Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

(Unwanted) POP-UP ADs in Bottom Left & Right Corners of Browser Wi

Started by dogonit2 , Mar 05 2013 09:00 PM

  • This topic is locked This topic is locked

#1
dogonit2
Posted 05 March 2013 - 09:00 PM

dogonit2

    Member

  • Member
  • PipPip
  • 26 posts
For the last couple months now, since running my computer mainly on wi-fi at my house I started getting a shitload of popup ads in my lower left and right browser screen. May of the ads are popping up come from Chitka, Ilivid, and Yieldmanager. Even after taking steps to block those sites from my tools security and privacy, they still pop up, at least the popup box which may not have any ad in it, but still needs to be closed.

I also get many popups that open a new false browser especially for an ad that wants be to update Flash Player on my system.

One other problem I have been having is when closing some browser tabs, I will at times have that window open up once again numerous times, and when I try to close them they just keep opening. These aren't weird sites either, they are just regular sites or blogs. I notice that sites that run infusionsoft programs do this most.


Anyway, I have installed and ran many different security and adware, spyware destroyers.

These programs can be seen in my programs in the results.

I have eliminated many threats and continue to do so, but still get these popups and windows opening randomly.

I run Windows 7

Here's the results from my scans which opened in two notepads:

OTL logfile created on: 3/5/2013 2:37:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dogonit23\Desktop\Software Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 31.08% Memory free
7.49 Gb Paging File | 3.39 Gb Available in Paging File | 45.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442.60 Gb Total Space | 254.15 Gb Free Space | 57.42% Space Free | Partition Type: NTFS
Drive D: | 22.87 Gb Total Space | 3.34 Gb Free Space | 14.59% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 403.11 Gb Free Space | 21.64% Space Free | Partition Type: NTFS

Computer Name: DOGONIT23-HP | User Name: dogonit23 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/05 14:24:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dogonit23\Desktop\Software Downloads\OTL.exe
PRC - [2013/02/27 02:36:46 | 000,701,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
PRC - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 20:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/12/14 20:38:42 | 018,880,984 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/11 15:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/19 08:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/06/27 11:00:12 | 000,213,848 | ---- | M] (NETGATE Technologies s.r.o.) -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencyWow64.exe
PRC - [2011/06/02 01:42:53 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2011/04/26 01:30:48 | 003,298,712 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/08 15:06:22 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/09/28 17:08:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/09/11 01:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/09/03 17:13:30 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010/05/25 06:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2009/05/08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 09:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 15:01:12 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
PRC - [2009/04/30 13:39:30 | 005,472,016 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
PRC - [2008/09/16 00:02:16 | 000,139,264 | ---- | M] (Mind Movies Pty Ltd Australia) -- C:\Program Files (x86)\MindMovies\Subliminal\SubVid.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/14 11:27:39 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/24 03:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files (x86)\BrowseToSave\sprotector.dll
MOD - [2013/01/11 11:08:52 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 11:08:47 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013/01/11 11:08:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 11:08:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 11:08:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 11:05:02 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/29 13:59:32 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/05/08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/05/08 09:35:28 | 000,181,520 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LvApi11\LvApi11.dll
MOD - [2009/05/08 09:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2009/04/30 13:39:56 | 000,138,000 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
MOD - [2009/04/30 13:39:56 | 000,035,088 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
MOD - [2009/04/30 13:39:52 | 000,028,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
MOD - [2009/04/30 13:39:08 | 000,027,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\SDL.dll
MOD - [2009/04/30 13:38:56 | 000,363,792 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\qtxml4.dll
MOD - [2009/04/30 13:38:44 | 011,311,888 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtWebKit4.dll
MOD - [2009/04/30 13:38:34 | 000,199,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\qtsql4.dll
MOD - [2009/04/30 13:38:22 | 000,968,976 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtNetwork4.dll
MOD - [2009/04/30 13:38:22 | 000,475,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtOpenGL4.dll
MOD - [2009/04/30 13:38:10 | 007,704,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtGui4.dll
MOD - [2009/04/30 13:37:58 | 002,140,944 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\QtCore4.dll
MOD - [2009/04/30 13:37:48 | 000,291,600 | ---- | M] () -- C:\Program Files (x86)\Logitech\Logitech Vid\phonon4.dll
MOD - [2006/01/12 20:20:26 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.DEU
MOD - [2006/01/12 20:13:46 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.FRA
MOD - [2002/07/03 16:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/07/19 11:26:26 | 004,111,200 | ---- | M] (NETGATE Technologies s.r.o.) [Auto | Running] -- C:\Program Files\NETGATE\Spy Emergency\SpyEmergencySrv.exe -- (SpyEmrgSrv)
SRV:64bit: - [2012/07/11 10:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/01/14 13:35:58 | 000,341,296 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe -- (NitroReaderDriverReadSpool)
SRV:64bit: - [2010/10/08 15:17:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/14 15:57:34 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/09/14 15:57:26 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/08/05 18:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 13:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/04/30 15:01:00 | 000,190,488 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV - [2013/02/27 03:36:38 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 06:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 20:38:46 | 001,236,968 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2012/08/08 16:53:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/19 08:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/09/28 17:08:58 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/09/21 15:52:04 | 000,245,232 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe -- (CLKMSVC10_C6F09094)
SRV - [2010/09/11 01:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 17:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/30 09:40:44 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/19 08:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/08/19 08:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/07/22 08:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 13:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/07 01:56:48 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/04/21 10:31:46 | 000,024,408 | ---- | M] (NETGATE Technologies s.r.o.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\spyemrg_access.sys -- (SpyEmrgAccess)
DRV:64bit: - [2011/04/21 10:31:40 | 000,018,776 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\spyemrg_guard.sys -- (SpyEmrgGuard)
DRV:64bit: - [2011/04/21 10:31:32 | 000,017,240 | ---- | M] (NETGATE Technologies s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\spyemrg.sys -- (SpyEmrg)
DRV:64bit: - [2011/03/28 09:46:40 | 000,146,568 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 14:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/08 15:18:06 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/10/08 15:18:04 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/10/08 15:18:04 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/10/08 15:17:44 | 007,767,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/08 15:17:44 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/14 16:06:08 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/14 15:57:40 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/09/03 17:13:32 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/08/20 02:45:28 | 000,654,720 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2010/08/20 02:44:48 | 000,943,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2010/05/07 17:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 17:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/01/26 18:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 19:38:34 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/06/22 19:26:40 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 12:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 12:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/04/29 16:24:58 | 000,378,664 | ---- | M] (Swisscom) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wtsmpflt.sys -- (WtSmpFlt)
DRV:64bit: - [2008/04/29 16:24:58 | 000,056,104 | ---- | M] (Swisscom) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wtsmpadap.sys -- (wtsmpadap)
DRV:64bit: - [2008/04/03 09:02:16 | 000,079,872 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2006/06/16 15:50:34 | 000,275,968 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/02/03 01:50:28 | 000,004,224 | ---- | M] () [File_System | System | Unknown] -- C:\Windows\SysWow64\StarOpen.sys -- (StarOpen)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...E&cr=1222258573
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://start.funmood...E&cr=1222258573
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.easyli...912&lg=EN&cc=US
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easyli...912&lg=EN&cc=US
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{6DF1C33E-C0B9-75F9-B506-250E091C4DC1}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://start.funmood...E&cr=1222258573

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylo...0008e9ffa47a16d
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.pch.co...LAS VEGAS&st=NV
IE - HKCU\..\URLSearchHook: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - No CLSID value found
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {4408C5D3-D063-47B7-F412-10B06D154E1C}
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easyli...912&lg=EN&cc=US
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0008e9ffa47a16d
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{329DF456-2B9A-1254-3222-23D6BB4C8442}: "URL" = http://ics.asksearch...g=2-441-0-3bsx1
IE - HKCU\..\SearchScopes\{4408C5D3-D063-47B7-F412-10B06D154E1C}: "URL" = http://start.funmood...E&cr=1222258573
IE - HKCU\..\SearchScopes\{5B79D585-7A5A-4418-B472-F710C358C633}: "URL" = http://search.condui...&ctid=CT3059010
IE - HKCU\..\SearchScopes\{6DF1C33E-C0B9-75F9-B506-250E091C4DC1}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{A9C475D2-0D39-C58A-F73C-57614B472EAC}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F5362F6A-4F82-4B81-A668-35401F8BEBDE}: "URL" = http://no.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..backup.old.browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylo...008e9ffa47a16d"
FF - prefs.js..browser.search.defaultenginename: "EasyLife"
FF - prefs.js..browser.search.defaultenginename,S: S", "EasyLife"
FF - prefs.js..browser.search.defaultthis.engineName: "Vgrabber Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.easyli...N&cc=US&l=1&q="
FF - prefs.js..browser.search.order.1: "EasyLife"
FF - prefs.js..browser.search.order.1,S: S", "EasyLife"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Search Defender"
FF - prefs.js..browser.search.selectedEngine,S: S", "EasyLife"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.4
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: {5d5886b5-56e6-4327-94dd-7560f56dc9ce}:3.0.1
FF - prefs.js..extensions.enabledAddons: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.8.8
FF - prefs.js..keyword.URL: "http://search.easyli...N&cc=US&l=1&q="
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\dogonit23\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\dogonit23\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\dogonit23\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dogonit23\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dogonit23\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/03 01:22:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/04 11:24:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/30 09:39:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/23 17:55:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\dogonit23\AppData\Roaming\IDM\idmmzcc3 [2012/02/14 11:38:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/30 09:39:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/23 17:55:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\dogonit23\AppData\Roaming\IDM\idmmzcc3 [2012/02/14 11:38:26 | 000,000,000 | ---D | M]

[2011/03/22 21:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Extensions
[2013/02/23 11:10:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions
[2013/02/23 11:10:51 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011/06/23 12:07:46 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}
[2013/02/11 13:08:33 | 000,000,000 | ---D | M] (Vgrabber Community Toolbar) -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}
[2013/01/30 09:39:35 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/03/02 12:06:01 | 000,135,903 | ---- | M] () (No name found) -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\[email protected]
[2012/11/26 23:32:18 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\[email protected]
[2012/04/01 02:46:11 | 000,002,095 | ---- | M] () (No name found) -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\[email protected]
[2013/01/24 13:02:06 | 000,004,526 | ---- | M] () (No name found) -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\[email protected]
[2011/10/28 13:45:18 | 000,061,854 | ---- | M] () (No name found) -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\[email protected]
[2011/06/09 17:39:45 | 000,077,793 | ---- | M] () (No name found) -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}.xpi
[2013/01/30 09:26:53 | 000,003,971 | ---- | M] () (No name found) -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\{5d5886b5-56e6-4327-94dd-7560f56dc9ce}.xpi
[2013/01/13 14:27:07 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
[2012/09/13 13:24:46 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2011/07/31 16:51:07 | 000,001,945 | ---- | M] () -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\searchplugins\bing-zugo.xml
[2012/01/05 15:16:56 | 000,000,919 | ---- | M] () -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\searchplugins\conduit.xml
[2013/02/06 20:49:01 | 000,000,568 | ---- | M] () -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\searchplugins\EasyLife.xml
[2013/02/19 11:05:59 | 000,002,349 | ---- | M] () -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\searchplugins\search-defender.xml
[2012/06/25 09:17:11 | 000,002,303 | ---- | M] () -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\searchplugins\Search.xml
[2011/12/09 16:27:14 | 000,006,116 | ---- | M] () -- C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\searchplugins\simpleology.xml
[2013/02/19 14:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/29 00:23:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/08 16:53:03 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/19 15:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 15:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/07/21 01:35:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 00:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/07/21 01:35:06 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - Extension: No name found = C:\Users\dogonit23\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodmmjnpfmdaffmfjojgbiglpnlbkjea\1.2.17_0\
CHR - Extension: No name found = C:\Users\dogonit23\AppData\Local\Google\Chrome\User Data\Default\Extensions\filcdchddjiekgohoaojfoofhbfbamig\1.0.1_0\
CHR - Extension: No name found = C:\Users\dogonit23\AppData\Local\Google\Chrome\User Data\Default\Extensions\gllmkcahdekdbapmdfnffclacbpnicaj\4.2.6_0\
CHR - Extension: No name found = C:\Users\dogonit23\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Users\dogonit23\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.2023_0\
CHR - Extension: No name found = C:\Users\dogonit23\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: No name found = C:\Users\dogonit23\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfabdkmgodmpnidagmhhmhmdbchmejda\0.7.8.1004_0\

O1 HOSTS File: ([2013/01/29 11:50:01 | 000,001,543 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 192.157.56.28 www.google-analytics.com.
O1 - Hosts: 192.157.56.28 ad-emea.doubleclick.net.
O1 - Hosts: 192.157.56.28 www.statcounter.com.
O1 - Hosts: 192.157.56.28 connect.facebook.net.
O1 - Hosts: 192.157.56.28 platform.twitter.com.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 93.115.241.27 connect.facebook.net.
O1 - Hosts: 93.115.241.27 platform.twitter.com.
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll ()
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe (NETGATE Technologies s.r.o.)
O4 - HKCU..\Run: [SubVid] C:\Program Files (x86)\MindMovies\Subliminal\SubVid.exe (Mind Movies Pty Ltd Australia)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Save Page As PDF ... - C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm ()
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Save Page As PDF ... - C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03E2D4D8-4331-4BF1-807E-B2127DD99B44}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A907A11-940D-4C2F-BAD7-A1C33153ADAE}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\Program Files (x86)\BrowseToSave\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/18 23:41:32 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 04:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{3351cf1e-3304-11e0-a48e-889ffa47a16d}\Shell - "" = AutoRun
O33 - MountPoints2\{3f0af488-3258-11e0-a464-889ffa47a16d}\Shell - "" = AutoRun
O33 - MountPoints2\{3f0af488-3258-11e0-a464-889ffa47a16d}\Shell\AutoRun\command - "" = G:\MobileBroadbandSetup.exe AUTORUN=1
O33 - MountPoints2\{4f8bcb74-57df-11e0-a859-889ffa47a16d}\Shell - "" = AutoRun
O33 - MountPoints2\{6830baea-3809-11e0-8fe3-889ffa47a16d}\Shell - "" = AutoRun
O33 - MountPoints2\{6830bd78-3809-11e0-8fe3-8e9ffa47a16d}\Shell - "" = AutoRun
O33 - MountPoints2\{78ecf0f7-35bd-11e0-b4a5-889ffa47a16d}\Shell - "" = AutoRun
O33 - MountPoints2\{a76b7489-3229-11e0-bda5-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{a76b7489-3229-11e0-bda5-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\MobileBroadbandSetup.exe AUTORUN=1
O33 - MountPoints2\{cd07f910-37a8-11e0-8467-889ffa47a16d}\Shell - "" = AutoRun
O33 - MountPoints2\{f48b2d6d-32a1-11e0-88a8-00ade1ac1c1a}\Shell - "" = AutoRun
O33 - MountPoints2\{f48b2d6d-32a1-11e0-88a8-00ade1ac1c1a}\Shell\AutoRun\command - "" = G:\MobileBroadbandSetup.exe AUTORUN=1
O33 - MountPoints2\{ff4abf91-32ab-11e0-a1bd-889ffa47a16d}\Shell - "" = AutoRun
O33 - MountPoints2\{ff4abf91-32ab-11e0-a1bd-889ffa47a16d}\Shell\AutoRun\command - "" = G:\MobileBroadbandSetup.exe AUTORUN=1
O33 - MountPoints2\{ff4abf9d-32ab-11e0-a1bd-889ffa47a16d}\Shell - "" = AutoRun
O33 - MountPoints2\{ff4abf9d-32ab-11e0-a1bd-889ffa47a16d}\Shell\AutoRun\command - "" = G:\MobileBroadbandSetup.exe AUTORUN=1
O33 - MountPoints2\{ff4abfad-32ab-11e0-a1bd-889ffa47a16d}\Shell - "" = AutoRun
O33 - MountPoints2\{ff4abfad-32ab-11e0-a1bd-889ffa47a16d}\Shell\AutoRun\command - "" = G:\MobileBroadbandSetup.exe AUTORUN=1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\MobileBroadbandSetup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/05 13:16:17 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{BCC22C11-68B6-49A1-A8DF-39FAF7D04C8F}
[2013/03/05 01:15:50 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{894B8F5A-703F-4A15-A536-A4CE3499963D}
[2013/03/04 13:15:24 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{31114E7B-5E02-48A7-AA7E-F7CE963E2E8B}
[2013/03/04 01:14:58 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{4C111410-12E2-4AA9-8147-1069BCD292AF}
[2013/03/03 13:14:17 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{B75AE968-5C02-497D-A84D-DAEED3B73388}
[2013/03/03 01:13:38 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{4D6249DF-E13F-45BB-929A-44AB7936B771}
[2013/03/02 13:13:26 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{BBE629BD-7E58-47ED-88A2-A4299AA97211}
[2013/03/02 01:13:00 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{C2D03709-8F3E-4C4C-A3DD-FB3ABC022DAE}
[2013/03/01 13:12:32 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{D876318C-E4D8-4A6A-8F53-2CE9914ED93B}
[2013/03/01 01:12:03 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{1193C18F-AA3F-44DB-B8E9-AA55830017F0}
[2013/02/28 13:11:28 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{78E3B802-A1AA-48CF-AEF2-E576E70B6D00}
[2013/02/28 01:11:00 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{8D763294-DEA5-48E1-A807-8E09123CCD48}
[2013/02/27 13:10:35 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{832F4F12-079F-4C0C-B1A6-DC386CF8583B}
[2013/02/27 01:10:08 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{F6AD11CB-64DB-4B6D-B340-70F047DB4CA9}
[2013/02/26 13:09:56 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{7B1490A4-5270-4FFE-9868-2FA9E4094D73}
[2013/02/26 03:31:32 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Roaming\Spy Emergency
[2013/02/26 03:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Emergency
[2013/02/26 03:31:28 | 000,024,408 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg_access.sys
[2013/02/26 03:31:28 | 000,018,776 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg_guard.sys
[2013/02/26 03:31:28 | 000,017,240 | ---- | C] (NETGATE Technologies s.r.o.) -- C:\Windows\SysNative\drivers\spyemrg.sys
[2013/02/26 03:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGATE
[2013/02/26 03:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\NETGATE
[2013/02/26 01:09:26 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{7B3748D5-E710-471A-99F6-3803CE836BA7}
[2013/02/25 18:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\High Bar Media
[2013/02/25 18:42:22 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\llt
[2013/02/25 18:41:40 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Roaming\LocalizerLeadsTool
[2013/02/25 18:39:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Localizer Leads Tool
[2013/02/25 13:08:46 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{FA7D6533-FDDC-4F72-8AAB-99FFC4B4FB6C}
[2013/02/25 01:08:04 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{CBC354EB-3589-4FAF-AFDE-D800BE0F865B}
[2013/02/24 13:07:33 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{8CFD2767-2FA6-4CA4-853D-800B955A5C99}
[2013/02/24 04:20:31 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Traffic Phoenix
[2013/02/24 04:20:18 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Roaming\TrafficPhoenix
[2013/02/24 04:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrafficPhoenix
[2013/02/24 01:07:07 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{199D6502-784A-464B-8481-CD0DD720CB6E}
[2013/02/23 20:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Datagenn
[2013/02/23 20:47:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Datagenn.com
[2013/02/23 16:37:49 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Site Profit Bot
[2013/02/23 16:37:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Site Profit Bot
[2013/02/23 13:06:42 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{8B56063C-7DA6-4310-9F66-C49110318934}
[2013/02/23 01:06:16 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{7C575F13-6D79-4950-A2D7-6E582F8DCC75}
[2013/02/22 13:06:03 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{5B19E07B-8D65-449E-871A-7DC2E6B1F545}
[2013/02/22 07:49:50 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Roaming\CurationSoft
[2013/02/22 07:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CurationSoft
[2013/02/22 01:05:37 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{5833F075-60C4-4E65-A849-A7688459DA11}
[2013/02/21 13:05:10 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{6D7A5298-D4F3-4060-BF48-FD8947CCBDDB}
[2013/02/21 01:04:40 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{E23DBAF1-F679-4319-B28A-BD023AB5799D}
[2013/02/20 13:04:24 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{F0F8634B-2CE7-4E6E-B868-8B4FFF6EFB80}
[2013/02/19 22:38:33 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{476D7572-9EDC-45F7-A4F8-D6CBF03AA511}
[2013/02/19 11:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Doctor
[2013/02/19 11:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Doctor
[2013/02/19 11:23:16 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/02/19 11:22:59 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/02/19 10:37:34 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{C4E733B2-F6D9-4C54-8AD4-A415FDBAC368}
[2013/02/18 21:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2013/02/18 21:47:10 | 000,253,256 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2013/02/18 21:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2013/02/18 21:45:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013/02/18 21:45:46 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Roaming\TestApp
[2013/02/18 21:03:40 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\Coupon Companion Plugin
[2013/02/18 17:04:07 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{E7D9500C-6CD7-4D15-89D3-8EC865629FD6}
[2013/02/18 02:18:12 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{AA51CE63-3F4A-4960-865F-28D07E3BD559}
[2013/02/17 14:17:24 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{17ED307C-3048-4DF1-B673-D2805BAC316D}
[2013/02/17 02:16:22 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{D689AB9D-6D5C-4DCE-8FD4-C8742B05F6DE}
[2013/02/16 14:15:53 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{ACCAB741-5513-426B-B32D-F9C0EC14F5C6}
[2013/02/16 02:15:25 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{64EF126C-3544-454A-85C4-8A3FD6D3DC09}
[2013/02/15 14:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Social Prospector
[2013/02/15 14:20:56 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\Social Prospector
[2013/02/15 12:49:56 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{40CDCE62-D852-43DC-8821-423A74387332}
[2013/02/15 00:49:30 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{E9C44966-EB40-4548-896D-F65E9162E266}
[2013/02/14 12:49:03 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{A5D55DE3-5A0E-4087-A372-44A658602492}
[2013/02/14 00:48:36 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{9D02FF20-64AE-45B0-9C9C-CDF3ED2DA102}
[2013/02/13 12:48:09 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{3C1FC0F1-9A46-49AD-BA29-01ABBC7EF78B}
[2013/02/13 00:47:42 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{A996A501-2352-418B-B4AB-8DA6FECDA16E}
[2013/02/12 12:47:16 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{7723B0D0-16B5-4038-B551-F1F5D51169CA}
[2013/02/12 00:46:46 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{5BBAEF49-B136-477B-8756-ED5123207A4D}
[2013/02/11 17:42:49 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{84A68319-134E-DB01-6F41-2CF64EE87AA9}
[2013/02/11 12:46:04 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{1A1484DD-E67C-4B50-BE66-A48BD18609B2}
[2013/02/11 00:45:30 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{DD751616-A238-46C4-856A-7C490693AE2E}
[2013/02/10 14:51:33 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\Documents\ubot
[2013/02/10 12:45:14 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{F626322F-1426-4436-BD29-F78DF20C3E1B}
[2013/02/10 00:44:30 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{CA049958-7BBB-41B7-A5E8-062D34C296E7}
[2013/02/09 12:44:17 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{A73FDECB-35F1-403D-B36B-A6BB15269C55}
[2013/02/09 00:43:47 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{CB784833-3976-4C3C-93C9-F73D1433608E}
[2013/02/09 00:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/09 00:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/02/08 12:42:56 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{05FD35FA-C6BD-4412-B503-071BABCAC84E}
[2013/02/08 00:42:39 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{9FA30107-DE22-4FDC-9790-B6A11BC6E095}
[2013/02/07 12:18:45 | 000,000,000 | ---D | C] -- C:\Flight 2
[2013/02/07 11:38:13 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{1DBB43D4-03E3-4F4A-8085-7212D7BA3740}
[2013/02/06 23:37:47 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{7AAB4003-9AB5-4719-A92A-2924EE93B176}
[2013/02/06 21:38:25 | 000,000,000 | ---D | C] -- C:\Flight
[2013/02/06 21:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
[2013/02/06 21:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 9
[2013/02/06 20:50:40 | 000,000,000 | ---D | C] -- C:\ProgramData\RightClick
[2013/02/06 20:49:31 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Roaming\SendSpace
[2013/02/06 20:49:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyLife
[2013/02/06 20:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
[2013/02/06 20:47:40 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/02/06 11:37:20 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{310FEF2F-1ABE-471C-92E9-204C9F9CE53C}
[2013/02/05 23:36:53 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{EE02987D-B00A-4CD9-8B41-43B2372B203F}
[2013/02/05 17:37:45 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Roaming\Tube Groove
[2013/02/05 17:36:17 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tube Fool
[2013/02/05 17:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tube Fool
[2013/02/05 17:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tube Fool
[2013/02/05 11:36:24 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{B8E05911-1490-4D0E-A78E-96D032C22B5E}
[2013/02/04 23:35:51 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{0A3D0D98-4696-4CB5-9DBF-50F6C2303E63}
[2013/02/04 11:35:35 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{8F99D7FC-C8F9-4122-A356-75D1E47CF5F3}
[2013/02/03 18:01:31 | 000,000,000 | ---D | C] -- C:\Users\dogonit23\AppData\Local\{9EC566E3-D5A5-492A-80C4-BCE186C9C6C1}
[2011/06/07 01:56:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\dogonit23\AppData\Roaming\pcouffin.sys
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/05 14:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/05 14:27:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/05 13:58:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2034785586-1586066431-309787569-1000UA.job
[2013/03/05 09:48:02 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/05 09:48:01 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/05 09:38:45 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2013/03/05 09:38:39 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/05 09:37:52 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2013/03/05 09:36:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/05 09:36:15 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/05 02:55:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/03/04 20:58:01 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2034785586-1586066431-309787569-1000Core.job
[2013/02/28 15:02:56 | 000,020,190 | ---- | M] () -- C:\Windows\SysNative\cc_20130228_150248.reg
[2013/02/27 18:06:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDOGONIT23-HP$.job
[2013/02/26 03:31:32 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2013/02/25 18:45:20 | 000,003,087 | ---- | M] () -- C:\Users\dogonit23\Desktop\Localizer Beta.lnk
[2013/02/25 18:39:06 | 000,000,951 | ---- | M] () -- C:\Users\Public\Desktop\Localizer Leads Tool.lnk
[2013/02/25 18:17:24 | 078,418,073 | ---- | M] () -- C:\Users\dogonit23\Desktop\hypersonic profits.mp4
[2013/02/24 04:20:32 | 000,003,087 | ---- | M] () -- C:\Users\dogonit23\Desktop\Traffic Phoenix.lnk
[2013/02/23 20:47:21 | 000,001,140 | ---- | M] () -- C:\Users\dogonit23\Desktop\Viral PDF SE.lnk
[2013/02/23 16:37:49 | 000,001,959 | ---- | M] () -- C:\Users\dogonit23\Desktop\Site Profit Bot.lnk
[2013/02/22 07:49:30 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\CurationSoft.lnk
[2013/02/21 13:12:16 | 000,780,156 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/21 13:12:16 | 000,660,982 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/21 13:12:16 | 000,121,620 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/21 00:20:51 | 000,017,920 | ---- | M] () -- C:\Users\dogonit23\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/20 20:12:10 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFordogonit23.job
[2013/02/19 12:15:54 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/02/19 11:41:34 | 000,001,058 | ---- | M] () -- C:\Users\dogonit23\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Doctor.lnk
[2013/02/19 11:41:34 | 000,001,034 | ---- | M] () -- C:\Users\dogonit23\Desktop\Windows Doctor.lnk
[2013/02/18 21:48:53 | 002,539,975 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2013/02/18 21:10:44 | 000,034,304 | ---- | M] () -- C:\U
[2013/02/18 19:45:42 | 000,003,648 | ---- | M] () -- C:\Windows\SysNative\cc_20130218_194538.reg
[2013/02/18 19:45:02 | 000,030,862 | ---- | M] () -- C:\Windows\SysNative\cc_20130218_194445.reg
[2013/02/18 11:24:15 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\ICCPro.lnk
[2013/02/17 11:21:00 | 000,060,864 | ---- | M] () -- C:\Users\dogonit23\g2mdlhlpx.exe
[2013/02/15 21:02:40 | 000,073,795 | ---- | M] () -- C:\Users\dogonit23\presidential storage payment 2-15-13.pdf
[2013/02/15 15:32:37 | 000,002,619 | ---- | M] () -- C:\Users\Public\Desktop\Niche Sensei.lnk
[2013/02/15 15:15:26 | 000,001,182 | ---- | M] () -- C:\Users\Public\Desktop\The Prospector.lnk
[2013/02/15 14:21:14 | 000,001,197 | ---- | M] () -- C:\Users\Public\Desktop\Social Prospector.lnk
[2013/02/14 15:41:18 | 000,014,046 | ---- | M] () -- C:\Users\dogonit23\Documents\today.eml
[2013/02/14 11:17:06 | 000,448,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/12 02:01:26 | 000,000,334 | ---- | M] () -- C:\Windows\SysWow64\CountScans.XML
[2013/02/10 12:09:21 | 000,000,122 | ---- | M] () -- C:\Users\dogonit23\Desktop\Convert Youtube to MP3 & Download Youtube Videos - Free Downloader.url
[2013/02/09 00:37:30 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/02/08 00:32:35 | 000,015,152 | ---- | M] () -- C:\Windows\SysNative\cc_20130208_003209.reg
[2013/02/07 18:56:05 | 000,000,043 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013/02/06 21:25:15 | 000,000,955 | ---- | M] () -- C:\Users\dogonit23\Desktop\DVDFab 9.lnk
[2013/02/05 17:36:17 | 000,000,989 | ---- | M] () -- C:\Users\dogonit23\Desktop\Tube Fool.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/28 15:02:53 | 000,020,190 | ---- | C] () -- C:\Windows\SysNative\cc_20130228_150248.reg
[2013/02/26 03:31:32 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Spy Emergency.lnk
[2013/02/25 19:37:46 | 078,418,073 | ---- | C] () -- C:\Users\dogonit23\Desktop\hypersonic profits.mp4
[2013/02/25 18:45:20 | 000,003,087 | ---- | C] () -- C:\Users\dogonit23\Desktop\Localizer Beta.lnk
[2013/02/25 18:45:20 | 000,003,047 | ---- | C] () -- C:\Users\dogonit23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Localizer Beta.lnk
[2013/02/25 18:39:07 | 000,000,963 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Localizer Leads Tool.lnk
[2013/02/25 18:39:06 | 000,000,951 | ---- | C] () -- C:\Users\Public\Desktop\Localizer Leads Tool.lnk
[2013/02/24 04:20:32 | 000,003,087 | ---- | C] () -- C:\Users\dogonit23\Desktop\Traffic Phoenix.lnk
[2013/02/23 20:47:21 | 000,001,140 | ---- | C] () -- C:\Users\dogonit23\Desktop\Viral PDF SE.lnk
[2013/02/23 16:37:49 | 000,001,959 | ---- | C] () -- C:\Users\dogonit23\Desktop\Site Profit Bot.lnk
[2013/02/22 07:49:30 | 000,000,883 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CurationSoft.lnk
[2013/02/22 07:49:30 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\CurationSoft.lnk
[2013/02/19 11:41:34 | 000,001,058 | ---- | C] () -- C:\Users\dogonit23\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Doctor.lnk
[2013/02/19 11:41:34 | 000,001,034 | ---- | C] () -- C:\Users\dogonit23\Desktop\Windows Doctor.lnk
[2013/02/18 21:47:18 | 002,539,975 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2013/02/18 21:10:44 | 000,034,304 | ---- | C] () -- C:\U
[2013/02/18 21:04:22 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/02/18 19:45:40 | 000,003,648 | ---- | C] () -- C:\Windows\SysNative\cc_20130218_194538.reg
[2013/02/18 19:44:58 | 000,030,862 | ---- | C] () -- C:\Windows\SysNative\cc_20130218_194445.reg
[2013/02/18 11:24:15 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\ICCPro.lnk
[2013/02/15 21:02:40 | 000,073,795 | ---- | C] () -- C:\Users\dogonit23\presidential storage payment 2-15-13.pdf
[2013/02/15 15:15:26 | 000,001,182 | ---- | C] () -- C:\Users\Public\Desktop\The Prospector.lnk
[2013/02/15 14:21:14 | 000,001,197 | ---- | C] () -- C:\Users\Public\Desktop\Social Prospector.lnk
[2013/02/14 15:41:17 | 000,014,046 | ---- | C] () -- C:\Users\dogonit23\Documents\today.eml
[2013/02/12 02:01:26 | 000,000,334 | ---- | C] () -- C:\Windows\SysWow64\CountScans.XML
[2013/02/10 12:09:21 | 000,000,122 | ---- | C] () -- C:\Users\dogonit23\Desktop\Convert Youtube to MP3 & Download Youtube Videos - Free Downloader.url
[2013/02/09 00:37:30 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/02/08 00:32:31 | 000,015,152 | ---- | C] () -- C:\Windows\SysNative\cc_20130208_003209.reg
[2013/02/06 21:25:15 | 000,000,955 | ---- | C] () -- C:\Users\dogonit23\Desktop\DVDFab 9.lnk
[2013/02/05 17:36:17 | 000,000,989 | ---- | C] () -- C:\Users\dogonit23\Desktop\Tube Fool.lnk
[2013/01/30 11:37:48 | 000,001,666 | ---- | C] () -- C:\Windows\wininit.ini
[2013/01/29 19:19:18 | 1171,038,208 | ---- | C] () -- C:\Users\dogonit23\capture-1.camrec
[2012/11/09 20:18:06 | 000,000,008 | RHS- | C] () -- C:\Users\dogonit23\$vSiGG1C.pvr
[2012/11/09 20:18:06 | 000,000,008 | RHS- | C] () -- C:\Users\dogonit23\$vLeGG1C.pvr
[2012/08/24 12:23:53 | 000,002,717 | ---- | C] () -- C:\Users\dogonit23\.recently-used.xbel
[2012/06/04 11:12:01 | 000,302,425 | ---- | C] () -- C:\Users\dogonit23\AppData\Local\funmoods-speeddial.crx
[2012/03/31 10:43:19 | 000,134,228 | ---- | C] () -- C:\Users\dogonit23\7 Do Not Eat Foods.pdf
[2012/01/25 17:15:08 | 000,000,999 | ---- | C] () -- C:\Program Files (x86)\Backlink Profit Monster.lnk
[2012/01/25 17:15:08 | 000,000,939 | ---- | C] () -- C:\Program Files (x86)\Update Backlink Profit Monster.lnk
[2011/10/04 11:22:44 | 000,000,205 | ---- | C] () -- C:\Windows\BlogHatter.INI
[2011/08/19 08:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 08:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 08:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/07/28 10:49:13 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/11 19:11:42 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/06/07 01:56:48 | 000,099,384 | ---- | C] () -- C:\Users\dogonit23\AppData\Roaming\inst.exe
[2011/06/07 01:56:48 | 000,007,859 | ---- | C] () -- C:\Users\dogonit23\AppData\Roaming\pcouffin.cat
[2011/06/07 01:56:48 | 000,001,167 | ---- | C] () -- C:\Users\dogonit23\AppData\Roaming\pcouffin.inf
[2011/05/20 17:16:41 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2011/04/29 10:43:53 | 000,205,717 | ---- | C] () -- C:\Windows\XHeader Uninstaller.exe
[2011/03/30 00:25:10 | 000,017,920 | ---- | C] () -- C:\Users\dogonit23\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 06:24:30 | 000,020,480 | ---- | C] () -- C:\Users\dogonit23\AppData\Roaming\DomainFinder.rsd
[2011/02/13 13:08:47 | 001,130,348 | ---- | C] () -- C:\Users\dogonit23\hot-minisite-templates.zip
[2011/02/08 16:46:12 | 000,060,864 | ---- | C] () -- C:\Users\dogonit23\g2mdlhlpx.exe

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/26 08:56:47 | 000,000,000 | -HSD | M] -- C:\Users\dogonit23\AppData\Roaming\.#
[2013/01/30 13:14:23 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Ad-Aware Antivirus
[2011/07/14 02:00:27 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Affilorama
[2012/07/02 17:29:54 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Audacity
[2012/07/23 12:51:53 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Auto Traffic Monopoly
[2013/01/24 13:01:25 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\AutoHideIP
[2011/03/08 04:45:30 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\AutomatedSalesFormula
[2011/02/06 02:11:13 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Blio
[2011/03/08 08:35:21 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Bloopio
[2012/10/04 14:58:49 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Canon
[2011/04/03 12:26:21 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\CherryPickerLive
[2012/08/31 13:06:51 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\com.kamicode.tubenitro
[2012/06/03 22:50:57 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\com.pageone.Curator
[2012/05/26 11:40:20 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\com.webdimensions.instant-content-curator-pro
[2013/01/09 02:05:20 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\com.webdimensions.viralvideocuratorpro
[2013/02/22 07:49:50 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\CurationSoft
[2011/12/25 14:09:53 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\DeepBurner
[2011/12/25 13:14:25 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\DeepBurner Pro
[2011/06/11 19:19:48 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Digiarty
[2011/12/09 19:40:37 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\DigiResults
[2013/03/05 02:53:04 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\DMCache
[2011/07/21 02:42:57 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\EasyHelper
[2012/08/18 12:33:57 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\EasyLeadFinderv2
[2011/10/09 13:46:31 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\EB Projects
[2013/01/22 21:46:45 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Ehdoiq
[2013/01/30 10:44:10 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\EurekaLog
[2011/08/03 22:02:04 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\FeedNamerTest
[2013/02/24 16:54:18 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\FileZilla
[2011/05/01 14:43:49 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\FlashGet
[2013/01/26 15:52:39 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\gmll
[2012/01/13 19:05:47 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\GPScraper 2011
[2012/08/24 12:14:46 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\gtk-2.0
[2013/03/01 18:45:25 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\IDM
[2011/02/21 13:39:33 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\KompoZer
[2012/02/16 02:26:12 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\KSOWatchboard
[2011/03/30 00:32:18 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Leadertech
[2013/01/26 19:28:26 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\LinkWheelData
[2012/07/14 16:49:10 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\LiveSoftware
[2013/02/25 18:41:40 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\LocalizerLeadsTool
[2012/07/23 03:04:42 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\MicroCashMachines
[2013/01/25 15:23:51 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Niche
[2013/03/03 21:10:52 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Nitro PDF
[2012/01/22 21:49:05 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Nvu
[2012/10/04 10:23:53 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\PFU
[2011/02/06 01:40:41 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\PictureMover
[2012/01/11 15:22:58 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\PrimoPDF
[2013/01/26 16:12:15 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\RankArmoryData
[2013/01/22 09:45:30 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Roacy
[2013/01/22 09:45:30 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Roenqa
[2012/07/16 18:09:55 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\SendBlaster2
[2013/02/06 20:49:31 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\SendSpace
[2013/03/02 02:14:55 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\SoftGrid Client
[2011/03/08 08:38:07 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\SpinWizard-HC
[2013/03/05 09:38:05 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Spy Emergency
[2011/02/06 01:39:43 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Stardock
[2013/01/21 16:13:49 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\teknikforce
[2013/02/18 21:45:46 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\TestApp
[2011/05/15 10:27:30 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Tific
[2012/06/29 14:26:03 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Touche Software
[2012/01/11 22:31:06 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\TP
[2012/01/20 14:55:55 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\TrafficInitiator-Air
[2011/12/06 12:34:13 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\TrafficLaunchPad-PRO
[2013/02/24 04:20:31 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\TrafficPhoenix
[2013/02/24 04:15:20 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Tube Groove
[2013/01/29 15:47:42 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Tuehs
[2011/05/10 13:00:10 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\ubot
[2011/06/11 16:49:56 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Uniblue
[2012/01/11 12:17:36 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Vso
[2011/02/11 16:37:10 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Windows Live Writer
[2011/05/01 03:07:25 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\XMind
[2013/01/29 15:47:41 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Yvad
[2013/01/23 11:10:00 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Ywfux
[2013/01/22 21:46:45 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Yxypoc
[2013/01/21 08:28:25 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Yzpayv
[2013/01/23 11:04:05 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\Zalaw
[2011/07/22 08:32:10 | 000,000,000 | ---D | M] -- C:\Users\dogonit23\AppData\Roaming\ZumoDrive

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/07/22 15:19:02 | 000,000,000 | ---D | M](C:\Users\dogonit23\AppData\Local\??) -- C:\Users\dogonit23\AppData\Local\€”
[2011/07/22 15:19:02 | 000,000,000 | ---D | M](C:\Users\dogonit23\AppData\Local\??) -- C:\Users\dogonit23\AppData\Local\€”
(C:\Users\dogonit23\AppData\Local\??) -- C:\Users\dogonit23\AppData\Local\€”

========== Alternate Data Streams ==========

@Alternate Data Stream - 491 bytes -> C:\Users\dogonit23\Documents\today.eml:OECustomProperty
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >


OTL Extras logfile created on: 3/5/2013 2:37:11 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dogonit23\Desktop\Software Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 31.08% Memory free
7.49 Gb Paging File | 3.39 Gb Available in Paging File | 45.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 442.60 Gb Total Space | 254.15 Gb Free Space | 57.42% Space Free | Partition Type: NTFS
Drive D: | 22.87 Gb Total Space | 3.34 Gb Free Space | 14.59% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 403.11 Gb Free Space | 21.64% Space Free | Partition Type: NTFS

Computer Name: DOGONIT23-HP | User Name: dogonit23 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05AE0C86-5528-4BC9-B11E-8A7680BE6010}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{09813EFE-BFCE-451B-B24A-E55A7E506086}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A3D5D3F-22C7-43D0-B693-45D0EB228C3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B41D4B7-C71A-4C6B-9F41-087A4A9FA3EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19022F8A-988E-4818-B157-CB21783C22EA}" = lport=138 | protocol=17 | dir=in | app=system |
"{21A6F9CE-DCF1-45C2-8799-940E2605B904}" = rport=10243 | protocol=6 | dir=out | app=system |
"{25CF9786-D633-438A-B529-3A74A395EDB6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F7C65F8-9AD0-4D86-A201-05707B4D6DAA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{38C59669-3676-416D-AF8F-F663B05F9411}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38FD4040-49CD-4129-8FF6-0FC3C08EDCCD}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F61926D-E4FB-445F-88BE-4F80CE5A0747}" = rport=138 | protocol=17 | dir=out | app=system |
"{48160FA4-16D0-489A-B7DE-0E3835D32658}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{59DCD658-0FF6-4C87-8EDA-13EC8291D0C3}" = rport=139 | protocol=6 | dir=out | app=system |
"{5CEBDAFD-BC0A-4643-8729-9B702A169E5C}" = lport=139 | protocol=6 | dir=in | app=system |
"{5E6C9AD6-7419-47CD-BB7C-BE9280AD3329}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65576758-42B9-4E10-8646-3357539A9150}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6934FEEF-D6C4-4481-A0DE-8FB59BC83F87}" = lport=10243 | protocol=6 | dir=in | app=system |
"{718C56CD-7C33-44E2-9735-FCBEFAAF4B45}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B2EF7B1-E6FF-4E53-ACE6-703B0D14E239}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{9D0D8229-2814-4CD2-B7F1-90E810BA2571}" = rport=445 | protocol=6 | dir=out | app=system |
"{AAF738B5-3688-4964-82F4-5BDEA671A5D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{C3BA2719-C692-4710-A38E-AD9EBB3B860C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DF4CE2F7-3809-40CA-9DA9-C3B58A8D5223}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EFF19EC7-3CF5-413D-94EA-AD935A33777D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F108CFB2-46C4-4819-A3F2-2691DFEEF230}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FD2566F9-E935-4BF7-B8C2-60CDF5F1FE30}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02756275-5908-446F-B6AD-772329ED4B9C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05E36A89-231D-44A6-A580-705B67EE805D}" = protocol=6 | dir=in | app=c:\users\dogonit23\appdata\local\senukex\senuke.exe |
"{0A45B430-99B7-43FC-97C1-B65B3698624E}" = protocol=1 | dir=in | [email protected],-28543 |
"{15460FD3-3DE1-46B8-8BE5-F68D520232A6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1C55EAB7-5B3E-4414-A07F-7E21532ACF59}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1DC5CF9C-57F8-4E56-95B5-8955A9A665EF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{1E80889F-7D9B-48EF-A54C-6634B26D0196}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
"{2206F989-09A2-4C54-8778-CBE7D077F57C}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{33DCB268-B0FC-4B38-9561-EECB66AD96B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34026BB6-43E8-4FEF-B11B-60E927325BF5}" = protocol=58 | dir=out | [email protected],-28546 |
"{3A019C53-1F59-425B-9154-7F1FB511934C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3FCEDC25-1030-4C1A-B28C-15294A1178BD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{464CBA76-05A8-44DA-87E7-65D8F1A08705}" = protocol=1 | dir=out | [email protected],-28544 |
"{4AA3758A-537A-47C7-AADB-86C35081739C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B212489-25FE-4783-92B0-855B69FAE55C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5080DED9-0710-4CA8-A066-3907C4952617}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{550ADA97-7B34-453A-AB49-98B40C86434B}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{5F6899C3-3509-43D9-A5A1-21D6FDE1F896}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{60FF2042-58D6-43C1-AABB-12C23EE7DEAB}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{63645954-4B5E-4D72-9039-1D7BD3EA2050}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{660F19A6-F376-4254-956C-676C7DE7C860}" = protocol=58 | dir=in | [email protected],-28545 |
"{665AEF6C-2149-45C8-ABB5-46D8AA12C693}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D8DED75-2030-47D8-AE3B-EE1ADE70E107}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{7009A3D1-8E63-4C1E-82EB-4B7CD35FE337}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70D55530-3522-409C-BEAC-CB09E46541B8}" = protocol=17 | dir=in | app=c:\users\dogonit23\appdata\local\senukex\senuke.exe |
"{70E3DAA7-3C01-488B-B01B-74F908BB9BCD}" = protocol=6 | dir=in | app=c:\program files (x86)\onlywire\onlywirewindows.exe |
"{7900D27D-EDA4-41DE-8BD2-9CCDB12535B9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7CD145EC-6001-4253-A5DF-CB348B785D87}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7D9EB05C-B76B-49BF-83F6-87C820FC2CBF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7E10CFE0-08B1-401B-9CC5-B82EDDE8E09D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7E83DB33-2950-4CE6-B406-0A16FA479526}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{906279F7-A05F-428B-A141-52B0B75344B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A0E5FF1A-A515-4C02-87BF-4BCFADCA4215}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A7102895-E143-462F-A741-2349EF95C64F}" = protocol=17 | dir=in | app=c:\program files (x86)\onlywire\onlywirewindows.exe |
"{A7281B5F-86E5-46B4-A8AE-8505ABDF5FF1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BAB3B6BD-6CD9-47A7-B89D-E24ED80297C4}" = dir=in | app=c:\users\dogonit23\appdata\local\torch\plugins\torrent\torchtorrent.exe |
"{BEB37A2A-EAF9-42C1-A684-B75D9C1C4B1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0384530-8BB0-4602-8A2C-21F82D75973B}" = protocol=6 | dir=out | app=system |
"{C21F541C-CCBF-4670-A3B6-470E42B7C78E}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{CA86E68E-919E-4E60-843E-2598F6A799B5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CF7CFA8D-8E29-430B-898A-070208AA9E30}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EAC2F2DD-5682-482A-8A22-D3A5E3C1F0FA}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{EE45BEBB-7D34-47F0-A251-E640B5303E43}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"{FBE71914-6467-436F-B247-A988EC99B0B6}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{FBF76A95-4DDD-4731-8045-0D93245D2DFD}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{FCC02FED-D0F5-4A13-A527-BA9B2F79177D}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
"{FFA852E1-7D83-4D2E-ABC3-D62B0B7EB41A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"TCP Query User{0565DACF-CB9C-4BFE-97C3-60FD22C7A910}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{26A5FC7F-E98E-4FF2-92AB-D32383E3D1BE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{3434F40C-4AC3-48F9-82BA-1630E04C0898}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"UDP Query User{2BF83833-0711-4529-BEED-DE58592E1BCC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{DA0691A3-EE3B-4029-964B-23CD68CBF694}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"UDP Query User{DD4865C4-CE54-4841-BDC7-7D80F0DFEC90}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09BDCC02-80F2-4EFB-8F1B-A807D2C38E31}" = HP MediaSmart Movies and TV
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences Pro
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{20F2AD58-CE1D-4994-9945-B1B3F2600254}" = Nitro PDF Reader
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28FA742C-DC52-9804-7116-E198E0AEFAE4}" = ATI Catalyst Install Manager
"{2D7B64F7-E9A3-C49B-9CEA-C4FE05F887E9}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BE6725F2-6D15-477C-86C6-4522B8569D62}" = HP MediaSmart SmartMenu
"{C84FFB07-C687-45CF-91C8-868DB8D8C8CD}" = HP 3D DriveGuard
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D4DF3FD3-4467-47EF-8D4A-AF1E691E34F5}" = Logitech Webcam Software
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"PolderbitSRecorder64" = PolderbitS Sound Recorder and Editor (64-bit Edition)
"Spy Emergency_is1" = Spy Emergency
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{03D4E1A0-109C-7717-A19D-A0A892C94140}" = KSO Watchboard
"{0408422C-BE82-446A-8A8D-1431F4D35245}" = HP Documentation
"{0572EDC2-9CBD-6D69-7477-130CBE66086D}" = CurationSoft
"{06005D86-3436-43E4-9014-3CC4A972D47B}" = Website Indexer
"{078BE4C5-D0AA-5AD1-6195-D4E9FB7CA8F7}" = CCC Help Greek
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{108404C7-6C48-4F2F-84C5-654F2597A20F}_is1" = BlogHatter Pro 2010
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{13F864A8-B7AF-4D36-8F23-08C58C7E685B}" = FBP - Facebook Blaster Pro
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D87B80-626A-B57F-37F2-30329A5FA056}" = CCC Help Korean
"{1A773FE9-8ED2-4FC6-AAAB-D5CC8157DAAF}" = NicheSensei
"{1AD22277-7A1E-71EC-B27D-EB7A22BED143}" = DeepBurner Pro v1.9.0.228
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2079FC74-9B68-4CCA-8570-CC02378AB170}" = Local Leads Magic Extractor
"{21C887C2-008E-0610-96F8-74AB3AF22784}" = CCC Help Chinese Standard
"{22800204-9E53-45C7-B6F3-5BB0F1C1A147}" = Jing
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{2819e172-81d5-4113-88bd-4605b02344e0}" = Ad-Aware Antivirus
"{28639B03-FEF0-06B0-72AE-4DC2F5FE7197}" = Catalyst Control Center Graphics Previews Common
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28D31651-C44F-7C06-BD86-8771055733A1}" = Easy Lead Finder
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A435018-6957-76A6-36A6-FB34F4EF5F6D}" = CCC Help Turkish
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}" = HP MediaSmart/TouchSmart Netflix
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{330A754C-2B53-0C5F-057F-283EC9D01D5A}" = CCC Help Japanese
"{33123af0-0eab-432e-8c75-2d66c77e4320}_is1" = Power Lead Snatcher v1.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{355E7B5A-DCCF-4E35-AAD4-F80F43429D9E}" = Tube Equalizer
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3DA221C3-37A8-4FB2-BE95-FB61A5075F5A}_is1" = Big Boy Cover Creator
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EB4E1B3-5C51-D460-D305-9077DA4711B7}" = CCC Help French
"{40264C05-D84A-43E6-AEB8-1C945AD2A500}" = XTBSetup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4595783F-3D44-4FBA-A43E-1CF88970C6CC}" = YellaBot
"{46D5A44A-0D8C-4CA4-8AD2-5A86E2D1F96E}" = Localizer Beta
"{489A887E-1F33-2DB8-B856-291B6729D832}" = CCC Help Dutch
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B110DEB-E309-4394-BC9D-3942B18F0940}_is1" = Quick Video Marketing Extreme Suite 1.0
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F00632C-A175-41AF-A448-BB654A4946A6}" = NicheSensei
"{4F649712-FA36-502C-B26B-88A9D091E1DF}" = CCC Help Finnish
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
"{5124BBB9-4A30-4306-BC27-ED986E860BE7}_is1" = Micro Niche Domain Finder version 0.23
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52DE3AF0-1C26-4258-9A04-9AEBF3E145F7}" = Catalyst Control Center - Branding
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{5535B1B7-AB06-2922-C3F6-DEDA4E823903}" = CCC Help Italian
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A19A119-86B6-FD94-7479-7A4AED4F2D82}" = Catalyst Control Center Graphics Previews Vista
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5B61E4B6-E491-4FF8-888B-DC677E15798C}" = AzSiteBuilder
"{5BEBD7F0-5544-3B4C-8D15-7154AA35BEA2}" = Google Talk Plugin
"{5C5423E2-537B-0194-945D-66EA2A481CC4}" = Tube NiTRO
"{5F479D0A-ABB5-DE85-2C6A-92566C7FB813}" = CCC Help Polish
"{6028A075-9A5A-4FD0-83DC-0BFE326D9836}" = Proxy Goblin
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6462930A-65F7-5431-71BF-299048EC7887}" = Google Maps Listing Locator
"{6488DD50-96DB-2EB1-3027-D912339B3457}" = Localizer Leads Tool
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6863508E-00B6-34DF-31FA-DD8D57E8CEE0}" = CCC Help Thai
"{6B114F59-6732-4EA5-A33E-ACC6DEC49B61}" = HP Software Framework
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7645B631-3FAE-3B68-63D5-884943DC9303}" = PageOne Curator
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77BE790A-2F0E-277A-B1D5-24AE58CA1C5E}" = CherryPicker
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79E47C7F-2292-B092-515B-4BA0D409451E}" = Bloopio
"{7A0AAE7D-BEED-DD34-58EA-304DAC2EF7B6}" = CCC Help Norwegian
"{7A42C2EA-0447-42D2-8503-E08022159704}" = xGen SEO
"{7B939E98-D099-5172-FF4C-673B96ED3D13}" = CCC Help Portuguese
"{800D8BB8-8CED-453C-98FE-79757FCFF6D2}" = Long Tail Pro
"{8337F301-A848-71AC-4699-51B5153085EE}" = CCC Help German
"{83C26D20-15FF-4B40-8180-5446E4970E3D}" = BacklinkProfitMonster
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84160DF4-D1B0-428F-EFE7-4CA2E14B5CD2}" = Catalyst Control Center Localization All
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89EBB60F-5F24-2153-AEF2-F7E33B2DD8DB}" = CCC Help Russian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EFD09A6-E374-8519-68A9-A3F7383C29AA}" = CCC Help Hungarian
"{8FD5B469-A50B-4746-A992-ABDD6DCD45EF}" = MicroCashMachines
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{922DBD7E-43DC-4F92-8D5E-B563C8BBBB27}" = IM Easy Button Autoresponder
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9769E378-E1D4-42F4-9E5C-FAE269A1084C}_is1" = Search Syndicate version 1.0
"{993ED800-AFD9-44D4-B5E4-FF2F7D951A9F}" = Rank Armory Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BBEE625-F639-CB19-6447-98B25FF975DD}" = Traffic Launch Pad
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2C23ED8-6C37-F32D-3108-3E91BEDEDCA8}" = CCC Help Swedish
"{A47B6CB9-E31C-B471-75FF-F42236292750}" = CCC Help Spanish
"{A4D10F4F-EF30-4498-8E18-CF2AB549DA97}" = PDF Download for Internet Explorer
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7793099-E7B8-4B91-B0BF-D407C1C7032C}_is1" = GoogleMapsCash.com Software 1.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-BA7E-100000000002}" = Adobe Acrobat 7.0 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AD13BFB0-FDD2-4AFA-A8AF-9F4A950D56B7}" = ArcSoft Camera Suite 1.3
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B293F0E6-10B7-45FD-BACF-18826515C246}_is1" = Conference Recording Service
"{B3975F18-5DCD-4C71-B382-D97F201E0161}" = GPScraper 2011
"{B3E2EB86-2EDB-061B-0DDC-58EDBCAEC4A0}" = ASHelper
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BBBC38C2-42C5-4C3C-B25B-B3477DF4973A}_is1" = Ecover Brander 1.0
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BF0EA4BA-75A3-6452-E647-1BACC7AD6612}" = SpinWizard-HC
"{C26CE461-1A2A-866E-F3FB-8E8C590919FE}" = Local Niche Spy
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4FE7CD7-1DA8-4793-9CCE-E7902D915131}_is1" = Auto Traffic Monopoly 1.0.1
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C619A1DC-8EE4-4BD2-82AB-D9424A23E42A}" = Sindicator
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE081CB8-1970-88F1-A4D8-FC435D2E86C1}" = ccc-core-static
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF950023-9C75-4843-8B68-FD8A5D641B4B}" = SendBlaster 2
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder V3.0
"{D7305AB7-9668-BC2C-470A-FA9F6264E735}" = Instant Content Curator Pro
"{D93E970F-5B4B-4BE6-89CB-E46963E3B1E4}" = DupeFree Pro
"{D9DB57B7-7C15-596C-6D5B-4CF06CF98E41}" = CCC Help English
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{DC67641A-05C4-4FED-A462-1EB1DC6CF2F5}" = ArcSoft Software Suite
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14A6071-744B-44F0-A30E-72CB0324D4E1}" = Linkwheel
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5650FD1-F98A-4948-BFB5-3E608FB8089C}" = Wordpress EasyButton
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{E599494B-C668-E1C7-09A4-76A33BDC03F6}" = CCC Help Czech
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{E68A38AA-A1B2-114E-19FA-F07D54683077}" = Catalyst Control Center InstallProxy
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDAB8C86-3668-425D-9097-E39311A98A95}_is1" = The Prospector version 2.7
"{EF682D1C-591D-48B5-9803-628DA622C281}" = HP Quick Launch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F12B4E57-D702-E193-E8AF-C93EDB8DF63E}" = CCC Help Chinese Traditional
"{F5F5E26E-67B9-438E-B813-C0CE0DE08309}" = TrafficPhoenix
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FC725C5E-294B-716E-ABDE-931B26F1BC6E}" = Viral Video Curator Pro
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0E7A1C-68C3-99E1-A5DD-0749CFAB7AB9}" = CCC Help Danish
"{FF01F58F-A8B3-E2BD-45EB-E9CF29BC0B38}" = XTA Deluxe
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Acrobat 7.0 Standard - EFG - V" = Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ashelper.ASHelper.46130C60F2252FA5A4446077F84AA968F38F8488.1" = ASHelper
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AudibleManager" = AudibleManager
"AutoHideIP" = Auto Hide IP
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Bloopio" = Bloopio
"BusinessLeadsMiner_is1" = BusinessLeadsMiner v2.54
"Canon MP210 series User Registration" = Canon MP210 series User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carnival Submitter_is1" = Carnival Submitter
"CherryPickerLive" = CherryPicker
"CloneDVD2" = CloneDVD2
"com.adobe.example.lovee.C6EC44B5C943A4DDCD781F06D19CDB0574EF4B20.1" = XTA Deluxe
"com.kamicode.tubenitro" = Tube NiTRO
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"com.pageone.Curator" = PageOne Curator
"com.webdimensions.instant-content-curator-pro" = Instant Content Curator Pro
"com.webdimensions.viralvideocuratorpro" = Viral Video Curator Pro
"Content Samurai_is1" = Content Samurai 1.0
"Coupon Printer for Windows5.0.0.2" = Coupon Printer for Windows
"CurationSoft" = CurationSoft
"Doxillion" = Doxillion Document Converter
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab 9_is1" = DVDFab 9.0.1.5 (08/12/2012) Qt
"Easy Sales Video Player" = Easy Sales Video Player
"EasyLeadFinderv2" = Easy Lead Finder
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Fences Pro" = Fences Pro
"FileZilla Client" = FileZilla Client 3.6.0.2
"Freecorder5.01" = Freecorder 5
"freecordertoolbar" = Freecorder Toolbar
"gmll" = Google Maps Listing Locator
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Instant Business Finder_is1" = Instant Business Finder v2.27
"Instant Lead Magnet Demo_is1" = Instant Lead Magnet Demo v1.13
"Internet Download Manager" = Internet Download Manager
"Keyword Tool_is1" = Keyword Tool v2.01
"KeywordSwipe_1.0" = KeywordSwipe 1.0
"KSOWatchboard" = KSO Watchboard
"Link Builder_is1" = Link Builder
"LocalizerLeadsTool" = Localizer Leads Tool
"Logic Audio Platinum v5.10" = Logic Audio Platinum v5.10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MixPad" = MixPad
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"My HP Game Console" = HP Game Console
"Niche" = Local Niche Spy
"Niche Video Site Builder - Platinum Edition 1.0" = Niche Video Site Builder - Platinum Edition 1.0
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OnlyWire" = OnlyWire
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Project Organizer_is1" = Project Organizer
"Proxy Server Finder" = Proxy Server Finder
"RealPlayer 15.0" = RealPlayer
"Site Profit Bot 1.8" = Site Profit Bot 1.8
"SP_f2a323db" = BrowseToSave 1.74
"SpinWizard-HC" = SpinWizard-HC
"SpywareBlaster_is1" = SpywareBlaster 4.6
"StorageSync" = StorageSync Backup Software
"Subliminal" = Subliminal $SUBLIMINAL_VERSION
"Switch" = Switch Sound File Converter
"The 5 Bucks a Day Action Enforcer_is1" = The 5 Bucks a Day Action Enforcer
"The Logo Creator v5.2" = The Logo Creator v5.2
"topkeywordlists_is1" = topkeywordlists
"Traffic Hurricane Pro Personal Use Edition" = Traffic Hurricane Pro Personal Use Edition
"Traffic Travis_is1" = Traffic Travis 3.3.16
"TrafficInitiator-Air" = Traffic Launch Pad
"Tube Fool" = Tube Fool
"Underachiever Secrets_is1" = Underachiever Secrets
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Viral PDF Silver Edition_is1" = Viral PDF Silver Edition v2.0
"VLC media player" = VLC media player 1.1.11
"WavePad" = WavePad Sound Editor
"webmmf" = WebM Media Foundation Components
"WildTangent hp Master Uninstall" = HP Games
"Windows Doctor 2.7.4_is1" = Windows Doctor 2.7.4
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.3.5
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"XHeader" = XHeader
"XMind" = XMind
"YPSpider_is1" = YPSpider v2.15
"ZumoDrive" = HP CloudDrive

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1476554678.d.seesmic.com" = Seesmic Desktop 2
"6def5107e38c1993" = Blog Profit Pro
"a10c648895c21ba6" = Update or Uninstall SENukeX
"AI RoboForm" = AI RoboForm
"Amazon Kindle" = Amazon Kindle
"e6ae29888e656723" = Auto Blog Software
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 5.4.0.1083
"HuluDesktop" = Hulu Desktop
"Torch" = Torch

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/29/2012 6:54:51 AM | Computer Name = dogonit23-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 18580

Error - 6/29/2012 6:54:51 AM | Computer Name = dogonit23-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 18580

Error - 6/29/2012 6:54:52 AM | Computer Name = dogonit23-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/29/2012 6:54:52 AM | Computer Name = dogonit23-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19922

Error - 6/29/2012 6:54:52 AM | Computer Name = dogonit23-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19922

Error - 6/29/2012 1:37:30 PM | Computer Name = dogonit23-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting
process id: 0x132c Faulting application start time: 0x01cd54fe4f1178c3 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: 194f4c0b-c211-11e1-a536-984be18c2e89

Error - 6/29/2012 5:26:01 PM | Computer Name = dogonit23-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: ole32.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0002b759 Faulting
process id: 0x308 Faulting application start time: 0x01cd561df806dece Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\syswow64\ole32.dll Report Id: 05e7c851-c231-11e1-a536-984be18c2e89

Error - 6/29/2012 7:05:40 PM | Computer Name = dogonit23-HP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16446 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3bfc Start
Time: 01cd5623c8f2cac2 Termination Time: 2727 Application Path: C:\Program Files
(x86)\Internet Explorer\iexplore.exe Report Id:

Error - 6/29/2012 7:44:20 PM | Computer Name = dogonit23-HP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16446 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3814 Start
Time: 01cd564f67af91f8 Termination Time: 2180 Application Path: C:\Program Files
(x86)\Internet Explorer\iexplore.exe Report Id:

Error - 6/29/2012 10:03:16 PM | Computer Name = dogonit23-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16446,
time stamp: 0x4fb57c8f Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting
process id: 0x14f0 Faulting application start time: 0x01cd56643751d061 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\ntdll.dll Report Id: c12da38d-c257-11e1-ba74-984be18c2e89

[ Hewlett-Packard Events ]
Error - 1/28/2013 11:40:34 PM | Computer Name = dogonit23-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/9ad63e45_8ca2_4788_92e1_c2c84acb67cc/7bwhup2atdz3s5nc2jqb4gzq_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 70 TargetSite: Void UpdateDetail(System.String)

Error - 1/28/2013 11:42:57 PM | Computer Name = dogonit23-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 1/28/2013 11:43:07 PM | Computer Name = dogonit23-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 1/28/2013 11:51:18 PM | Computer Name = dogonit23-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 1/28/2013 11:51:18 PM | Computer Name = dogonit23-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 1/28/2013 11:51:18 PM | Computer Name = dogonit23-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 1/30/2013 5:26:34 PM | Computer Name = dogonit23-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 3834 Ram
Utilization: 40 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 2/11/2013 11:51:48 PM | Computer Name = dogonit23-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 2/11/2013 11:55:04 PM | Computer Name = dogonit23-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 2/11/2013 11:59:28 PM | Computer Name = dogonit23-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Wireless Assistant Events ]
Error - 2/6/2011 6:43:59 AM | Computer Name = dogonit23-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/6/2011 6:44:04 AM | Computer Name = dogonit23-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/6/2011 6:44:09 AM | Computer Name = dogonit23-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/6/2011 6:44:14 AM | Computer Name = dogonit23-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/6/2011 6:44:19 AM | Computer Name = dogonit23-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/6/2011 6:44:24 AM | Computer Name = dogonit23-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/6/2011 6:44:29 AM | Computer Name = dogonit23-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/6/2011 6:44:34 AM | Computer Name = dogonit23-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/6/2011 6:44:40 AM | Computer Name = dogonit23-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/6/2011 6:44:45 AM | Computer Name = dogonit23-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 3/5/2013 1:36:12 PM | Computer Name = dogonit23-HP | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Aspi32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 3/5/2013 1:37:00 PM | Computer Name = dogonit23-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aspi32

Error - 3/5/2013 6:19:39 PM | Computer Name = dogonit23-HP | Source = DCOM | ID = 10016
Description =

Error - 3/5/2013 6:19:41 PM | Computer Name = dogonit23-HP | Source = DCOM | ID = 10016
Description =

Error - 3/5/2013 6:19:44 PM | Computer Name = dogonit23-HP | Source = DCOM | ID = 10016
Description =

Error - 3/5/2013 6:19:47 PM | Computer Name = dogonit23-HP | Source = DCOM | ID = 10016
Description =

Error - 3/5/2013 6:19:49 PM | Computer Name = dogonit23-HP | Source = DCOM | ID = 10016
Description =

Error - 3/5/2013 6:19:51 PM | Computer Name = dogonit23-HP | Source = DCOM | ID = 10016
Description =

Error - 3/5/2013 6:19:53 PM | Computer Name = dogonit23-HP | Source = DCOM | ID = 10016
Description =

Error - 3/5/2013 6:20:01 PM | Computer Name = dogonit23-HP | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 05 March 2013 - 09:22 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello dogonit2

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
dogonit2
Posted 06 March 2013 - 03:00 AM

dogonit2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here is the details of the first scan:

Results of screen317's Security Check version 0.99.60
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Lavasoft Ad-Aware
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Local Niche Spy
SpywareBlaster 4.6
Local Niche Spy
Malwarebytes Anti-Malware version 1.70.0.1100
JavaFX 2.1.1
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.6.602.171
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox 14.0.1 Firefox out of Date!
Google Chrome 25.0.1364.152
Google Chrome 25.0.1364.97
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus SBAMSvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````



I am now going on to the second software scan..

and will report back soon.

Thanks!
  • 0

#4
dogonit2
Posted 06 March 2013 - 03:35 AM

dogonit2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here is the AdsCleaner scan:

# AdwCleaner v2.114 - Logfile created 03/06/2013 at 01:17:22
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : dogonit23 - DOGONIT23-HP
# Boot Mode : Normal
# Running from : C:\Users\dogonit23\Desktop\Fix\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
File Deleted : C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\dogonit23\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\searchplugins\Conduit.xml
File Deleted : C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\searchplugins\search.xml
File Deleted : C:\Users\dogonit23\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\v-Grabber
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\RightClick
Folder Deleted : C:\Users\dogonit23\AppData\Local\Conduit
Folder Deleted : C:\Users\dogonit23\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\dogonit23\AppData\Local\OpenCandy
Folder Deleted : C:\Users\dogonit23\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\dogonit23\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\dogonit23\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\dogonit23\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\dogonit23\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\dogonit23\AppData\LocalLow\vGrabber
Folder Deleted : C:\Users\dogonit23\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\vGrabber
Folder Deleted : C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\adawaretb
Folder Deleted : C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\ConduitCommon
Folder Deleted : C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\CT3059010
Folder Deleted : C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\{b2ed7faf-72a0-46d1-9d9d-602226f5cb9f}
Folder Deleted : C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\jetpack

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\sprote~1.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\c7d9fcc9e55048a8
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\PrimoPDF\OpenCandy
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\VDownloader\OpenCandy
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1QzuzyzzyE0B0EtCzz0CtB0EzzzytByD0ByCtN0D0TzutBtDtCtBtDyCtDyE&cr=1222258573 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

File : C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\prefs.js

C:\Users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\user.js ... Deleted !

Deleted : user_pref("CT3059010..clientLogIsEnabled", false);
Deleted : user_pref("CT3059010..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT3059010..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT3059010.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT3059010.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT3059010.BrowserCompStateIsOpen_129682606974435364", true);
Deleted : user_pref("CT3059010.CTID", "CT3059010");
Deleted : user_pref("CT3059010.CurrentServerDate", "21-4-2012");
Deleted : user_pref("CT3059010.DSInstall", true);
Deleted : user_pref("CT3059010.DialogsAlignMode", "LTR");
Deleted : user_pref("CT3059010.DialogsGetterLastCheckTime", "Wed Apr 18 2012 16:35:48 GMT-0700 (Pacific Daylig[...]
Deleted : user_pref("CT3059010.DownloadReferralCookieData", "");
Deleted : user_pref("CT3059010.EMailNotifierPollDate", "Fri Apr 20 2012 16:35:39 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT3059010.FirstServerDate", "9-1-2012");
Deleted : user_pref("CT3059010.FirstTime", true);
Deleted : user_pref("CT3059010.FirstTimeFF3", true);
Deleted : user_pref("CT3059010.FixPageNotFoundErrors", true);
Deleted : user_pref("CT3059010.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT3059010.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT3059010.HPInstall", true);
Deleted : user_pref("CT3059010.HasUserGlobalKeys", true);
Deleted : user_pref("CT3059010.HomePageProtectorEnabled", true);
Deleted : user_pref("CT3059010.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3059010&SearchSource=[...]
Deleted : user_pref("CT3059010.Initialize", true);
Deleted : user_pref("CT3059010.InitializeCommonPrefs", true);
Deleted : user_pref("CT3059010.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT3059010.InstallationId", "ConduitNSISIntegration");
Deleted : user_pref("CT3059010.InstallationType", "ConduitXPEIntegration");
Deleted : user_pref("CT3059010.InstalledDate", "Mon Jan 09 2012 11:58:11 GMT-0800 (Pacific Standard Time)");
Deleted : user_pref("CT3059010.InvalidateCache", false);
Deleted : user_pref("CT3059010.IsAlertDBUpdated", true);
Deleted : user_pref("CT3059010.IsGrouping", false);
Deleted : user_pref("CT3059010.IsInitSetupIni", true);
Deleted : user_pref("CT3059010.IsMulticommunity", false);
Deleted : user_pref("CT3059010.IsOpenThankYouPage", false);
Deleted : user_pref("CT3059010.IsOpenUninstallPage", true);
Deleted : user_pref("CT3059010.IsProtectorsInit", true);
Deleted : user_pref("CT3059010.LanguagePackLastCheckTime", "Fri Apr 20 2012 16:26:39 GMT-0700 (Pacific Dayligh[...]
Deleted : user_pref("CT3059010.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT3059010.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT3059010.LastLogin_3.10.0.1", "Fri Apr 20 2012 16:26:39 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3059010.LastLogin_3.9.0.3", "Thu Mar 15 2012 17:02:40 GMT-0700 (Pacific Daylight Time)"[...]
Deleted : user_pref("CT3059010.LatestVersion", "3.12.0.7");
Deleted : user_pref("CT3059010.Locale", "en");
Deleted : user_pref("CT3059010.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT3059010.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT3059010.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT3059010.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT3059010.OriginalFirstVersion", "3.9.0.3");
Deleted : user_pref("CT3059010.RadioIsPodcast", false);
Deleted : user_pref("CT3059010.RadioLastCheckTime", "Fri Apr 20 2012 16:26:39 GMT-0700 (Pacific Daylight Time)[...]
Deleted : user_pref("CT3059010.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT3059010.RadioLastUpdateServer", "129557451676770000");
Deleted : user_pref("CT3059010.RadioMediaID", "21922135");
Deleted : user_pref("CT3059010.RadioMediaType", "Media Player");
Deleted : user_pref("CT3059010.RadioMenuSelectedID", "EBRadioMenu_CT305901021922135");
Deleted : user_pref("CT3059010.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT3059010.RadioStationName", "California%20Rock%20-%20Rock");
Deleted : user_pref("CT3059010.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
Deleted : user_pref("CT3059010.SavedHomepage", "hxxp://www.msn.com/?pc=Z170&install_date=20110801");
Deleted : user_pref("CT3059010.SearchCaption", "Vgrabber Customized Web Search");
Deleted : user_pref("CT3059010.SearchEngineBeforeUnload", "Vgrabber Customized Web Search");
Deleted : user_pref("CT3059010.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT3059010.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT305[...]
Deleted : user_pref("CT3059010.SearchInNewTabEnabled", true);
Deleted : user_pref("CT3059010.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT3059010.SearchInNewTabLastCheckTime", "Fri Apr 20 2012 16:26:38 GMT-0700 (Pacific Dayli[...]
Deleted : user_pref("CT3059010.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT3059010.SearchProtectorEnabled", true);
Deleted : user_pref("CT3059010.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT3059010.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT3059010.ServiceMapLastCheckTime", "Fri Apr 20 2012 16:26:39 GMT-0700 (Pacific Daylight [...]
Deleted : user_pref("CT3059010.SettingsLastCheckTime", "Fri Apr 20 2012 16:26:38 GMT-0700 (Pacific Daylight Ti[...]
Deleted : user_pref("CT3059010.SettingsLastUpdate", "1334048269");
Deleted : user_pref("CT3059010.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3059010&SearchSource=13");
Deleted : user_pref("CT3059010.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT3059010.ThirdPartyComponentsLastCheck", "Wed Apr 18 2012 16:35:45 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT3059010.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT3059010.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT3059010.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3059010");
Deleted : user_pref("CT3059010.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT3059010.UserID", "UN76357840331395891");
Deleted : user_pref("CT3059010.ValidationData_Toolbar", 1);
Deleted : user_pref("CT3059010.WeatherNetwork", "");
Deleted : user_pref("CT3059010.WeatherPollDate", "Fri Apr 20 2012 16:26:40 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT3059010.WeatherUnit", "F");
Deleted : user_pref("CT3059010.alertChannelId", "1450550");
Deleted : user_pref("CT3059010.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT3059010.backendstorage.cb_user_id_000", "43423837303039303833333234325F46697265666F78")[...]
Deleted : user_pref("CT3059010.backendstorage.cbcountry_000", "5553");
Deleted : user_pref("CT3059010.backendstorage.cbfirsttime", "4D6F6E204A616E20303920323031322031313A35383A32312[...]
Deleted : user_pref("CT3059010.backendstorage.shoppingapp.gk.exipres", "4D6F6E2041707220323320323031322031363A[...]
Deleted : user_pref("CT3059010.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Deleted : user_pref("CT3059010.backendstorage.url_history", "687474703A2F2F6A616D2D62616E642E6F72672F7361652D7[...]
Deleted : user_pref("CT3059010.backendstorage.url_history0001", "687474703A2F2F7279616E6B6D61726B6574696E672E6[...]
Deleted : user_pref("CT3059010.backendstorage.url_history_time", "31333238363836333431393636");
Deleted : user_pref("CT3059010.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT3059010.globalFirstTimeInfoLastCheckTime", "Wed Apr 18 2012 16:35:49 GMT-0700 (Pacific [...]
Deleted : user_pref("CT3059010.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT3059010.initDone", true);
Deleted : user_pref("CT3059010.isAppTrackingManagerOn", true);
Deleted : user_pref("CT3059010.isFirstRadioInstallation", false);
Deleted : user_pref("CT3059010.myStuffEnabled", true);
Deleted : user_pref("CT3059010.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT3059010.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT3059010.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT3059010.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT3059010.oldAppsList", "10000001,10000002,111,129559884184450601,129559884345153249,1295[...]
Deleted : user_pref("CT3059010.revertSettingsEnabled", false);
Deleted : user_pref("CT3059010.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT3059010.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT3059010.testingCtid", "");
Deleted : user_pref("CT3059010.toolbarAppMetaDataLastCheckTime", "Fri Apr 20 2012 16:26:39 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT3059010.toolbarContextMenuLastCheckTime", "Wed Apr 18 2012 16:35:48 GMT-0700 (Pacific D[...]
Deleted : user_pref("CT3059010.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3059010&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Vgrabber Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3059010/CT3059010[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1450550/1446205/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3059010", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3059010",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"0bc[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\dogonit23\\AppData\\Roaming\\Mozill[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?ei=utf-8&[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3059010");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3059010");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3059010");
Deleted : user_pref("CommunityToolbar.globalUserId", "a2852d9a-9070-4ef3-a65e-fe88d9d29780");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3059010");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Apr 18 2012 16:35:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Apr 20 2012 16:26:47 GMT-070[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Apr 20 2012 16:26:39 GMT-0700 (P[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "9f9e5999-033e-4bda-b52c-cce72c33aaea");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.msn.com/?pc=Z170&install_date=20110801");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Bing");
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("backup.old.browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("backup.old.browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("backup.old.browser.startup.homepage", "hxxp://search.babylon.com/?affID=109935&babsrc=HP_[...]
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "Vgrabber Customized Web Search");
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "90ca25b60000000000008e9ffa47a16d");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "90ca25b60000000000008e9ffa47a16d");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15495");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109935&babsrc=N[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:51:32");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.funmoods.aflt", "iron2");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Deleted : user_pref("extensions.funmoods.dfltsrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "9E012D0638B9134B7AE9F59C14A588EB");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2Xzut[...]
Deleted : user_pref("extensions.funmoods.hrdid", "90ca25b60000000000008e9ffa47a16d");
Deleted : user_pref("extensions.funmoods.id", "90ca25b60000000000008e9ffa47a16d");
Deleted : user_pref("extensions.funmoods.instlDay", "15495");
Deleted : user_pref("extensions.funmoods.instlRef", "iron2");
Deleted : user_pref("extensions.funmoods.instlday", "15495");
Deleted : user_pref("extensions.funmoods.instlref", "iron2");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.keywordurl", "");
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2212:11:54");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2Xz[...]
Deleted : user_pref("extensions.funmoods.newtab", true);
Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2Xz[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.similarsitesstorage-pid2", "f67258b20d8cef17");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Deleted : user_pref("extensions.funmoods.srch", "");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "");
Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "");
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2212:11:54");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2212:11:54");
Deleted : user_pref("extensions.funmoods.xpestat\\xpereportdata", "9-7-2012");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2212:11:54");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v25.0.1364.152

File : C:\Users\dogonit23\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [34612 octets] - [06/03/2013 01:09:08]
AdwCleaner[S1].txt - [35216 octets] - [06/03/2013 01:17:22]

########## EOF - C:\AdwCleaner[S1].txt - [35277 octets] ##########
  • 0

#5
dogonit2
Posted 06 March 2013 - 04:12 AM

dogonit2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here is the final scan from RogueKiller...

Two of the files I saw that it wanted me to delete was the Kindle.exe

I did as the instructions stated and deleted all that were selected.

After the scan it opened up some page in IE with some info about [Rootkit] ZeroAccess (Max++) here:

http://tigzyrk.blogs...access-max.html

The page is not complete though, so not sure what to do with it.

Otherwise, here is the scan report:



RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : dogonit23 [Admin rights]
Mode : Remove -- Date : 03/06/2013 01:57:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc]
[RESIDUE] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] {478A49EC-0655-443B-BEA9-EEE7085AFCF3} : C:\Users\dogonit23\AppData\Local\Amazon\Kindle\application\Kindle.exe [x] -> DELETED
[TASK][SUSP PATH] {4C676DFA-6211-4C04-96AE-8D0197AA4BE4} : C:\Users\dogonit23\AppData\Local\Amazon\Kindle\application\Kindle.exe [x] -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=;ftp=;hxxps=;) -> NOT REMOVED, USE PROXYFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2034785586-1586066431-309787569-1000\$85e348ef00218b4cd1363b45ee0e9d48\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-2034785586-1586066431-309787569-1000\$85e348ef00218b4cd1363b45ee0e9d48\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
192.157.56.28 www.google-analytics.com.
192.157.56.28 ad-emea.doubleclick.net.
192.157.56.28 www.statcounter.com.
192.157.56.28 connect.facebook.net.
192.157.56.28 platform.twitter.com.
93.115.241.27 www.google-analytics.com.
93.115.241.27 ad-emea.doubleclick.net.
93.115.241.27 www.statcounter.com.
93.115.241.27 connect.facebook.net.
93.115.241.27 platform.twitter.com.


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 ATA Device +++++
--- User ---
[MBR] 378613cd7843854818edb7eca0f22931
[BSP] 9a6aabbb070880253b5fa138b49ff021 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 453219 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 928602112 | Size: 23417 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03062013_02d0157.txt >>
RKreport[1]_S_03062013_02d0148.txt ; RKreport[2]_D_03062013_02d0157.txt






Thanks a bunch! I will wait to hear the latest.

For what I can tell so far opening up a couple browser windows is that no popups have occured
  • 0

#6
dogonit2
Posted 06 March 2013 - 04:24 AM

dogonit2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
update

After opening up a couple more browsers I got the bottom popups again.

One in the bottom left had an error in it and showed no advert.

The one in the bottom right is a large hotizontal Chitka advert.

These popped up when I loaded the malwaretips.com to read about ZeroAccess.

It looks like something is hijacking clicks or something.

I will wait to hear your advise.

Thanks!
  • 0

#7
gringo_pr
Posted 06 March 2013 - 11:39 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello dogonit2

we will run this now, it will help remove some files from the computer.


Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
DeleteFile:
C:\Windows\system32\drivers\etc\hosts
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\


Gringo
  • 0

#8
dogonit2
Posted 06 March 2013 - 12:19 PM

dogonit2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
OK, here is what we got from that.

When the computer started up there was a black screen for about 10 seconds with a similar message as this report....



BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
MoveFileOnReboot: sourceFile = "\??\c:\windows\system32\drivers\etc\hosts", destinationFile = "(null)", replaceWithDummy = 0
  • 0

#9
gringo_pr
Posted 06 March 2013 - 03:30 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello dogonit2

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#10
dogonit2
Posted 06 March 2013 - 03:38 PM

dogonit2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Computer seems to be running smooth after last run. I am not seeing any popup on the bottom left or right.

I also was reading about running TDSSKiller from Kapersky to get rid of that ZeroAccess Rootkit that I mentioned before that was or is on my machine.

But I will run this next scan as you suggested here now and get back to you for further instruction.

Thanks!

Edited by dogonit2, 06 March 2013 - 03:40 PM.

  • 0

Advertisements

#11
dogonit2
Posted 06 March 2013 - 06:24 PM

dogonit2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Ok, so here is what happened next.

I did the best to my knowledge to dissable all security and adwar spyware apps on my system and ran the combofix

It then rebooted the system and it looked like maybe Malware Bytes was trying to open and I stopped it as soon as I saw it.

I got the report, but when I tried opening IE I got an error the it was an illegal action and that the file had been removed and asked if I wanted to delete it. I tried a couple other actions like opening my Windows Live Mail and saw the same notice.

So then I restarted my system and everything loaded as usual. IE is working and so is my mail.

Here is the scan report for the ComboFix:

ComboFix 13-03-05.01 - dogonit23 03/06/2013 14:58:42.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2325 [GMT -8:00]
Running from: c:\users\dogonit23\Desktop\Fix\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Local
c:\users\dogonit23\AppData\Roaming\.#
c:\users\dogonit23\AppData\Roaming\Ehdoiq
c:\users\dogonit23\AppData\Roaming\Ehdoiq\ivve.sot
c:\users\dogonit23\AppData\Roaming\inst.exe
c:\users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\searchplugins\bing-zugo.xml
c:\users\dogonit23\AppData\Roaming\Roacy
c:\users\dogonit23\AppData\Roaming\Roacy\nyune.myw
c:\users\dogonit23\AppData\Roaming\Roenqa
c:\users\dogonit23\AppData\Roaming\Roenqa\xidyv.ukt
c:\users\dogonit23\AppData\Roaming\ubot
c:\users\dogonit23\AppData\Roaming\Yxypoc
c:\users\dogonit23\AppData\Roaming\Yxypoc\vuliy.yff
c:\users\dogonit23\AppData\Roaming\Yzpayv
c:\users\dogonit23\AppData\Roaming\Yzpayv\duekk.cyi
c:\users\dogonit23\g2mdlhlpx.exe
c:\windows\SysWow64\MailBee.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2013-02-06 to 2013-03-06 )))))))))))))))))))))))))))))))
.
.
2013-03-06 09:35 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE5D31BA-8F42-4B2D-ABCF-ABE1250EF629}\mpengine.dll
2013-03-04 18:44 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-28 23:02 . 2013-02-28 23:02 20190 ----a-w- c:\windows\system32\cc_20130228_150248.reg
2013-02-27 12:01 . 2013-01-13 20:09 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-02-26 11:31 . 2011-04-21 18:31 24408 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2013-02-26 11:31 . 2011-04-21 18:31 18776 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2013-02-26 11:31 . 2011-04-21 18:31 17240 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2013-02-26 11:31 . 2013-02-26 11:31 -------- d-----w- c:\programdata\NETGATE
2013-02-26 11:30 . 2013-02-26 11:30 -------- d-----w- c:\program files\NETGATE
2013-02-26 02:45 . 2013-02-26 02:45 -------- d-----w- c:\program files (x86)\High Bar Media
2013-02-26 02:39 . 2013-02-26 02:39 -------- d-----w- c:\program files (x86)\Localizer Leads Tool
2013-02-24 12:20 . 2013-02-24 12:20 -------- d-----w- c:\program files (x86)\TrafficPhoenix
2013-02-24 04:47 . 2013-02-24 04:47 -------- d-----w- c:\program files (x86)\Datagenn.com
2013-02-24 00:37 . 2013-02-24 00:42 -------- d-----w- c:\program files (x86)\Site Profit Bot
2013-02-22 15:49 . 2013-02-22 15:49 -------- d-----w- c:\program files (x86)\CurationSoft
2013-02-19 19:41 . 2013-02-22 00:44 -------- d-----w- c:\program files (x86)\Windows Doctor
2013-02-19 19:23 . 2013-02-19 20:18 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-02-19 19:22 . 2013-02-19 20:18 -------- d-----w- C:\AI_RecycleBin
2013-02-19 05:56 . 2013-02-19 05:56 -------- d-----w- c:\program files (x86)\PC Tools
2013-02-19 05:47 . 2012-11-01 23:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2013-02-19 05:47 . 2013-02-19 20:21 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2013-02-19 05:45 . 2013-02-19 19:14 -------- d-----w- c:\programdata\PC Tools
2013-02-19 05:10 . 2013-02-19 05:10 34304 ----a-w- C:\U
2013-02-19 03:45 . 2013-02-19 03:45 3648 ----a-w- c:\windows\system32\cc_20130218_194538.reg
2013-02-19 03:44 . 2013-02-19 03:45 30862 ----a-w- c:\windows\system32\cc_20130218_194445.reg
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 11:40 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 11:40 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-12 22:42 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-12 22:42 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-12 22:42 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-12 22:42 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-12 22:41 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-12 22:41 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-12 22:41 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-12 22:41 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-12 22:41 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-12 22:41 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-12 22:41 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-12 22:41 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-09 08:37 . 2013-02-09 08:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-08 08:32 . 2013-02-08 08:32 15152 ----a-w- c:\windows\system32\cc_20130208_003209.reg
2013-02-07 20:18 . 2013-02-07 23:45 -------- d-----w- C:\Flight 2
2013-02-07 05:38 . 2013-02-07 05:41 -------- d-----w- C:\Flight
2013-02-07 05:24 . 2013-02-07 05:25 -------- d-----w- c:\program files (x86)\DVDFab 9
2013-02-07 04:49 . 2013-02-27 18:45 -------- d-----w- c:\program files (x86)\EasyLife
2013-02-07 04:48 . 2013-02-07 04:48 -------- d-----w- c:\program files (x86)\BrowseToSave
2013-02-06 01:36 . 2013-02-06 01:36 -------- d-----w- c:\program files (x86)\Tube Fool
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 11:36 . 2012-04-14 18:42 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 11:36 . 2011-05-24 22:02 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 11:47 . 2011-02-07 13:11 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-30 20:09 . 2013-01-30 20:09 20570 ----a-w- c:\windows\system32\cc_20130130_120839.reg
2013-01-30 17:40 . 2013-01-30 17:40 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-01-30 17:40 . 2013-01-30 17:40 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-01-30 10:53 . 2011-02-06 19:59 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 23:59 . 2013-01-20 23:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 23:59 . 2010-10-25 04:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-02-12 22:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-27 11:34 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-27 11:34 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-27 11:34 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-27 11:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-15 00:49 . 2012-04-17 17:33 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 09:42 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 09:42 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 09:42 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 09:42 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 09:42 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 09:42 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 09:42 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 09:42 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 09:42 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 09:42 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 09:42 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 09:42 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 09:42 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 09:42 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 09:42 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 09:42 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 09:42 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 09:42 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 09:42 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 09:42 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 09:42 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 09:42 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 09:42 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 09:42 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 09:42 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 09:42 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 09:42 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 09:42 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 09:42 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 09:42 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 09:42 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 09:42 51712 ----a-w- c:\windows\SysWow64\esrb.rs
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
2011-03-16 11:59 81920 ----a-w- c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}"= "c:\program files (x86)\freecordertoolbar\vmntemplateX.dll" [2011-03-16 81920]
.
[HKEY_CLASSES_ROOT\clsid\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-03-08 160328]
"updateMgr"="c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
"SubVid"="c:\program files (x86)\MindMovies\Subliminal\SubVid.exe" [2008-09-16 139264]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-04-26 3298712]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe [2011-5-20 25214]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 jxxyyoni;jxxyyoni;c:\windows\system32\drivers\jxxyyoni.sys [x]
R2 CLKMSVC10_C6F09094;CyberLink Product - 2011/01/03 00:55;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-09-21 245232]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-23 113792]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-06-07 82816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-15 239136]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-09 1255736]
R3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys [2008-04-30 56104]
R3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys [2008-04-30 378664]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-30 14456]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [2011-04-21 17240]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-15 1236968]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-09-14 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-08 203264]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-03-28 146568]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 190488]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2012-07-19 4111200]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-04 31088]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\Drivers\spyemrg_access.sys [2011-04-21 24408]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys [2011-04-21 18776]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-10-08 38528]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SPYEMRGACCESS
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_C6F09094
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 11:36]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 00:21]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 00:21]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034785586-1586066431-309787569-1000Core.job
- c:\users\dogonit23\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16 18:10]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034785586-1586066431-309787569-1000UA.job
- c:\users\dogonit23\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16 18:10]
.
2013-02-28 c:\windows\Tasks\HPCeeScheduleForDOGONIT23-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-02-21 c:\windows\Tasks\HPCeeScheduleFordogonit23.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-03-06 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-06-12 09:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 85232 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-14 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 611896]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-04 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://search.easylifeapp.com/?pid=34&r=2013/02/07&hid=2146678912&lg=EN&cc=US
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Save Page As PDF ... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?pid=34&r=2013/02/07&hid=2146678912&lg=EN&cc=US&l=1&q=
FF - prefs.js: browser.search.selectedEngine - Search Defender
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?pid=34&r=2013/02/07&hid=2146678912&lg=EN&cc=US&l=1&q=
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-24 13:02; [email protected]; c:\users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\[email protected]
FF - ExtSQL: 2013-01-30 09:26; {5d5886b5-56e6-4327-94dd-7560f56dc9ce}; c:\users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\{5d5886b5-56e6-4327-94dd-7560f56dc9ce}.xpi
FF - ExtSQL: 2013-01-30 09:39; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Traffic Hurricane Pro Personal Use Edition - c:\windows\system32\ss2uinst.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-{AAAD88BC-4E18-3DFB-27B9-689881ECB814} - c:\progra~3\INSTAL~1\{EE534~1\Setup.exe
AddRemove-1476554678.d.seesmic.com - c:\program files (x86)\Microsoft Silverlight\4.0.60531.0\Silverlight.Configuration.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2034785586-1586066431-309787569-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B311BD1F-DA0F-3D56-85DF-219FFB889F85}*]
"magppaelmaonoakdppabibijdg"=hex:6a,61,65,6b,6f,62,63,63,6f,67,6f,64,69,69,62,
68,66,6e,70,6f,00,00
"naajnaljbifenadfpfaamojlifce"=hex:6a,61,65,6b,6f,62,63,63,6f,67,6f,64,69,69,
62,68,66,6e,70,6f,00,00
.
[HKEY_USERS\S-1-5-21-2034785586-1586066431-309787569-1000_Classes\Wow6432Node\CLSID\{2b6734b6-0f7a-4b1b-8a1a-ba534d8b2982}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000162
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2034785586-1586066431-309787569-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):28,f6,5e,cc,c1,c3,44,b0,d8,9e,47,12,fa,85,83,7c,ea,0b,36,68,04,
94,bf,01,51,ef,b9,5f,24,75,80,2a,07,d7,63,61,90,5a,d9,37,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2034785586-1586066431-309787569-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):da,4f,77,66,5c,53,2e,1f,e2,65,03,45,68,ee,f7,82,66,f9,95,be,05,
f8,6f,95,d5,f9,de,33,a1,47,7d,ca,35,e9,18,67,fc,d1,2c,d4,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2034785586-1586066431-309787569-1000_Classes\Wow6432Node\CLSID\{f1449d3c-12f1-4e70-ae97-994c0e5bf443}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bf
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,ed,46,f5,43,91,3a,8b,82,b4,d9,9b,11,ec,b0,ee,4c,c9,d2,22,5b,83,ff,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2013-03-06 15:41:07 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-06 23:41
.
Pre-Run: 271,948,541,952 bytes free
Post-Run: 271,386,046,464 bytes free
.
- - End Of File - - 2DACE4CB70208D8754F40B66F69F338E
  • 0

#12
gringo_pr
Posted 06 March 2013 - 07:29 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello dogonit2

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\EasyLife
c:\program files (x86)\BrowseToSave
c:\program files (x86)\freecordertoolbar

DDS::
mStart Page = hxxp://search.easylifeapp.com/?pid=34&r=2013/02/07&hid=2146678912&lg=EN&cc=US


Firefox::
FF - ProfilePath - c:\users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?pid=34&r=2013/02/07&hid=2146678912&lg=EN&cc=US&l=1&q=
FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?pid=34&r=2013/02/07&hid=2146678912&lg=EN&cc=US&l=1&q=


RegNull:: 
[HKEY_USERS\S-1-5-21-2034785586-1586066431-309787569-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B311BD1F-DA0F-3D56-85DF-219FFB889F85}*]

Driver::
jxxyyoni

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#13
dogonit2
Posted 07 March 2013 - 12:51 AM

dogonit2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Here is the next report from ComboFix.

I had the same problem as before when it closed and restarted the computer. I waited for the report to generate and after I tried opening IE to write to you, but there was an illegal action notice and wouldn't open.

I tried opening another one of my tools and it gave the same warning.

So I went and restarted my computer again and everything seems to me working again.

When I opened IE though there was a message about adding the Freecorder toolbar and if I wanted to proceed, so I clicked on NO to cancel it.

Not sure why that came up?

Here is the report for your review...



ComboFix 13-03-05.01 - dogonit23 03/06/2013 21:44:42.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2266 [GMT -8:00]
Running from: c:\users\dogonit23\Desktop\Fix\ComboFix.exe
Command switches used :: c:\users\dogonit23\Desktop\Fix\CFScript.txt
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BrowseToSave
c:\program files (x86)\BrowseToSave\sprotector.dll
c:\program files (x86)\BrowseToSave\uninstall.exe
c:\program files (x86)\EasyLife
c:\program files (x86)\freecordertoolbar
c:\program files (x86)\freecordertoolbar\chrome\content\lib\about.xml
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\freecordertoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\freecordertoolbar\chrome\content\lib\external.js
c:\program files (x86)\freecordertoolbar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\freecordertoolbar\chrome\content\lib\nsDragAndDrop.js
c:\program files (x86)\freecordertoolbar\chrome\content\lib\rsspreview.html
c:\program files (x86)\freecordertoolbar\chrome\content\lib\rsswin.xml
c:\program files (x86)\freecordertoolbar\chrome\content\lib\rsswin.xsl
c:\program files (x86)\freecordertoolbar\chrome\content\lib\vmncode.js
c:\program files (x86)\freecordertoolbar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\freecordertoolbar\chrome\content\modules\datastore.jsm
c:\program files (x86)\freecordertoolbar\chrome\content\neterror.xhtml
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\newtab.html
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\newtab_mystart.html
c:\program files (x86)\freecordertoolbar\chrome\content\newtab\newtab_yahoo.html
c:\program files (x86)\freecordertoolbar\chrome\content\preferences.xml
c:\program files (x86)\freecordertoolbar\chrome\content\toolbar.htm
c:\program files (x86)\freecordertoolbar\chrome\content\toolbar.xul
c:\program files (x86)\freecordertoolbar\chrome\content\vmncode.js
c:\program files (x86)\freecordertoolbar\chrome\content\vmnrsswin.xml
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\country.json
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\css\dialog.css
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\css\videoplayer.css
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\favorites.json
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\arrow-grey.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\arrows_grey-left.gif
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\arrows_grey-right.gif
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\back.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\btn-search-over.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\btn-search.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\delete.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb-disable.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb-down.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollb.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt-disable.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt-down.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\scrollt.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\star-grey.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\star.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-arrow-hover.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-arrow.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-off-l.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-off-r.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-on-l.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-on-r.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-over-l.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-over-r.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-left.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-red-right.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-left.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\tab-white-right.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\throbber.gif
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\images\vid-bg.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\index.html
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\function.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery-1.4.2.min.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.autocomplete.min.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.event.wheel.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.jlembed.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.scrollTo-min.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\jquery.url.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\JSON.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\main.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\js\videoplayer.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\css\dialog.css
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\bg.gif
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-search.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close-over.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\btn-wide-close.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\default.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\Thumbs.db
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\transparent.gif
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-left.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right-resize.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\images\win-btm-right.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\main.html
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\skin\scripts\defscript.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\tb_icon.png
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\videoplayer.html
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.js
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.jsw
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget.xml
c:\program files (x86)\freecordertoolbar\chrome\content\widgets\net.vmn.www.WebTV\widget_version.txt
c:\program files (x86)\freecordertoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files (x86)\freecordertoolbar\chrome\data\product.xml
c:\program files (x86)\freecordertoolbar\chrome\data\rss\rss.xml
c:\program files (x86)\freecordertoolbar\chrome\data\search\engines.xml
c:\program files (x86)\freecordertoolbar\chrome\data\search\search.xsl
c:\program files (x86)\freecordertoolbar\chrome\data\weather\icons.xml
c:\program files (x86)\freecordertoolbar\chrome\skin\1x1_png
c:\program files (x86)\freecordertoolbar\chrome\skin\about.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\about_logo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\bluelite.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\bluesky.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-search-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-settings-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-settings.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn-widgets.png
c:\program files (x86)\freecordertoolbar\chrome\skin\btn_settings.png
c:\program files (x86)\freecordertoolbar\chrome\skin\ca.png
c:\program files (x86)\freecordertoolbar\chrome\skin\convert_png
c:\program files (x86)\freecordertoolbar\chrome\skin\dictionary.png
c:\program files (x86)\freecordertoolbar\chrome\skin\divider.png
c:\program files (x86)\freecordertoolbar\chrome\skin\downloadcom.png
c:\program files (x86)\freecordertoolbar\chrome\skin\dtxlogo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\email.png
c:\program files (x86)\freecordertoolbar\chrome\skin\email_on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\facebook.png
c:\program files (x86)\freecordertoolbar\chrome\skin\freecoder_small_Logo_png
c:\program files (x86)\freecordertoolbar\chrome\skin\freecoder_small_Logo2_png
c:\program files (x86)\freecordertoolbar\chrome\skin\freecoder_small_Logo3_png
c:\program files (x86)\freecordertoolbar\chrome\skin\freecorder_logo5_small_png
c:\program files (x86)\freecordertoolbar\chrome\skin\games.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphna.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred0.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred0_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred1.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred1_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred2.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred2_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred3.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred3_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred4.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred4_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphred5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\graphredna.png
c:\program files (x86)\freecordertoolbar\chrome\skin\grey.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\ico-shield.png
c:\program files (x86)\freecordertoolbar\chrome\skin\images.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\add.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\alexabutton.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\aol.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\blank.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\button-splitter.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\checkmark.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\chevron.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\collapse.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\comcast.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\debugbar\debug.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\dtx-test.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\dtx.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\edit-back.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\embarq.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\expand.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\fast.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\found.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\gmail.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\gripper.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\hotmail.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\ico-check.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\imap.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\launchers.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\lock.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\mailcom.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemleft.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\minus.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\modify.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\move.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\movetarget.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\newsitem.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\plus.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\pop.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank0.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank0_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank1.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank1_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank2.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank2_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank3.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank3_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank4.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank4_5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rank5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rankna.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\reload.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\remove.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rename.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rss.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\search-go.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\separator.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\throbber.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-norating.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-verified.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\lib\yahoo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\lichen.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\logo-about.png
c:\program files (x86)\freecordertoolbar\chrome\skin\logo-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\logo-separator.png
c:\program files (x86)\freecordertoolbar\chrome\skin\logo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\mail.png
c:\program files (x86)\freecordertoolbar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\modify-save.png
c:\program files (x86)\freecordertoolbar\chrome\skin\modify.png
c:\program files (x86)\freecordertoolbar\chrome\skin\modifyhot.png
c:\program files (x86)\freecordertoolbar\chrome\skin\music.png
c:\program files (x86)\freecordertoolbar\chrome\skin\namespacetoolbar.css
c:\program files (x86)\freecordertoolbar\chrome\skin\news.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options-main.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options-search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-main.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-weather.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-weather.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options\options-widgets.png
c:\program files (x86)\freecordertoolbar\chrome\skin\options_png
c:\program files (x86)\freecordertoolbar\chrome\skin\orange.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\p_yahoo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\pixsy.png
c:\program files (x86)\freecordertoolbar\chrome\skin\play_png
c:\program files (x86)\freecordertoolbar\chrome\skin\ppcbully.png
c:\program files (x86)\freecordertoolbar\chrome\skin\protect-id.png
c:\program files (x86)\freecordertoolbar\chrome\skin\record_audio_png
c:\program files (x86)\freecordertoolbar\chrome\skin\relatedlinks.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-collapse.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-delete.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-expand.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-feed.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-folder.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-found.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-reload.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss-subscribe.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rss.png
c:\program files (x86)\freecordertoolbar\chrome\skin\rssback.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\rsstopback.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\search-over.png
c:\program files (x86)\freecordertoolbar\chrome\skin\search.png
c:\program files (x86)\freecordertoolbar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\freecordertoolbar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\freecordertoolbar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\freecordertoolbar\chrome\skin\settings.png
c:\program files (x86)\freecordertoolbar\chrome\skin\shopping.png
c:\program files (x86)\freecordertoolbar\chrome\skin\siteinfo.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-bluelite.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-bluesky.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-grey.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-lichen.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-orange.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin-yellow.png
c:\program files (x86)\freecordertoolbar\chrome\skin\skin.xml
c:\program files (x86)\freecordertoolbar\chrome\skin\technorati.png
c:\program files (x86)\freecordertoolbar\chrome\skin\throbber.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\freecordertoolbar\chrome\skin\translate.png
c:\program files (x86)\freecordertoolbar\chrome\skin\TRUSTe_about.png
c:\program files (x86)\freecordertoolbar\chrome\skin\tv_png
c:\program files (x86)\freecordertoolbar\chrome\skin\video_history_png
c:\program files (x86)\freecordertoolbar\chrome\skin\vmn.css
c:\program files (x86)\freecordertoolbar\chrome\skin\vmn.png
c:\program files (x86)\freecordertoolbar\chrome\skin\web.png
c:\program files (x86)\freecordertoolbar\chrome\skin\websearch.png
c:\program files (x86)\freecordertoolbar\chrome\skin\wikipedia.png
c:\program files (x86)\freecordertoolbar\chrome\skin\yahoosearch.png
c:\program files (x86)\freecordertoolbar\chrome\skin\yellow.gif
c:\program files (x86)\freecordertoolbar\chrome\skin\youtube.png
c:\program files (x86)\freecordertoolbar\chrome\skin\youtube_png
c:\program files (x86)\freecordertoolbar\chrome\skin\zoom.png
c:\program files (x86)\freecordertoolbar\components\windowmediator.js
c:\program files (x86)\freecordertoolbar\install.ico
c:\program files (x86)\freecordertoolbar\manifest.xml
c:\program files (x86)\freecordertoolbar\partner.xml
c:\program files (x86)\freecordertoolbar\uninstall.exe
c:\program files (x86)\freecordertoolbar\vmntemplate.dll
c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
c:\users\dogonit23\g2mdlhlpx.exe
F:\Autorun.inf
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_jxxyyoni
.
.
((((((((((((((((((((((((( Files Created from 2013-02-07 to 2013-03-07 )))))))))))))))))))))))))))))))
.
.
2013-03-06 09:35 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE5D31BA-8F42-4B2D-ABCF-ABE1250EF629}\mpengine.dll
2013-03-04 18:44 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-28 23:02 . 2013-02-28 23:02 20190 ----a-w- c:\windows\system32\cc_20130228_150248.reg
2013-02-27 12:01 . 2013-01-13 20:09 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-02-26 11:31 . 2011-04-21 18:31 24408 ----a-w- c:\windows\system32\drivers\spyemrg_access.sys
2013-02-26 11:31 . 2011-04-21 18:31 18776 ----a-w- c:\windows\system32\drivers\spyemrg_guard.sys
2013-02-26 11:31 . 2011-04-21 18:31 17240 ----a-w- c:\windows\system32\drivers\spyemrg.sys
2013-02-26 11:31 . 2013-02-26 11:31 -------- d-----w- c:\programdata\NETGATE
2013-02-26 11:30 . 2013-02-26 11:30 -------- d-----w- c:\program files\NETGATE
2013-02-26 02:45 . 2013-02-26 02:45 -------- d-----w- c:\program files (x86)\High Bar Media
2013-02-26 02:39 . 2013-02-26 02:39 -------- d-----w- c:\program files (x86)\Localizer Leads Tool
2013-02-24 12:20 . 2013-02-24 12:20 -------- d-----w- c:\program files (x86)\TrafficPhoenix
2013-02-24 04:47 . 2013-02-24 04:47 -------- d-----w- c:\program files (x86)\Datagenn.com
2013-02-24 00:37 . 2013-02-24 00:42 -------- d-----w- c:\program files (x86)\Site Profit Bot
2013-02-22 15:49 . 2013-02-22 15:49 -------- d-----w- c:\program files (x86)\CurationSoft
2013-02-19 19:41 . 2013-02-22 00:44 -------- d-----w- c:\program files (x86)\Windows Doctor
2013-02-19 19:23 . 2013-02-19 20:18 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-02-19 19:22 . 2013-02-19 20:18 -------- d-----w- C:\AI_RecycleBin
2013-02-19 05:56 . 2013-02-19 05:56 -------- d-----w- c:\program files (x86)\PC Tools
2013-02-19 05:47 . 2012-11-01 23:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2013-02-19 05:47 . 2013-02-19 20:21 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2013-02-19 05:45 . 2013-02-19 19:14 -------- d-----w- c:\programdata\PC Tools
2013-02-19 05:10 . 2013-02-19 05:10 34304 ----a-w- C:\U
2013-02-19 03:45 . 2013-02-19 03:45 3648 ----a-w- c:\windows\system32\cc_20130218_194538.reg
2013-02-19 03:44 . 2013-02-19 03:45 30862 ----a-w- c:\windows\system32\cc_20130218_194445.reg
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2013-02-14 11:40 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 11:40 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-12 22:42 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-12 22:42 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-12 22:42 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-12 22:42 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-12 22:41 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-12 22:41 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-12 22:41 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-12 22:41 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-12 22:41 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-12 22:41 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-12 22:41 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-12 22:41 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-09 08:37 . 2013-02-09 08:37 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-08 08:32 . 2013-02-08 08:32 15152 ----a-w- c:\windows\system32\cc_20130208_003209.reg
2013-02-07 20:18 . 2013-02-07 23:45 -------- d-----w- C:\Flight 2
2013-02-07 05:38 . 2013-02-07 05:41 -------- d-----w- C:\Flight
2013-02-07 05:24 . 2013-02-07 05:25 -------- d-----w- c:\program files (x86)\DVDFab 9
2013-02-06 01:36 . 2013-02-06 01:36 -------- d-----w- c:\program files (x86)\Tube Fool
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 11:36 . 2012-04-14 18:42 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-27 11:36 . 2011-05-24 22:02 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 11:47 . 2011-02-07 13:11 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-01-30 20:09 . 2013-01-30 20:09 20570 ----a-w- c:\windows\system32\cc_20130130_120839.reg
2013-01-30 17:40 . 2013-01-30 17:40 47496 ----a-w- c:\windows\system32\sbbd.exe
2013-01-30 17:40 . 2013-01-30 17:40 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-01-30 10:53 . 2011-02-06 19:59 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 23:59 . 2013-01-20 23:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 23:59 . 2010-10-25 04:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-04 04:43 . 2013-02-12 22:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-27 11:34 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-27 11:34 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-27 11:34 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-27 11:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-15 00:49 . 2012-04-17 17:33 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 13:20 . 2013-01-09 09:42 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 09:42 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 09:42 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 09:42 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 09:42 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 09:42 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 09:42 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 09:42 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 09:42 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 09:42 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 09:42 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 09:42 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 09:42 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 09:42 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 09:42 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 09:42 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 09:42 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 09:42 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 09:42 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 09:42 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 09:42 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 09:42 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 09:42 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 09:42 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 09:42 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 09:42 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 09:42 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 09:42 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 09:42 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 09:42 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 09:42 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 09:42 51712 ----a-w- c:\windows\SysWow64\esrb.rs
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-03-08 160328]
"updateMgr"="c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
"SubVid"="c:\program files (x86)\MindMovies\Subliminal\SubVid.exe" [2008-09-16 139264]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-04-26 3298712]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-01 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"Acrobat Assistant 7.0"="c:\program files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-100000000002}\SC_Acrobat.exe [2011-5-20 25214]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R2 CLKMSVC10_C6F09094;CyberLink Product - 2011/01/03 00:55;c:\program files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [2010-09-21 245232]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2009-06-23 113792]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-06-07 82816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-09-15 239136]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-09 1255736]
R3 wtsmpadap;Sesam Virtual Adapter;c:\windows\system32\DRIVERS\wtsmpadap.sys [2008-04-30 56104]
R3 WtSmpFlt;Sesam Adapter;c:\windows\system32\DRIVERS\wtsmpflt.sys [2008-04-30 378664]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-01-30 14456]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [2011-04-21 17240]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-12-15 1236968]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2010-09-14 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-08 203264]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-09-29 26680]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-03-28 146568]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 190488]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [2011-01-14 341296]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2012-07-19 4111200]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-04 31088]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\Drivers\spyemrg_access.sys [2011-04-21 24408]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys [2011-04-21 18776]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-10-08 38528]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_C6F09094
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 11:36]
.
2013-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 00:21]
.
2013-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 00:21]
.
2013-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034785586-1586066431-309787569-1000Core.job
- c:\users\dogonit23\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16 18:10]
.
2013-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2034785586-1586066431-309787569-1000UA.job
- c:\users\dogonit23\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-16 18:10]
.
2013-02-28 c:\windows\Tasks\HPCeeScheduleForDOGONIT23-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-02-21 c:\windows\Tasks\HPCeeScheduleFordogonit23.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2013-03-07 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-06-12 09:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 85232 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-09-14 487424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-01 611896]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-04 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2010-09-16 464744]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://search.easylifeapp.com/?pid=34&r=2013/02/07&hid=2146678912&lg=EN&cc=US
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Save Page As PDF ... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\
FF - prefs.js: browser.search.selectedEngine - Search Defender
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-01-24 13:02; [email protected]; c:\users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\[email protected]
FF - ExtSQL: 2013-01-30 09:26; {5d5886b5-56e6-4327-94dd-7560f56dc9ce}; c:\users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\{5d5886b5-56e6-4327-94dd-7560f56dc9ce}.xpi
FF - ExtSQL: 2013-01-30 09:39; jid1-yZwVFzbsyfMrqQ@jetpack; c:\users\dogonit23\AppData\Roaming\Mozilla\Firefox\Profiles\dlp00xlg.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
Toolbar-{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - c:\program files (x86)\freecordertoolbar\vmntemplateX.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-freecordertoolbar - c:\program files (x86)\freecordertoolbar\uninstall.exe
AddRemove-SP_f2a323db - c:\program files (x86)\BrowseToSave\uninstall.exe
AddRemove-Traffic Hurricane Pro Personal Use Edition - c:\windows\system32\ss2uinst.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-{AAAD88BC-4E18-3DFB-27B9-689881ECB814} - c:\progra~3\INSTAL~1\{EE534~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2034785586-1586066431-309787569-1000_Classes\Wow6432Node\CLSID\{2b6734b6-0f7a-4b1b-8a1a-ba534d8b2982}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000162
"Therad"=dword:0000001b
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-2034785586-1586066431-309787569-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):28,f6,5e,cc,c1,c3,44,b0,d8,9e,47,12,fa,85,83,7c,ea,0b,36,68,04,
94,bf,01,51,ef,b9,5f,24,75,80,2a,07,d7,63,61,90,5a,d9,37,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2034785586-1586066431-309787569-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):da,4f,77,66,5c,53,2e,1f,e2,65,03,45,68,ee,f7,82,66,f9,95,be,05,
f8,6f,95,d5,f9,de,33,a1,47,7d,ca,35,e9,18,67,fc,d1,2c,d4,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2034785586-1586066431-309787569-1000_Classes\Wow6432Node\CLSID\{f1449d3c-12f1-4e70-ae97-994c0e5bf443}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000bf
"Therad"=dword:0000001f
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,ed,46,f5,43,91,3a,8b,82,b4,d9,9b,11,ec,b0,ee,4c,c9,d2,22,5b,83,ff,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2013-03-06 22:28:52 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-07 06:28
ComboFix2.txt 2013-03-06 23:41
.
Pre-Run: 270,432,514,048 bytes free
Post-Run: 270,390,927,360 bytes free
.
- - End Of File - - E41050CDD7D258F9FD54591C75642512

''
  • 0

#14
gringo_pr
Posted 07 March 2013 - 01:02 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello dogonit2

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#15
dogonit2
Posted 07 March 2013 - 01:24 AM

dogonit2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Dang! There's a lot here...


Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe Acrobat 7.0 Standard - English, Français, Deutsch
Adobe Acrobat 7.1.0 Standard - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
AI RoboForm
Amazon Kindle
Apple Application Support
Apple Software Update
ArcSoft Camera Suite 1.3
ArcSoft Software Suite
ASHelper
Atheros Driver Installation Program
Audacity 1.3.13 (Unicode)
AudibleManager
Auto Blog Software
Auto Hide IP
Auto Traffic Monopoly 1.0.1
AzSiteBuilder
BacklinkProfitMonster
Bejeweled 2 Deluxe
Big Boy Cover Creator
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Blog Profit Pro
BlogHatter Pro 2010
Bloopio
Bounce Symphony
BrowseToSave 1.74
Build-a-lot 2
BusinessLeadsMiner v2.54
Cake Mania
Camtasia Studio 7
Canon MP Navigator EX 1.0
Canon MP210 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CardMinder V3.0
Carnival Submitter
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CherryPicker
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco WebEx Meetings
CloneDVD2
Conference Recording Service
Content Samurai 1.0
Coupon Printer for Windows
CurationSoft
CyberLink DVD Suite
D3DX10
DeepBurner Pro v1.9.0.228
DeepBurner v1.9.0.228
DHTML Editing Component
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Doxillion Document Converter
DupeFree Pro
DVD Decrypter (Remove Only)
DVD Menu Pack for HP MediaSmart Video
DVDFab 9.0.1.5 (08/12/2012) Qt
Easy Lead Finder
Easy Sales Video Player
Ecover Brander 1.0
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Farm Frenzy
FATE
FBP - Facebook Blaster Pro
Fences Pro
FileZilla Client 3.6.0.2
Final Drive Nitro
Freecorder 5
Freecorder Toolbar
FreeMind
GIMP 2.6.8
Google Chrome
Google Maps Listing Locator
Google Talk Plugin
Google Update Helper
GoogleMapsCash.com Software 1.1
GoToMeeting 5.4.0.1083
GPScraper 2011
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Game Console
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
Hulu Desktop
IDT Audio
IM Easy Button Autoresponder
Instant Business Finder v2.27
Instant Content Curator Pro
Instant Lead Magnet Demo v1.13
Internet Download Manager
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
JDownloader 0.9
Jewel Quest Solitaire 2
Jing
Junk Mail filter update
Keyword Tool v2.01
KeywordSwipe 1.0
KSO Watchboard
LabelPrint
Link Builder
Linkwheel
Local Leads Magic Extractor
Local Niche Spy
Localizer Beta
Localizer Leads Tool
Logic Audio Platinum v5.10
Logitech Vid
Long Tail Pro
Malwarebytes Anti-Malware version 1.70.0.1100
Micro Niche Domain Finder version 0.23
MicroCashMachines
Microsoft Default Manager
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MixPad
Mobile Partner
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Niche Video Site Builder - Platinum Edition 1.0
NicheSensei
OnlyWire
OpenOffice.org 3.3
PageOne Curator
PDF Download for Internet Explorer
PDFCreator
pdfforge Toolbar v4.6
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power Lead Snatcher v1.0
Power2Go
PowerDirector
PrimoPDF -- brought to you by Nitro PDF Software
Project Organizer
Proxy Goblin
Proxy Server Finder
Quick Video Marketing Extreme Suite 1.0
QuickTime
Rank Armory Setup
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Recovery Manager
RoxioNow Player
ScanSnap Manager
ScanSnap Organizer
Search Syndicate version 1.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SendBlaster 2
Sindicator
Site Profit Bot 1.8
Skype Click to Call
Skype™ 6.1
SpinWizard-HC
SpywareBlaster 4.6
StorageSync Backup Software
Subliminal $SUBLIMINAL_VERSION
Switch Sound File Converter
The 5 Bucks a Day Action Enforcer
The Logo Creator v5.2
The Prospector version 2.7
Times Reader
topkeywordlists
Torch
Traffic Hurricane Pro Personal Use Edition
Traffic Launch Pad
Traffic Travis 3.3.16
TrafficPhoenix
Tube Equalizer
Tube Fool
Tube NiTRO
Turbo Lister 2
Underachiever Secrets
Uniblue RegistryBooster
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update or Uninstall SENukeX
VC80CRTRedist - 8.0.50727.6195
Viral PDF Silver Edition v2.0
Viral Video Curator Pro
Virtual Families
Virtual Villagers 4 - The Tree of Life
VLC media player 1.1.11
WavePad Sound Editor
WebM Media Foundation Components
Website Indexer
Wheel of Fortune 2
Windows Doctor 2.7.4
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.1
WinRAR archiver
WinX DVD Ripper Platinum 6.3.5
Wordpress EasyButton
xGen SEO
XHeader
XMind
XTA Deluxe
XTBSetup
YellaBot
YPSpider v2.15
Zuma Deluxe
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP