those files say they are backups, so you are going to need to make new backups of whatever is in those zip files, without the infected files of course.

We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL by right clicking on the icon and selecting Run as administrator
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    :files
    C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Default\aadadjgdgbgbdgdgdigcdedidedgdhda\ContentScript.js
    C:\Users\Andrea\Downloads\Endocrinology_for_dummies_downloader_407.exe
    C:\Users\Andrea\Downloads\WinZip170.exe
    D:\SWEETIE\Backup Set 2013-02-04 013550\Backup Files 2013-02-04 013550\Backup files 2.zip
    D:\SWEETIE\Backup Set 2013-02-04 013550\Backup Files 2013-02-08 183924\Backup files 1.zip
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#10
chsg

chsg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL logfile created on: 2/13/2013 6:43:29 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andrea\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 62.09% Memory free
7.81 Gb Paging File | 6.23 Gb Available in Paging File | 79.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.24 Gb Total Space | 31.17 Gb Free Space | 26.14% Space Free | Partition Type: NTFS
Drive D: | 153.85 Gb Total Space | 25.20 Gb Free Space | 16.38% Space Free | Partition Type: NTFS

Computer Name: SWEETIE | User Name: Andrea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/08 17:08:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Downloads\OTL(1).exe
PRC - [2013/02/07 08:26:26 | 001,100,616 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/02/07 08:26:26 | 000,945,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
PRC - [2013/02/05 21:51:35 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/04 08:50:34 | 001,807,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
PRC - [2012/01/07 21:17:56 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011/10/04 14:14:10 | 000,082,944 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2011/10/04 14:14:06 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2011/10/03 17:17:40 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/08 16:48:32 | 000,100,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
PRC - [2011/09/08 16:48:30 | 000,092,800 | ---- | M] (ASUS) -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
PRC - [2011/07/21 17:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/15 12:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010/08/20 11:57:06 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/06/19 12:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/13 23:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/07 08:26:26 | 001,100,616 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/02/05 21:51:15 | 003,023,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/09/04 08:50:34 | 009,813,704 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
MOD - [2011/10/04 14:14:06 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
MOD - [2010/08/20 11:57:06 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010/08/20 11:57:00 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/03/03 18:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/02/07 08:26:26 | 000,945,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe -- (vToolbarUpdater14.0.1)
SRV - [2013/02/05 21:51:34 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/04 08:50:35 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/15 11:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/08 16:48:30 | 000,092,800 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/06/17 11:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/12/20 20:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 20:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/07 08:26:27 | 000,037,720 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/11/03 03:41:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/03 03:41:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/15 21:35:40 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/09/15 21:35:18 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/31 01:42:04 | 002,769,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/06/02 12:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/06/02 12:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/05/13 03:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011/05/13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011/04/25 21:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/31 04:30:10 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/20 07:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/24 03:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/20 03:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/09/07 11:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {4B766296-2716-4159-98E6-DE00038FC7E2}
IE - HKCU\..\SearchScopes\{4B766296-2716-4159-98E6-DE00038FC7E2}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGHP_enUS472
IE - HKCU\..\SearchScopes\{ED358191-76A4-4D80-AF05-59D365B619F9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg....r=&d=2013-02-07 08:27:02&v=14.0.0.12&pid=safeguard&sg=1&sap=hp"
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.1.611
FF - prefs.js..extensions.enabledAddons: %7B68836a21-fc7d-4ea1-a065-7efabd99d414%7D:3.05
FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.16.0
FF - prefs.js..extensions.enabledAddons: %7Bc07d1a49-9894-49ff-a594-38960ede8fb9%7D:3.1.10
FF - prefs.js..extensions.enabledAddons: %7Bd47a9f51-8281-43fa-f450-f28ef8735e9a%7D:2.1.1
FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:1.8.0
FF - prefs.js..extensions.enabledAddons: printPages2Pdf%40reinhold.ripper:0.1.8.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..keyword.URL: "http://mysearch.avg....r=&d=2013-02-07 08:27:02&pid=safeguard&sg=1&v=14.0.0.12&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/09/02 12:19:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/05 21:51:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/20 01:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Extensions
[2013/02/08 17:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions
[2012/08/14 21:03:51 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2012/09/01 07:22:23 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]
[2013/02/05 22:46:59 | 000,000,000 | ---D | M] (Print pages to PDF) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\[email protected]
[2012/03/16 13:00:26 | 000,023,443 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}.xpi
[2012/08/02 10:09:20 | 000,447,304 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{c07d1a49-9894-49ff-a594-38960ede8fb9}.xpi
[2012/08/05 07:47:11 | 000,088,908 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}.xpi
[2012/07/09 15:35:15 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\mp3ikg4o.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi
[2013/02/05 21:51:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/05 21:51:35 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/02/05 09:46:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/07 08:27:04 | 000,003,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/05 09:46:31 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: SiteAdvisor = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Gmail = C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/05/02 14:32:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA99E6A4-0090-4232-ADB1-A32A4D50F9BF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/12 20:31:27 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Documents\TP010380451
[2013/02/12 13:44:37 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Desktop\Emotionally Distant Spouse _ Marriage Missions International_files
[2013/02/10 22:37:27 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Roaming\PeerNetworking
[2013/02/10 19:27:10 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Documents\beautiful_green_natural_02_hd_pictures_166237
[2013/02/10 18:36:04 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Documents\Joomla_2.5.9-Stable-Full_Package
[2013/02/10 17:23:56 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Documents\fine_home_interior_picture_15_167637
[2013/02/10 09:24:30 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\Programs
[2013/02/08 17:39:24 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\AVG Secure Search
[2013/02/08 17:09:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/07 11:20:23 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Documents\381_258fe6c7f49aee4000faa863ceee75bb
[2013/02/07 08:34:39 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Documents\logo
[2013/02/07 08:32:49 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\WinZip
[2013/02/07 08:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/02/07 08:27:29 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Documents\Add-in Express
[2013/02/07 08:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/02/07 08:27:16 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\AVG SafeGuard toolbar
[2013/02/07 08:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/02/07 08:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/02/07 08:27:00 | 000,037,720 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/07 08:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/02/07 08:26:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/02/06 17:19:05 | 000,000,000 | ---D | C] -- C:\Users\Andrea\AppData\Local\{31419327-2BC2-45F2-9002-59D1D93569A2}
[2013/02/06 07:35:02 | 000,000,000 | ---D | C] -- C:\Users\Andrea\Desktop\RK_Quarantine
[2013/02/05 21:51:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/05 21:23:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe
[1 C:\Users\Andrea\Documents\*.tmp files -> C:\Users\Andrea\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/13 18:47:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/13 18:47:35 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/13 18:46:28 | 000,794,922 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/13 18:46:28 | 000,672,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/13 18:46:28 | 000,125,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/13 18:40:17 | 000,045,056 | ---- | M] () -- C:\Windows\SysWow64\acovcnt.exe
[2013/02/13 18:40:15 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/13 18:39:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/13 18:39:49 | 3145,826,304 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/13 18:21:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-735253538-622638780-3005358582-1001UA.job
[2013/02/13 18:05:14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/13 18:05:09 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/13 09:28:18 | 000,418,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/12 20:21:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-735253538-622638780-3005358582-1001Core.job
[2013/02/12 13:48:09 | 000,000,055 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\mbam.context.scan
[2013/02/12 13:44:37 | 000,073,003 | ---- | M] () -- C:\Users\Andrea\Desktop\Emotionally Distant Spouse _ Marriage Missions International.htm
[2013/02/11 18:01:19 | 001,299,948 | ---- | M] () -- C:\Users\Andrea\Desktop\renewhomeenergymind.jpg
[2013/02/11 17:54:45 | 001,159,046 | ---- | M] () -- C:\Users\Andrea\Desktop\Local_Texture__Three_by_One_by_Beyond_Oddities.jpg
[2013/02/11 17:36:22 | 000,012,520 | ---- | M] () -- C:\Users\Andrea\Desktop\and.jpg
[2013/02/11 17:30:44 | 000,051,752 | ---- | M] () -- C:\Users\Andrea\Desktop\renewslide.jpg
[2013/02/11 17:26:52 | 000,287,709 | ---- | M] () -- C:\Users\Andrea\Desktop\a peacefulmind.jpg
[2013/02/11 17:13:08 | 000,223,165 | ---- | M] () -- C:\Users\Andrea\Desktop\alighterheart.gif
[2013/02/11 16:58:22 | 000,106,039 | ---- | M] () -- C:\Users\Andrea\Desktop\brings.jpg.jpg
[2013/02/11 16:58:06 | 000,106,039 | ---- | M] () -- C:\Users\Andrea\Desktop\brings.jpg
[2013/02/11 16:54:08 | 000,107,876 | ---- | M] () -- C:\Users\Andrea\Desktop\a clean home1.jpg
[2013/02/11 16:52:23 | 000,107,180 | ---- | M] () -- C:\Users\Andrea\Desktop\a clean home.jpg
[2013/02/11 00:08:02 | 000,035,815 | ---- | M] () -- C:\Users\Andrea\Desktop\406555_1.jpg
[2013/02/11 00:06:12 | 000,070,730 | ---- | M] () -- C:\Users\Andrea\Desktop\photo_11830245_light-natural-textured-burlap-sackcloth-hessian-texture-coffee-sack-light-country-sacking-canvas-mac.html
[2013/02/10 23:11:05 | 000,329,376 | R--- | M] () -- C:\Users\Andrea\Desktop\MP900400818.JPG
[2013/02/10 23:08:12 | 000,000,692 | ---- | M] () -- C:\Users\Andrea\Desktop\Libraries - Shortcut (2).lnk
[2013/02/10 22:37:27 | 000,033,134 | ---- | M] () -- C:\Users\Andrea\AppData\Roaming\UserTile.png
[2013/02/10 20:09:32 | 000,617,135 | ---- | M] () -- C:\Users\Andrea\Desktop\burlap.jpg
[2013/02/10 09:44:16 | 000,133,484 | ---- | M] () -- C:\Users\Andrea\Desktop\MP900425223.jpg
[2013/02/10 09:43:02 | 000,297,843 | ---- | M] () -- C:\Users\Andrea\Desktop\MC900441233.jpg
[2013/02/10 09:24:45 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/08 23:06:59 | 000,241,880 | ---- | M] () -- C:\Users\Andrea\Desktop\target payment -partial.png
[2013/02/08 22:49:01 | 000,316,787 | ---- | M] () -- C:\Users\Andrea\Desktop\target cc info.png
[2013/02/08 21:57:20 | 000,035,035 | ---- | M] () -- C:\Users\Andrea\Desktop\CLEANING LADY.jpg
[2013/02/08 21:54:08 | 000,172,535 | ---- | M] () -- C:\Users\Andrea\Desktop\VACUUM GIRL.jpg
[2013/02/08 21:53:30 | 000,186,892 | ---- | M] () -- C:\Users\Andrea\Desktop\VACUUMING.jpg
[2013/02/08 17:40:55 | 000,782,336 | ---- | M] () -- C:\Users\Andrea\Desktop\RogueKiller.exe
[2013/02/08 17:37:46 | 000,000,121 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/08 17:33:20 | 000,055,060 | ---- | M] () -- C:\Users\Andrea\Desktop\15-adwcleaner.htm
[2013/02/08 17:15:10 | 000,002,410 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013/02/08 17:14:59 | 000,001,392 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013/02/08 16:44:25 | 000,881,914 | ---- | M] () -- C:\Users\Andrea\Desktop\SecurityCheck.exe
[2013/02/08 14:13:22 | 000,042,549 | ---- | M] () -- C:\Users\Andrea\Desktop\20130205_vss_vrse_05.jpg
[2013/02/08 00:54:52 | 000,289,626 | ---- | M] () -- C:\Users\Andrea\Desktop\Renew your energy.png
[2013/02/07 14:15:19 | 000,509,686 | ---- | M] () -- C:\Users\Andrea\Desktop\onwood.png
[2013/02/07 14:06:23 | 000,176,767 | ---- | M] () -- C:\Users\Andrea\Desktop\renewenvironment.png
[2013/02/07 14:05:42 | 000,051,185 | ---- | M] () -- C:\Users\Andrea\Desktop\renewenvironment.jpg
[2013/02/07 12:01:35 | 000,067,542 | ---- | M] () -- C:\Users\Andrea\Desktop\MP900448617.jpg
[2013/02/07 08:41:05 | 000,004,454 | ---- | M] () -- C:\Users\Andrea\Desktop\LogoColorTextRighthue.jpg
[2013/02/07 08:39:42 | 000,004,612 | ---- | M] () -- C:\Users\Andrea\Desktop\LogoColorTextRight.jpg
[2013/02/07 08:39:36 | 000,004,612 | ---- | M] () -- C:\Users\Andrea\Desktop\LogoColorTextRightcropeed
[2013/02/07 08:37:24 | 000,007,309 | ---- | M] () -- C:\Users\Andrea\Desktop\3E23M63Ia5Ge5E15Fed276bea007828e01bff.jpg
[2013/02/07 08:27:52 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/02/07 08:26:27 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/06 07:53:23 | 000,000,692 | ---- | M] () -- C:\Users\Andrea\Desktop\Libraries - Shortcut.lnk
[2013/02/05 22:26:16 | 000,024,452 | ---- | M] () -- C:\Users\Andrea\Desktop\renewcleaningservicecl.jpg
[2013/02/05 21:23:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrea\Desktop\OTL.exe
[2013/02/05 20:10:24 | 000,253,301 | ---- | M] () -- C:\Users\Andrea\Desktop\lotus business png.jpg
[2013/02/04 03:30:01 | 000,789,138 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/04 03:23:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[1 C:\Users\Andrea\Documents\*.tmp files -> C:\Users\Andrea\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/12 13:48:09 | 000,000,055 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\mbam.context.scan
[2013/02/12 13:44:36 | 000,073,003 | ---- | C] () -- C:\Users\Andrea\Desktop\Emotionally Distant Spouse _ Marriage Missions International.htm
[2013/02/11 18:01:18 | 001,299,948 | ---- | C] () -- C:\Users\Andrea\Desktop\renewhomeenergymind.jpg
[2013/02/11 17:36:22 | 000,012,520 | ---- | C] () -- C:\Users\Andrea\Desktop\and.jpg
[2013/02/11 17:30:43 | 000,051,752 | ---- | C] () -- C:\Users\Andrea\Desktop\renewslide.jpg
[2013/02/11 17:26:52 | 000,287,709 | ---- | C] () -- C:\Users\Andrea\Desktop\a peacefulmind.jpg
[2013/02/11 17:13:08 | 000,223,165 | ---- | C] () -- C:\Users\Andrea\Desktop\alighterheart.gif
[2013/02/11 16:58:22 | 000,106,039 | ---- | C] () -- C:\Users\Andrea\Desktop\brings.jpg.jpg
[2013/02/11 16:58:06 | 000,106,039 | ---- | C] () -- C:\Users\Andrea\Desktop\brings.jpg
[2013/02/11 16:54:08 | 000,107,876 | ---- | C] () -- C:\Users\Andrea\Desktop\a clean home1.jpg
[2013/02/11 16:52:23 | 000,107,180 | ---- | C] () -- C:\Users\Andrea\Desktop\a clean home.jpg
[2013/02/11 00:08:16 | 001,159,046 | ---- | C] () -- C:\Users\Andrea\Desktop\Local_Texture__Three_by_One_by_Beyond_Oddities.jpg
[2013/02/11 00:08:01 | 000,035,815 | ---- | C] () -- C:\Users\Andrea\Desktop\406555_1.jpg
[2013/02/11 00:06:11 | 000,070,730 | ---- | C] () -- C:\Users\Andrea\Desktop\photo_11830245_light-natural-textured-burlap-sackcloth-hessian-texture-coffee-sack-light-country-sacking-canvas-mac.html
[2013/02/10 23:52:13 | 000,329,376 | R--- | C] () -- C:\Users\Andrea\Desktop\MP900400818.JPG
[2013/02/10 23:08:12 | 000,000,692 | ---- | C] () -- C:\Users\Andrea\Desktop\Libraries - Shortcut (2).lnk
[2013/02/10 20:09:31 | 000,617,135 | ---- | C] () -- C:\Users\Andrea\Desktop\burlap.jpg
[2013/02/10 09:44:16 | 000,133,484 | ---- | C] () -- C:\Users\Andrea\Desktop\MP900425223.jpg
[2013/02/10 09:43:02 | 000,297,843 | ---- | C] () -- C:\Users\Andrea\Desktop\MC900441233.jpg
[2013/02/10 09:24:45 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/08 23:06:59 | 000,241,880 | ---- | C] () -- C:\Users\Andrea\Desktop\target payment -partial.png
[2013/02/08 22:49:01 | 000,316,787 | ---- | C] () -- C:\Users\Andrea\Desktop\target cc info.png
[2013/02/08 21:57:19 | 000,035,035 | ---- | C] () -- C:\Users\Andrea\Desktop\CLEANING LADY.jpg
[2013/02/08 21:54:07 | 000,172,535 | ---- | C] () -- C:\Users\Andrea\Desktop\VACUUM GIRL.jpg
[2013/02/08 21:53:28 | 000,186,892 | ---- | C] () -- C:\Users\Andrea\Desktop\VACUUMING.jpg
[2013/02/08 17:37:29 | 000,000,121 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/08 16:44:19 | 000,881,914 | ---- | C] () -- C:\Users\Andrea\Desktop\SecurityCheck.exe
[2013/02/08 14:13:21 | 000,042,549 | ---- | C] () -- C:\Users\Andrea\Desktop\20130205_vss_vrse_05.jpg
[2013/02/08 00:54:51 | 000,289,626 | ---- | C] () -- C:\Users\Andrea\Desktop\Renew your energy.png
[2013/02/07 14:15:17 | 000,509,686 | ---- | C] () -- C:\Users\Andrea\Desktop\onwood.png
[2013/02/07 14:06:20 | 000,176,767 | ---- | C] () -- C:\Users\Andrea\Desktop\renewenvironment.png
[2013/02/07 14:05:41 | 000,051,185 | ---- | C] () -- C:\Users\Andrea\Desktop\renewenvironment.jpg
[2013/02/07 12:01:35 | 000,067,542 | ---- | C] () -- C:\Users\Andrea\Desktop\MP900448617.jpg
[2013/02/07 08:41:05 | 000,004,454 | ---- | C] () -- C:\Users\Andrea\Desktop\LogoColorTextRighthue.jpg
[2013/02/07 08:39:42 | 000,004,612 | ---- | C] () -- C:\Users\Andrea\Desktop\LogoColorTextRight.jpg
[2013/02/07 08:39:36 | 000,004,612 | ---- | C] () -- C:\Users\Andrea\Desktop\LogoColorTextRightcropeed
[2013/02/07 08:37:23 | 000,007,309 | ---- | C] () -- C:\Users\Andrea\Desktop\3E23M63Ia5Ge5E15Fed276bea007828e01bff.jpg
[2013/02/07 08:27:52 | 000,002,279 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/02/06 07:53:25 | 000,055,060 | ---- | C] () -- C:\Users\Andrea\Desktop\15-adwcleaner.htm
[2013/02/06 07:53:23 | 000,000,692 | ---- | C] () -- C:\Users\Andrea\Desktop\Libraries - Shortcut.lnk
[2013/02/05 22:45:56 | 000,782,336 | ---- | C] () -- C:\Users\Andrea\Desktop\RogueKiller.exe
[2013/02/05 22:26:16 | 000,024,452 | ---- | C] () -- C:\Users\Andrea\Desktop\renewcleaningservicecl.jpg
[2013/02/04 03:19:05 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/02/04 03:07:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/02/04 00:25:29 | 3145,826,304 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/06 14:36:22 | 000,225,413 | ---- | C] () -- C:\Users\Andrea\AVGInstLog.cab
[2012/04/29 11:33:51 | 000,002,235 | ---- | C] () -- C:\Users\Andrea\Kindle.lnk
[2012/04/20 11:35:25 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/18 11:24:54 | 000,033,134 | ---- | C] () -- C:\Users\Andrea\AppData\Roaming\UserTile.png
[2012/04/01 13:44:14 | 000,240,855 | ---- | C] () -- C:\Users\Andrea\StudentNotebook.onepkg
[2012/04/01 08:27:39 | 000,005,632 | ---- | C] () -- C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 19:30:58 | 000,007,607 | ---- | C] () -- C:\Users\Andrea\AppData\Local\Resmon.ResmonCfg
[2012/01/07 21:19:43 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\acovcnt.exe
[2011/11/03 04:19:25 | 000,789,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/17 21:50:05 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/17 21:49:58 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/17 21:49:53 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/17 21:49:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/17 21:49:47 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/02/20 00:51:01 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\ASUS WebStorage
[2012/06/06 23:40:32 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\AVG
[2012/04/23 09:39:47 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\com.Shutterfly.ExpressUploader
[2013/02/05 21:55:26 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Dropbox
[2012/09/04 14:07:13 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Nico Mak Computing
[2012/02/24 01:07:50 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Nuance
[2013/02/10 22:37:27 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\PeerNetworking
[2012/05/02 18:49:16 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Primal 3D Body
[2012/03/11 21:40:02 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Shutterfly
[2013/02/06 13:54:12 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\SoftGrid Client
[2012/05/02 12:59:19 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\TeamViewer
[2012/03/10 13:27:06 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\TP
[2012/03/09 19:01:58 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Windows Live Writer
[2012/02/20 03:20:42 | 000,000,000 | ---D | M] -- C:\Users\Andrea\AppData\Roaming\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Andrea\Documents\encore background.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Andrea\Documents\background encore signed.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >


C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Default\aadadjgdgbgbdgdgdigcdedidedgdhda\ContentScript.js Win32/BHO.OEI trojan
C:\Users\Andrea\Downloads\Endocrinology_for_dummies_downloader_407.exe a variant of Win32/YourFileDownloader application
C:\Users\Andrea\Downloads\WinZip170.exe a variant of Win32/OpenInstall application
D:\SWEETIE\Backup Set 2013-02-04 013550\Backup Files 2013-02-04 013550\Backup files 2.zip a variant of Win32/YourFileDownloader application
D:\SWEETIE\Backup Set 2013-02-04 013550\Backup Files 2013-02-08 183924\Backup files 1.zip multiple threats


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.10.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andrea :: SWEETIE [administrator]

2/12/2013 2:26:02 PM
mbam-log-2013-02-12 (14-26-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213110
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#11
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts
Hi -

How is the computer running now?
  • 0

#12
chsg

chsg

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
pretty good! Thank you!
  • 0

#13
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts
Ok if you are happy, I would like to do a cleanup of all my stuff.

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


Posted Image
Do you use Java If you do not use it, you are better off uninstalling it completely. Go to your Control Panel, Uninstall a Program, then find any instance of Java in the list and click on Uninstall - do this until there are no instances of Java in the list. If you do use Java....
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version



SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • Go Start > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programs on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read these two articles:
How did I get infected in the first place ?
So how did I get infectd in the first place

Keep safe :wave:
  • 0

#14
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,159 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP