Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Too slow and won't open [Solved]


  • This topic is locked This topic is locked

#1
bigredyeeha

bigredyeeha

    Member

  • Member
  • PipPip
  • 35 posts
Hello, My computer is running very, very slow. I have a hard time opening anything and then when it does open I can't change pages or close the file. I also can't get rid of delta-search.com. Thank you, Carla


OTL logfile created on: 3/17/2013 7:05:17 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bigred\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 55.07% Memory free
7.60 Gb Paging File | 5.34 Gb Available in Paging File | 70.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 43.85 Gb Free Space | 9.78% Space Free | Partition Type: NTFS
Drive D: | 17.01 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
Drive F: | 1.84 Gb Total Space | 0.88 Gb Free Space | 47.79% Space Free | Partition Type: FAT

Computer Name: BIGRED-HP | User Name: bigred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/17 19:02:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bigred\Downloads\OTL (2).exe
PRC - [2013/03/10 17:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/02/23 20:16:58 | 001,297,728 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2013/02/23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2013/02/21 02:30:09 | 002,561,488 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2013/02/09 23:53:21 | 000,888,912 | ---- | M] (http://goforfiles.com/) -- C:\Program Files (x86)\GoforFiles\GoforFiles.exe
PRC - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/17 20:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/11/08 13:16:41 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\bigred\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/09/05 08:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/07/06 20:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/11/20 05:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 10:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 10:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2005/05/29 11:59:56 | 000,249,856 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysWOW64\nhsrvice.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/12 23:00:43 | 000,096,256 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\win32api.pyd
MOD - [2013/03/12 23:00:43 | 000,086,016 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\_elementtree.pyd
MOD - [2013/03/12 23:00:43 | 000,040,448 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\_socket.pyd
MOD - [2013/03/12 23:00:42 | 000,571,392 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\pysqlite2._sqlite.pyd
MOD - [2013/03/12 23:00:42 | 000,263,168 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\win32com.shell.shell.pyd
MOD - [2013/03/12 23:00:42 | 000,070,656 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\wx._html2.pyd
MOD - [2013/03/12 23:00:42 | 000,023,040 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\win32ts.pyd
MOD - [2013/03/12 23:00:41 | 001,024,616 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\windows._cacheinvalidation.pyd
MOD - [2013/03/12 23:00:41 | 000,792,576 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\wx._gdi_.pyd
MOD - [2013/03/12 23:00:41 | 000,153,088 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\pyexpat.pyd
MOD - [2013/03/12 23:00:41 | 000,073,728 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\_ctypes.pyd
MOD - [2013/03/12 23:00:41 | 000,017,920 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\win32profile.pyd
MOD - [2013/03/12 23:00:41 | 000,011,776 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\win32crypt.pyd
MOD - [2013/03/12 23:00:40 | 000,354,304 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\pythoncom26.dll
MOD - [2013/03/12 23:00:39 | 000,731,136 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\wx._misc_.pyd
MOD - [2013/03/12 23:00:39 | 000,110,592 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\win32security.pyd
MOD - [2013/03/12 23:00:39 | 000,110,592 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\PyWinTypes26.dll
MOD - [2013/03/12 23:00:38 | 000,645,120 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\_ssl.pyd
MOD - [2013/03/12 23:00:37 | 000,022,528 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\win32pdh.pyd
MOD - [2013/03/12 23:00:36 | 001,169,408 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\wx._core_.pyd
MOD - [2013/03/12 23:00:36 | 000,036,352 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\win32process.pyd
MOD - [2013/03/12 23:00:35 | 000,807,424 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\wx._windows_.pyd
MOD - [2013/03/12 23:00:35 | 000,311,808 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\_hashlib.pyd
MOD - [2013/03/12 23:00:34 | 000,121,856 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\wx._wizard.pyd
MOD - [2013/03/12 23:00:34 | 000,111,104 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\win32file.pyd
MOD - [2013/03/12 23:00:33 | 001,056,256 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\wx._controls_.pyd
MOD - [2013/03/12 23:00:33 | 000,039,424 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\win32inet.pyd
MOD - [2013/03/12 23:00:33 | 000,017,920 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\win32event.pyd
MOD - [2013/03/12 23:00:32 | 000,585,728 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\unicodedata.pyd
MOD - [2013/03/12 23:00:32 | 000,011,776 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI23402\select.pyd
MOD - [2013/03/10 17:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
MOD - [2013/03/10 17:22:05 | 012,662,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013/03/10 17:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013/03/10 17:21:18 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013/03/10 17:21:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013/03/10 17:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2013/02/21 02:30:09 | 002,561,488 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2013/02/21 02:28:52 | 002,231,248 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2013/02/19 17:07:31 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/19 17:07:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/02/19 17:07:19 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/02/19 17:07:16 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll
MOD - [2013/02/19 17:07:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/19 17:07:02 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/02/19 17:06:53 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/02/19 17:06:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/02/19 17:06:43 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/02/19 17:06:28 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/03/11 15:15:28 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2013/02/23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2013/02/21 02:30:09 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/12 11:57:00 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/11/08 13:16:41 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/05 08:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 10:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/05/29 11:59:56 | 000,249,856 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nhsrvice.exe -- (HASP Loader)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/12 08:03:17 | 000,016,712 | ---- | M] (Sysinternals - www.sysinternals.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PROCEXP113.SYS -- (PROCEXP113)
DRV:64bit: - [2012/11/19 12:44:05 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012/11/16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/11/08 13:16:41 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/10/22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/10 09:14:40 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/10/01 02:16:50 | 000,393,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/01 12:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/02 01:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/07/28 22:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/05/31 12:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 07:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2005/06/14 14:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2010/12/01 12:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/09/22 18:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{2329682A-A937-45B6-BEAC-7478F846FA98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{56FA97F6-0390-4321-AA15-0448C1B784F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{FC7D8A10-BD57-4211-BA96-6C35D96EBE76}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{FC974F47-E694-49EB-A6D3-0BBF6E78B730}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{2329682A-A937-45B6-BEAC-7478F846FA98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{56FA97F6-0390-4321-AA15-0448C1B784F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glary...s}&src=iesearch
IE - HKLM\..\SearchScopes\{FC7D8A10-BD57-4211-BA96-6C35D96EBE76}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{FC974F47-E694-49EB-A6D3-0BBF6E78B730}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-sea...000c0cb3865fdbb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-sea...000c0cb3865fdbb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {1B250067-DB47-42EF-9FC9-5E3320D3236F}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...000c0cb3865fdbb
IE - HKCU\..\SearchScopes\{1B250067-DB47-42EF-9FC9-5E3320D3236F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{2329682A-A937-45B6-BEAC-7478F846FA98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{56FA97F6-0390-4321-AA15-0448C1B784F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{BC364A77-1EA2-BC9C-F6F5-CC73E1D83A10}: "URL" = http://som.startnow....eferrer:source}
IE - HKCU\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glary...s}&src=iesearch
IE - HKCU\..\SearchScopes\{D860F854-D0FA-478B-AD33-C964539D75DB}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{F2CE6E4D-57C5-467F-8599-01193454C044}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{FC7D8A10-BD57-4211-BA96-6C35D96EBE76}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{FC974F47-E694-49EB-A6D3-0BBF6E78B730}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledAddons: [email protected]:5.1
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0.0
FF - prefs.js..extensions.enabledAddons: [email protected]:0.88.44
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaulturl: "http://search.condui...53654476765049"
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke B Customized Web Search"
FF - prefs.js..CT3279141.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=994519&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/29 13:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013/02/28 15:41:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/19 19:42:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/11 00:28:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/29 13:25:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/03/10 02:18:45 | 000,000,000 | ---D | M]

[2013/02/20 23:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Extensions
[2013/03/10 02:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions
[2013/02/28 16:03:43 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}
[2013/02/28 15:43:26 | 000,000,000 | ---D | M] (WhiteSmoke B) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\{f0e59437-6148-4a98-b0a6-60d557ef57f4}
[2012/04/17 14:41:46 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/03/10 02:17:19 | 000,000,000 | ---D | M] ("Savings Addon") -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/02/28 15:43:25 | 000,000,000 | ---D | M] ("Shopping Sidekick Plugin") -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/03/10 02:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/03/10 02:18:48 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/02/21 00:13:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\staged
[2013/02/28 15:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\chrome
[2013/02/28 15:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\defaults
[2013/02/17 06:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\locale
[2013/02/17 06:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\skin
[2013/03/10 02:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\chrome\content\extensionCode
[2013/02/17 06:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\chrome\content\extensionCode
[2013/03/10 02:16:41 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/02/18 18:28:54 | 000,000,983 | ---- | M] () -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\conduit.xml
[2013/03/10 02:18:55 | 000,001,294 | ---- | M] () -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\delta.xml
[2013/02/20 23:59:34 | 000,002,687 | ---- | M] () -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\Search_Results.xml
[2013/02/28 15:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 05:09:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/28 15:41:36 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/07/08 00:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/19 16:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 16:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/03/10 02:18:12 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/05/30 18:53:12 | 000,001,567 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\glarysearch.xml
[2013/02/20 23:59:34 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Savings Addon = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklfnijkecmmkjhjoamnpoemkpoppafe\1.23.45_0\crossrider
CHR - Extension: Savings Addon = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\iklfnijkecmmkjhjoamnpoemkpoppafe\1.23.45_0\
CHR - Extension: Gmail = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/05/13 18:53:40 | 000,001,204 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - {0B4A07CF-45EB-4B10-B6BB-35568A2F89BE} - No CLSID value found.
O2 - BHO: (InfoAtoms) - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll (InfoAtoms Inc.)
O2 - BHO: (Savings Addon) - {11111111-1111-1111-1111-110211141126} - C:\Program Files (x86)\Savings Addon\Savings Addon.dll (215 Apps)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {652853ad-5592-4231-88c6-706613a52e61} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\bigred\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\bigred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{065A34AD-7DA7-4242-ACBD-4ED8237E6360}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB5B1F85-3362-4502-B466-8FA0186AD10E}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~2\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/17 19:25:12 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Decor
[2013/03/17 19:15:01 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Unity of Wicca_files
[2013/03/17 19:08:09 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\(72) Unity of Wicca_files
[2013/03/17 19:05:38 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Vacation
[2013/03/12 23:56:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/03/12 23:56:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/03/12 23:41:44 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Pyracy Pub_files
[2013/03/12 23:29:05 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Ghost Towns and History of the American West_files
[2013/03/12 03:25:57 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\Spotify
[2013/03/12 03:23:24 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Spotify
[2013/03/12 03:23:13 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\{A3905300-C593-4B26-876C-532F48096AA5}
[2013/03/11 00:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/03/11 00:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/03/11 00:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/03/10 02:19:02 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/03/10 02:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013/03/10 02:18:29 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Delta
[2013/03/10 02:18:21 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\BabSolution
[2013/03/10 02:17:26 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\Updater21426
[2013/03/10 02:17:20 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\Savings Addon
[2013/03/10 02:16:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Savings Addon
[2013/03/10 02:16:36 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[2013/03/10 02:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com
[2013/03/08 18:56:00 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2013/03/08 17:00:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2013/03/08 17:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze Remote Toolbar
[2013/03/07 11:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/02/28 18:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/02/25 23:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/02/21 00:08:09 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\internethelper
[2013/02/21 00:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Internet Helper Anti-phishing
[2013/02/20 23:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar
[2013/02/20 23:59:21 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\iLivid
[2013/02/20 16:50:19 | 000,000,000 | ---D | C] -- C:\Users\bigred\Documents\Adobe Scripts
[2013/02/20 16:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/02/18 18:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuguu SL
[2013/02/18 18:39:49 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\player
[2013/02/18 18:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPlayer
[2013/02/18 18:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/02/18 18:28:37 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\Supreme Savings
[2013/02/18 11:07:45 | 000,000,000 | ---D | C] -- C:\New folder
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\bigred\Desktop\*.tmp files -> C:\Users\bigred\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/17 19:30:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/17 19:15:01 | 003,009,352 | ---- | M] () -- C:\Users\bigred\Desktop\Unity of Wicca.htm
[2013/03/17 19:08:09 | 001,655,027 | ---- | M] () -- C:\Users\bigred\Desktop\(72) Unity of Wicca.htm
[2013/03/17 19:00:13 | 000,196,996 | ---- | M] () -- C:\Users\bigred\Desktop\Spirt.jpg
[2013/03/17 18:53:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/12 23:55:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3343391003-4272309500-464388543-1000UA.job
[2013/03/12 23:41:44 | 000,104,994 | ---- | M] () -- C:\Users\bigred\Desktop\Pyracy Pub.htm
[2013/03/12 23:32:20 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/12 23:29:05 | 000,003,177 | ---- | M] () -- C:\Users\bigred\Desktop\Ghost Towns and History of the American West.htm
[2013/03/12 23:14:10 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/12 23:14:09 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/12 23:07:31 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/03/12 23:04:11 | 000,000,012 | ---- | M] () -- C:\Windows\SysWow64\haspaddr.dat
[2013/03/12 23:00:25 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/03/12 22:59:27 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/12 22:57:21 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/12 04:12:03 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/03/12 03:30:36 | 000,001,811 | ---- | M] () -- C:\Users\bigred\Desktop\Spotify.lnk
[2013/03/12 03:20:58 | 000,684,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/12 03:20:58 | 000,129,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/12 03:20:56 | 000,812,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/11 00:30:29 | 000,002,166 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/03/11 00:30:28 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/03/11 00:29:03 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/10 20:55:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3343391003-4272309500-464388543-1000Core.job
[2013/03/10 02:06:04 | 000,000,084 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013/03/08 18:56:45 | 000,001,318 | ---- | M] () -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013/03/07 11:55:11 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/03/06 16:36:07 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbigred.job
[2013/03/02 16:47:13 | 000,002,279 | ---- | M] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/28 18:06:59 | 000,001,254 | ---- | M] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/20 14:36:07 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/02/20 14:36:07 | 000,001,848 | ---- | M] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/02/19 18:55:49 | 000,806,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/18 18:39:49 | 000,002,603 | ---- | M] () -- C:\Users\Public\Desktop\VPlayer.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\bigred\Desktop\*.tmp files -> C:\Users\bigred\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/17 19:15:01 | 003,009,352 | ---- | C] () -- C:\Users\bigred\Desktop\Unity of Wicca.htm
[2013/03/17 19:08:06 | 001,655,027 | ---- | C] () -- C:\Users\bigred\Desktop\(72) Unity of Wicca.htm
[2013/03/12 23:41:44 | 000,104,994 | ---- | C] () -- C:\Users\bigred\Desktop\Pyracy Pub.htm
[2013/03/12 23:29:04 | 000,003,177 | ---- | C] () -- C:\Users\bigred\Desktop\Ghost Towns and History of the American West.htm
[2013/03/12 03:50:07 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/03/12 03:25:55 | 000,001,797 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/03/12 03:25:54 | 000,001,811 | ---- | C] () -- C:\Users\bigred\Desktop\Spotify.lnk
[2013/03/11 00:30:29 | 000,002,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/03/11 00:30:28 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/03/11 00:29:03 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/11 00:29:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/05 21:56:02 | 000,001,318 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013/02/28 18:13:24 | 000,002,279 | ---- | C] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/28 18:13:24 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/20 16:46:52 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2013/02/20 16:46:01 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2013/02/20 16:43:39 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2013/02/20 16:43:08 | 000,001,262 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2013/02/20 16:41:21 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2013/02/20 16:41:09 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2013/02/18 18:39:49 | 000,002,603 | ---- | C] () -- C:\Users\Public\Desktop\VPlayer.lnk
[2013/02/05 13:55:04 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\haspaddr.dat
[2013/02/05 13:54:04 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2013/01/11 23:16:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/11 23:16:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/11 23:16:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/11 23:16:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/11 23:16:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/08 19:57:57 | 000,027,520 | ---- | C] () -- C:\Users\bigred\AppData\Local\dt.dat
[2012/07/26 21:01:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\kkwzdpqb.dll
[2012/07/10 00:06:54 | 000,000,132 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/12 18:14:40 | 000,172,776 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2012/06/12 18:14:40 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2012/03/03 01:06:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/13 18:41:52 | 000,870,128 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\mcs.rma
[2011/12/24 07:16:14 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/09/22 01:53:36 | 000,006,144 | ---- | C] () -- C:\Users\bigred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/07 22:25:15 | 000,000,218 | ---- | C] () -- C:\Users\bigred\.recently-used.xbel
[2011/03/22 18:52:53 | 000,001,854 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\GhostObjGAFix.xml
[2011/02/26 01:48:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/09 15:44:34 | 000,000,132 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/02/08 03:29:55 | 001,189,163 | ---- | C] () -- C:\Users\bigred\fileurns.cache
[2011/02/08 03:29:25 | 000,665,887 | ---- | C] () -- C:\Users\bigred\createtimes.cache
[2011/02/08 03:29:24 | 001,048,693 | ---- | C] () -- C:\Users\bigred\library5.dat
[2011/02/08 03:29:24 | 000,002,826 | ---- | C] () -- C:\Users\bigred\limewire.props
[2011/02/08 03:29:24 | 000,000,312 | ---- | C] () -- C:\Users\bigred\mojito.props
[2011/02/02 12:24:21 | 000,000,084 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/21 19:52:08 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\.minecraft
[2011/05/07 21:42:41 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Aventail
[2012/09/26 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\AVG2013
[2013/03/12 23:44:31 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Azureus
[2013/03/10 02:18:24 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\BabSolution
[2013/02/08 16:22:39 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Babylon
[2012/07/02 20:07:26 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Barnes & Noble
[2013/02/05 15:28:37 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\BeadTool
[2013/01/22 18:21:40 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Blackboard
[2011/05/11 00:54:03 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Cache
[2012/12/27 03:50:14 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\calibre
[2013/03/10 02:18:29 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Delta
[2012/06/03 12:38:38 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\DriverCure
[2013/02/08 16:22:43 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\DSite
[2012/03/30 13:21:28 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\EuroTalk
[2011/02/15 12:58:08 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\FrostWire
[2012/11/20 18:37:15 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\GlarySoft
[2013/02/21 00:15:39 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\go
[2013/02/09 23:53:25 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\GoforFiles
[2011/06/07 22:25:47 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\inkscape
[2011/03/26 02:01:39 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\InterTrust
[2011/04/28 20:07:56 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\MusicNet
[2011/05/08 19:24:30 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\OpenOffice.org
[2013/02/18 18:39:49 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\player
[2012/03/14 19:39:09 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\SoftGrid Client
[2012/06/03 12:38:38 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\SpeedyPC Software
[2013/03/12 23:39:22 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Spotify
[2011/02/09 18:12:32 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/02/08 16:23:48 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Strongvault
[2011/02/15 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\TP
[2012/09/26 14:04:30 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\TuneUp Software
[2011/01/31 19:19:09 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Uniblue
[2011/01/24 16:29:23 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\WildTangent
[2013/01/22 21:28:07 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Windows Live Writer
[2013/02/09 23:38:46 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there once these two programmes have run could you let me know how the computer is behaving

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
SRV - [2013/02/21 02:30:09 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glary...s}&src=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-sea...000c0cb3865fdbb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-sea...000c0cb3865fdbb
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...000c0cb3865fdbb
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{BC364A77-1EA2-BC9C-F6F5-CC73E1D83A10}: "URL" = http://som.startnow....eferrer:source}
IE - HKCU\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glary...s}&src=iesearch
IE - HKCU\..\SearchScopes\{D860F854-D0FA-478B-AD33-C964539D75DB}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0.0
FF - prefs.js..extensions.enabledAddons: [email protected]:0.88.44
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=3&q={searchTerms}&CUI=UN22053654476765049"
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke B Customized Web Search"
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013/02/28 15:41:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/03/10 02:18:45 | 000,000,000 | ---D | M]
[2013/02/28 16:03:43 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}
[2013/02/28 15:43:26 | 000,000,000 | ---D | M] (WhiteSmoke B) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\{f0e59437-6148-4a98-b0a6-60d557ef57f4}
[2012/04/17 14:41:46 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/03/10 02:17:19 | 000,000,000 | ---D | M] ("Savings Addon") -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/02/28 15:43:25 | 000,000,000 | ---D | M] ("Shopping Sidekick Plugin") -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/03/10 02:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/03/10 02:18:48 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/02/28 15:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\chrome
[2013/02/28 15:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\defaults
[2013/02/17 06:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\locale
[2013/02/17 06:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\skin
[2013/03/10 02:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\chrome\content\extensionCode
[2013/02/17 06:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\chrome\content\extensionCode
[2013/03/10 02:16:41 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/02/18 18:28:54 | 000,000,983 | ---- | M] () -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\conduit.xml
[2013/03/10 02:18:55 | 000,001,294 | ---- | M] () -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\delta.xml
[2013/02/20 23:59:34 | 000,002,687 | ---- | M] () -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\Search_Results.xml
[2013/02/28 15:41:36 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/03/10 02:18:12 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/05/30 18:53:12 | 000,001,567 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\glarysearch.xml
[2013/02/20 23:59:34 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {0B4A07CF-45EB-4B10-B6BB-35568A2F89BE} - No CLSID value found.
O2 - BHO: (InfoAtoms) - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll (InfoAtoms Inc.)
O2 - BHO: (Savings Addon) - {11111111-1111-1111-1111-110211141126} - C:\Program Files (x86)\Savings Addon\Savings Addon.dll (215 Apps)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {652853ad-5592-4231-88c6-706613a52e61} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O20 - AppInit_DLLs: (c:\progra~3\browse~2\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
[2013/03/12 23:56:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/03/10 02:19:02 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/03/10 02:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013/03/10 02:18:29 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Delta
[2013/03/10 02:18:21 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\BabSolution
[2013/03/10 02:17:26 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\Updater21426
[2013/03/10 02:17:20 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\Savings Addon
[2013/03/10 02:16:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Savings Addon
[2013/03/10 02:16:36 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[2013/03/10 02:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com
[2013/03/08 17:00:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2013/02/21 00:08:09 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\internethelper
[2013/02/21 00:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Internet Helper Anti-phishing
[2013/02/20 23:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar
[2013/02/20 23:59:21 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\iLivid
[2013/02/18 18:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/02/18 18:28:37 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\Supreme Savings
[2013/03/10 02:18:24 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\BabSolution
[2013/02/08 16:22:39 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Babylon
[2013/03/10 02:18:29 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Delta
[2013/02/08 16:23:48 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Strongvault

:Files
C:\Program Files (x86)\InfoAtoms
C:\Program Files (x86)\Savings Addon
C:\Program Files (x86)\Common Files\Spigot
C:\ProgramData\BrowserProtect
C:\Users\bigred\AppData\Local\Temp\_MEI23402

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#3
bigredyeeha

bigredyeeha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hello, I have tried to run the OTL twice with your script and it keep freezing in the same spot. I am sending you back the section of your script that went through, the last line being where it froze. Thank you, Carla



:OTL
SRV - [2013/02/21 02:30:09 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glary...s}&src=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.delta-sea...000c0cb3865fdbb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-sea...000c0cb3865fdbb
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...000c0cb3865fdbb
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{BC364A77-1EA2-BC9C-F6F5-CC73E1D83A10}: "URL" = http://som.startnow....eferrer:source}
IE - HKCU\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glary...s}&src=iesearch
IE - HKCU\..\SearchScopes\{D860F854-D0FA-478B-AD33-C964539D75DB}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
FF - prefs.js..extensions.enabledAddons: [email protected]:1.5.0.0
FF - prefs.js..extensions.enabledAddons: [email protected]:0.88.44
FF - prefs.js..browser.search.defaulturl: "http://search.condui...53654476765049"
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke B Customized Web Search"
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2013/02/28 15:41:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013/03/10 02:18:45 | 000,000,000 | ---D | M]
[2013/02/28 16:03:43 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}
[2013/02/28 15:43:26 | 000,000,000 | ---D | M] (WhiteSmoke B) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\{f0e59437-6148-4a98-b0a6-60d557ef57f4}
[2012/04/17 14:41:46 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/03/10 02:17:19 | 000,000,000 | ---D | M] ("Savings Addon") -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/02/28 15:43:25 | 000,000,000 | ---D | M] ("Shopping Sidekick Plugin") -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/03/10 02:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/03/10 02:18:48 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/02/28 15:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\chrome
[2013/02/28 15:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\defaults
[2013/02/17 06:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\locale
[2013/02/17 06:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\skin
[2013/03/10 02:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\chrome\content\extensionCode
[2013/02/17 06:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]\chrome\content\extensionCode
[2013/03/10 02:16:41 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\[email protected]
[2013/02/18 18:28:54 | 000,000,983 | ---- | M] () -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\conduit.xml
[2013/03/10 02:18:55 | 000,001,294 | ---- | M] () -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\delta.xml
[2013/02/20 23:59:34 | 000,002,687 | ---- | M] () -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\searchplugins\Search_Results.xml
[2013/02/28 15:41:36 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/03/10 02:18:12 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/05/30 18:53:12 | 000,001,567 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\glarysearch.xml
[2013/02/20 23:59:34 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {0B4A07CF-45EB-4B10-B6BB-35568A2F89BE} - No CLSID value found.
O2 - BHO: (InfoAtoms) - {103089DA-0F31-4A8B-843F-7D24A7FE8345} - C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll (InfoAtoms Inc.)
O2 - BHO: (Savings Addon) - {11111111-1111-1111-1111-110211141126} - C:\Program Files (x86)\Savings Addon\Savings Addon.dll (215 Apps)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {652853ad-5592-4231-88c6-706613a52e61} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O20 - AppInit_DLLs: (c:\progra~3\browse~2\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
[2013/03/12 23:56:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you continue direct to the AdwCleaner programme next, post that log and then run a fresh OTL quick scan
  • 0

#5
bigredyeeha

bigredyeeha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
# AdwCleaner v2.115 - Logfile created 03/17/2013 at 23:50:43
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : bigred - BIGRED-HP
# Boot Mode : Normal
# Running from : C:\Users\bigred\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Application Updater
Found : CltMngSvc

***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\bprotector_extensions.sqlite
File Found : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\bprotector_prefs.js
Folder Found : C:\Program Files (x86)\Application Updater
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\spigot
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Qwiklinx
Folder Found : C:\Program Files (x86)\search results toolbar
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\TornTV.com
Folder Found : C:\Program Files (x86)\Vuze Remote toolbar
Folder Found : C:\Program Files (x86)\Wajam
Folder Found : C:\Program Files (x86)\yourfiledownloader
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\bigred\AppData\Local\Conduit
Folder Found : C:\Users\bigred\AppData\Local\Ilivid
Folder Found : C:\Users\bigred\AppData\Local\PackageAware
Folder Found : C:\Users\bigred\AppData\Local\SwvUpdater
Folder Found : C:\Users\bigred\AppData\Local\Wajam
Folder Found : C:\Users\bigred\AppData\LocalLow\Conduit
Folder Found : C:\Users\bigred\AppData\LocalLow\Search Settings
Folder Found : C:\Users\bigred\AppData\Roaming\Babylon
Folder Found : C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Folder Found : C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Found : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
Folder Found : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\staged
Folder Found : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\Smartbar
Folder Found : C:\Users\bigred\AppData\Roaming\Qwiklinx
Folder Found : C:\Users\bigred\AppData\Roaming\SearchProtect
Folder Found : C:\Users\bigred\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~2\261095~1.52\{c16c1~1\browse~1.dll
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourFileDownloader
Key Found : HKCU\Software\Qwiklinx
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\YourFileDownloader
Key Found : HKCU\Software\5953dfd9bd6aee40
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021426.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021426.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021426.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021426.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Key Found : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\oneclick
Key Found : HKLM\SOFTWARE\Classes\oneclickmg
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO
Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3277370
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\iLividSRTB
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\SOFTWARE\Wow6432Node\5953dfd9bd6aee40
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\Software\YourFileDownloader
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-3343391003-4272309500-464388543-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3277370&octid=CT3277370&SearchSource=61&CUI=UN39806880592912019&UM=2&UP=SPBB134A7C-AC15-4180-9A1A-07EBB6B826BE

-\\ Mozilla Firefox v5.0.1 (en-US)

File : C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\prefs.js

Found : user_pref("CT3279141.1000082.isPlayDisplay", "true");
Found : user_pref("CT3279141.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description[...]
Found : user_pref("CT3279141.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3279141.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3279141.FirstTime", "true");
Found : user_pref("CT3279141.FirstTimeFF3", "true");
Found : user_pref("CT3279141.PG_ENABLE", "dHJ1ZQ==");
Found : user_pref("CT3279141.PG_ENABLE.enc", "dHJ1ZQ==");
Found : user_pref("CT3279141.UserID", "UN22053654476765049");
Found : user_pref("CT3279141.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3279141.cbfirsttime.enc", "U2F0IEZlYiAxNiAyMDEzIDE4OjU3OjMxIEdNVC0wODAwIChQYWNpZmljIFN0[...]
Found : user_pref("CT3279141.embeddedsData", "[{\"appId\":\"130028020976478709\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3279141.enableAlerts", "never");
Found : user_pref("CT3279141.enableFix404ByUser", "TRUE");
Found : user_pref("CT3279141.firstTimeDialogOpened", "true");
Found : user_pref("CT3279141.first_time_search.enc", "MQ==");
Found : user_pref("CT3279141.fixPageNotFoundErrorByUser", "TRUE");
Found : user_pref("CT3279141.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3279141.fixUrls", true);
Found : user_pref("CT3279141.hxxp___api15_starwebnet_com.pid2.enc", "MTU2MjhkYWI0YWMyZWQyMQ==");
Found : user_pref("CT3279141.hxxp___api20_starwebnet_com.pid2.enc", "MTU2MjhkYWI0YWMyZWQyMQ==");
Found : user_pref("CT3279141.installType", "Unknown");
Found : user_pref("CT3279141.isCheckedStartAsHidden", true);
Found : user_pref("CT3279141.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3279141.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3279141.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3279141.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3279141.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3279141.lastVersion", "10.14.65.43");
Found : user_pref("CT3279141.mam_gk_CouponBuddy_appState.enc", "b24=");
Found : user_pref("CT3279141.mam_gk_PriceGong_appState.enc", "b24=");
Found : user_pref("CT3279141.mam_gk_appStateReportTime.enc", "MTM2MTEwMjkzNzEwMw==");
Found : user_pref("CT3279141.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Found : user_pref("CT3279141.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Found : user_pref("CT3279141.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Found : user_pref("CT3279141.mam_gk_currentVersion.enc", "MS40LjAuNA==");
Found : user_pref("CT3279141.mam_gk_first_time.enc", "MQ==");
Found : user_pref("CT3279141.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Found : user_pref("CT3279141.mam_gk_lastLoginTime.enc", "MTM2MTEwMjkzNjg2OA==");
Found : user_pref("CT3279141.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Found : user_pref("CT3279141.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Found : user_pref("CT3279141.mam_gk_settings1.4.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT3279141.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Found : user_pref("CT3279141.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Found : user_pref("CT3279141.mam_gk_userId.enc", "ZjQ5N2IwYTItNGNhMC00OTQyLTg2NzUtYTA5MTA2MDg0ZGU2");
Found : user_pref("CT3279141.mam_gk_user_apps_selection.enc", "");
Found : user_pref("CT3279141.migrateAppsAndComponents", true);
Found : user_pref("CT3279141.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Found : user_pref("CT3279141.price-gong.isManagedApp", "true");
Found : user_pref("CT3279141.revertSettingsEnabled", "false");
Found : user_pref("CT3279141.search.searchAppId", "130028020976478709");
Found : user_pref("CT3279141.search.searchCount", "0");
Found : user_pref("CT3279141.searchInNewTabEnabledByUser", "false");
Found : user_pref("CT3279141.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3279141.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3279141.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3279141.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\[...]
Found : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3279141.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361069819181");
Found : user_pref("CT3279141.serviceLayer_services_appTracking_lastUpdate", "1361102931514");
Found : user_pref("CT3279141.serviceLayer_services_appsMetadata_lastUpdate", "1361069819131");
Found : user_pref("CT3279141.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361069819098");
Found : user_pref("CT3279141.serviceLayer_services_location_lastUpdate", "1361069817765");
Found : user_pref("CT3279141.serviceLayer_services_login_10.14.65.43_lastUpdate", "1361069850112");
Found : user_pref("CT3279141.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361069818951");
Found : user_pref("CT3279141.serviceLayer_services_searchAPI_lastUpdate", "1361069817770");
Found : user_pref("CT3279141.serviceLayer_services_serviceMap_lastUpdate", "1361069817102");
Found : user_pref("CT3279141.serviceLayer_services_setupAPI_lastUpdate", "1361069820008");
Found : user_pref("CT3279141.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361069819072");
Found : user_pref("CT3279141.serviceLayer_services_toolbarSettings_lastUpdate", "1361069817670");
Found : user_pref("CT3279141.serviceLayer_services_translation_lastUpdate", "1361069819135");
Found : user_pref("CT3279141.settingsINI", true);
Found : user_pref("CT3279141.smartbar.CTID", "CT3279141");
Found : user_pref("CT3279141.smartbar.Uninstall", "1");
Found : user_pref("CT3279141.smartbar.toolbarName", "WhiteSmoke B ");
Found : user_pref("CT3279141.toolbarBornServerTime", "17-2-2013");
Found : user_pref("CT3279141.toolbarCurrentServerTime", "17-2-2013");
Found : user_pref("CT3279141.url_history0001.enc", "aHR0cDovL3d3dy5pbmtnYWxzLmNvbS9jYXRlZ29yeS9zdWljaWRlLWdp[...]
Found : user_pref("CT3279141_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("extensions.4f85d7b5ec123.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Found : user_pref("extensions.crossriderapp21802.21802.InstallationTime", 1361069815);
Found : user_pref("extensions.crossriderapp21802.21802.active", true);
Found : user_pref("extensions.crossriderapp21802.21802.addressbar", "");
Found : user_pref("extensions.crossriderapp21802.21802.addressbarenhanced", "");
Found : user_pref("extensions.crossriderapp21802.21802.backgroundjs", "\n\n//\n");
Found : user_pref("extensions.crossriderapp21802.21802.backgroundver", 30);
Found : user_pref("extensions.crossriderapp21802.21802.can_run_bg_code", true);
Found : user_pref("extensions.crossriderapp21802.21802.certdomaininstaller", "");
Found : user_pref("extensions.crossriderapp21802.21802.changeprevious", false);
Found : user_pref("extensions.crossriderapp21802.21802.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie.InstallationTime.value", "1361069815");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_aoi.value", "1361069815");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_arbitrary_code.expiration", "Sun Feb 17 2[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_arbitrary_code.value", "%22%28function%28[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_blocklist.expiration", "Sun Feb 17 2013 0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_cf_bu1.value", "1361109653");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_country_code.expiration", "Sun Feb 24 201[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_country_code.value", "%22US%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_crr.value", "1361109652");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_currenttime.value", "%221361060100%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_hotfix20111102645.value", "%221%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_installtime.value", "%221361060100%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_parent_zoneid.value", "%2214019%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_pc_20120828.value", "1361107735934");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_product_id.value", "%221222%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie._GPL_zoneid.value", "%22144645%22");
Found : user_pref("extensions.crossriderapp21802.21802.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp21802.21802.cookie.dbtest.value", "1361107724010");
Found : user_pref("extensions.crossriderapp21802.21802.description", "Shopping Sidekick");
Found : user_pref("extensions.crossriderapp21802.21802.domain", "");
Found : user_pref("extensions.crossriderapp21802.21802.enablesearch", false);
Found : user_pref("extensions.crossriderapp21802.21802.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp21802.21802.group", 0);
Found : user_pref("extensions.crossriderapp21802.21802.homepage", "");
Found : user_pref("extensions.crossriderapp21802.21802.iframe", false);
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_appVer.value", "44");
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_lastVersion.value", "1");
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_meta.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_nextCheck.expiration", "Sun Feb [...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_nextCheck.value", "true");
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Found : user_pref("extensions.crossriderapp21802.21802.internaldb.Resources_queue.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp21802.21802.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Found : user_pref("extensions.crossriderapp21802.21802.manifesturl", "");
Found : user_pref("extensions.crossriderapp21802.21802.name", "Shopping Sidekick Plugin");
Found : user_pref("extensions.crossriderapp21802.21802.newtab", "");
Found : user_pref("extensions.crossriderapp21802.21802.opensearch", "");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.name", "base");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1.ver", 4);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000014.ver", 15);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.code", "var a=appAPI.db.getLis[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.name", "GPL Background (BG)");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_1000015.ver", 32);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_13.ver", 2);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_14.ver", 2);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_16.ver", 4);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_17.ver", 3);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.name", "debug");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_21.ver", 3);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.name", "resources");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_22.ver", 2);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.name", "initializer");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_28.ver", 2);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.name", "jquery_1_7_1");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_4.ver", 3);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.name", "resources_background");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_47.ver", 1);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.name", "appApiMessage");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_64.ver", 1);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.name", "appApiValidation");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_72.ver", 1);
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.name", "CrossriderInfo");
Found : user_pref("extensions.crossriderapp21802.21802.plugins.plugin_78.ver", 2);
Found : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,2[...]
Found : user_pref("extensions.crossriderapp21802.21802.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Found : user_pref("extensions.crossriderapp21802.21802.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Found : user_pref("extensions.crossriderapp21802.21802.pluginsversion", 41);
Found : user_pref("extensions.crossriderapp21802.21802.publisher", "215 Apps");
Found : user_pref("extensions.crossriderapp21802.21802.searchstatus", 0);
Found : user_pref("extensions.crossriderapp21802.21802.setnewtab", false);
Found : user_pref("extensions.crossriderapp21802.21802.settingsurl", "");
Found : user_pref("extensions.crossriderapp21802.21802.thankyou", "");
Found : user_pref("extensions.crossriderapp21802.21802.updateinterval", 360);
Found : user_pref("extensions.crossriderapp21802.21802.ver", 44);
Found : user_pref("extensions.crossriderapp21802.apps", "21802");
Found : user_pref("extensions.crossriderapp21802.bic", "13ce61534111b990eb8decbb0d6da187");
Found : user_pref("extensions.crossriderapp21802.cid", 21802);
Found : user_pref("extensions.crossriderapp21802.firstrun", false);
Found : user_pref("extensions.crossriderapp21802.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp21802.installationdate", 1361069815);
Found : user_pref("extensions.crossriderapp21802.lastcheck", 22685049);
Found : user_pref("extensions.crossriderapp21802.lastcheckitem", 22685161);
Found : user_pref("extensions.crossriderapp21802.modetype", "production");
Found : user_pref("extensions.crossriderapp21802.reportInstall", true);
Found : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,ezLooker,pagerage,buzzdock,toprelat[...]
Found : user_pref("extentions.y2layers.installId", "93f92950-b128-424b-bcbb-81d99118b9f6");
Found : user_pref("CT3279141.autoDisableScopes", 10);
Found : user_pref("CT3279141.installDate", "18/2/2013 17:28:47");
Found : user_pref("CT3279141.FF19Solved", "true");
Found : user_pref("CT3279141.browser.search.defaultthis.engineName", "true");
Found : user_pref("CT3279141.defaultSearchXPETakeover", "true");
Found : user_pref("smartbar.originalSearchEngine", "Search Results");
Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appi[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&[...]
Found : user_pref("CT3279141.keyword", "true");
Found : user_pref("CT3279141.addressUrlXPETakeover", "true");
Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3279141&octid=CT3279141[...]
Found : user_pref("smartbar.originalHomepage", "www.google.com");

-\\ Google Chrome v25.0.1364.172

File : C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.3923] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=2e109f21000000000000c0cb3865fdbb" ]

*************************

AdwCleaner[R1].txt - [31718 octets] - [17/03/2013 23:50:43]
AdwCleaner[S1].txt - [60980 octets] - [11/12/2012 16:55:10]

########## EOF - C:\AdwCleaner[R1].txt - [31840 octets] ##########
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a fresh OTL scan now please and let me know how the computer is behaving
  • 0

#7
bigredyeeha

bigredyeeha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OTL logfile created on: 3/17/2013 11:49:46 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bigred\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 59.05% Memory free
7.60 Gb Paging File | 5.65 Gb Available in Paging File | 74.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 37.11 Gb Free Space | 8.28% Space Free | Partition Type: NTFS
Drive D: | 17.01 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
Drive F: | 1.84 Gb Total Space | 0.88 Gb Free Space | 47.79% Space Free | Partition Type: FAT

Computer Name: BIGRED-HP | User Name: bigred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/18 00:03:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bigred\Downloads\OTL.exe
PRC - [2013/03/10 17:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/03/07 22:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2013/03/06 05:36:54 | 002,731,296 | ---- | M] (Conduit) -- C:\Users\bigred\AppData\Roaming\SearchProtect\bin\cltmng.exe
PRC - [2013/03/06 05:36:52 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/02/23 20:16:58 | 001,297,728 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2013/02/23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\bigred\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/17 20:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/11/08 13:16:41 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/09/05 08:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/07/06 20:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 10:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 10:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2005/05/29 11:59:56 | 000,249,856 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysWOW64\nhsrvice.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/17 23:38:51 | 001,169,408 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\wx._core_.pyd
MOD - [2013/03/17 23:38:51 | 001,056,256 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\wx._controls_.pyd
MOD - [2013/03/17 23:38:51 | 001,024,616 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\windows._cacheinvalidation.pyd
MOD - [2013/03/17 23:38:51 | 000,807,424 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\wx._windows_.pyd
MOD - [2013/03/17 23:38:51 | 000,792,576 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\wx._gdi_.pyd
MOD - [2013/03/17 23:38:51 | 000,731,136 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\wx._misc_.pyd
MOD - [2013/03/17 23:38:51 | 000,645,120 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\_ssl.pyd
MOD - [2013/03/17 23:38:51 | 000,571,392 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\pysqlite2._sqlite.pyd
MOD - [2013/03/17 23:38:51 | 000,354,304 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\pythoncom26.dll
MOD - [2013/03/17 23:38:51 | 000,311,808 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\_hashlib.pyd
MOD - [2013/03/17 23:38:51 | 000,263,168 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\win32com.shell.shell.pyd
MOD - [2013/03/17 23:38:51 | 000,153,088 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\pyexpat.pyd
MOD - [2013/03/17 23:38:51 | 000,121,856 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\wx._wizard.pyd
MOD - [2013/03/17 23:38:51 | 000,111,104 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\win32file.pyd
MOD - [2013/03/17 23:38:51 | 000,110,592 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\win32security.pyd
MOD - [2013/03/17 23:38:51 | 000,110,592 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\PyWinTypes26.dll
MOD - [2013/03/17 23:38:51 | 000,096,256 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\win32api.pyd
MOD - [2013/03/17 23:38:51 | 000,086,016 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\_elementtree.pyd
MOD - [2013/03/17 23:38:51 | 000,073,728 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\_ctypes.pyd
MOD - [2013/03/17 23:38:51 | 000,070,656 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\wx._html2.pyd
MOD - [2013/03/17 23:38:51 | 000,040,448 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\_socket.pyd
MOD - [2013/03/17 23:38:51 | 000,039,424 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\win32inet.pyd
MOD - [2013/03/17 23:38:51 | 000,036,352 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\win32process.pyd
MOD - [2013/03/17 23:38:51 | 000,023,040 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\win32ts.pyd
MOD - [2013/03/17 23:38:51 | 000,022,528 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\win32pdh.pyd
MOD - [2013/03/17 23:38:51 | 000,017,920 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\win32profile.pyd
MOD - [2013/03/17 23:38:51 | 000,011,776 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\win32crypt.pyd
MOD - [2013/03/17 23:38:50 | 000,585,728 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\unicodedata.pyd
MOD - [2013/03/17 23:38:50 | 000,017,920 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\win32event.pyd
MOD - [2013/03/17 23:38:50 | 000,011,776 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI29962\select.pyd
MOD - [2013/03/10 17:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
MOD - [2013/03/10 17:22:05 | 012,662,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013/03/10 17:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013/03/10 17:21:18 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013/03/10 17:21:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013/03/10 17:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2013/03/07 22:32:40 | 021,014,960 | ---- | M] () -- C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013/03/07 22:32:38 | 000,292,272 | ---- | M] () -- C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013/03/07 22:32:38 | 000,179,632 | ---- | M] () -- C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2013/02/19 17:07:31 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/19 17:07:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/02/19 17:07:19 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/02/19 17:07:16 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll
MOD - [2013/02/19 17:07:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/19 17:07:02 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/02/19 17:06:53 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/02/19 17:06:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/02/19 17:06:43 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/02/19 17:06:28 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/03/11 15:15:28 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2013/03/06 05:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/02/23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/12 11:57:00 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/11/08 13:16:41 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/05 08:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 10:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/05/29 11:59:56 | 000,249,856 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nhsrvice.exe -- (HASP Loader)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/12 08:03:17 | 000,016,712 | ---- | M] (Sysinternals - www.sysinternals.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PROCEXP113.SYS -- (PROCEXP113)
DRV:64bit: - [2012/11/19 12:44:05 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012/11/16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/11/08 13:16:41 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/10/22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/10 09:14:40 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/10/01 02:16:50 | 000,393,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/01 12:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/02 01:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/07/28 22:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/05/31 12:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 07:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2005/06/14 14:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2010/12/01 12:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/09/22 18:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{2329682A-A937-45B6-BEAC-7478F846FA98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{56FA97F6-0390-4321-AA15-0448C1B784F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{FC7D8A10-BD57-4211-BA96-6C35D96EBE76}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{FC974F47-E694-49EB-A6D3-0BBF6E78B730}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {71F3F320-6F03-4742-B74C-81C8040E9EB6}
IE - HKLM\..\SearchScopes\{2329682A-A937-45B6-BEAC-7478F846FA98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{56FA97F6-0390-4321-AA15-0448C1B784F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{FC7D8A10-BD57-4211-BA96-6C35D96EBE76}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{FC974F47-E694-49EB-A6D3-0BBF6E78B730}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...1A-07EBB6B826BE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {1B250067-DB47-42EF-9FC9-5E3320D3236F}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...000c0cb3865fdbb
IE - HKCU\..\SearchScopes\{1B250067-DB47-42EF-9FC9-5E3320D3236F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{2329682A-A937-45B6-BEAC-7478F846FA98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{56FA97F6-0390-4321-AA15-0448C1B784F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{71F3F320-6F03-4742-B74C-81C8040E9EB6}: "URL" = http://search.condui...0592912019&UM=2
IE - HKCU\..\SearchScopes\{BB807376-C05D-4BC0-B7B7-31853703B487}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{F2CE6E4D-57C5-467F-8599-01193454C044}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{FC7D8A10-BD57-4211-BA96-6C35D96EBE76}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{FC974F47-E694-49EB-A6D3-0BBF6E78B730}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledAddons: [email protected]:5.1
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..CT3279141.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=994519&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/29 13:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/17 23:53:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/11 00:28:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/29 13:25:45 | 000,000,000 | ---D | M]

[2013/02/20 23:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Extensions
[2013/03/17 23:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions
[2013/03/18 00:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\staged
[2013/03/17 23:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 05:09:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\BIGRED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV4YIGHU.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\BIGRED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV4YIGHU.DEFAULT\EXTENSIONS\[email protected]
[2011/07/08 00:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/19 16:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 16:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/03/10 02:18:12 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/05/13 18:53:40 | 000,001,204 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2 - BHO: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\bigred\AppData\Roaming\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\bigred\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\bigred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [SearchProtect] C:\Users\bigred\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - Startup: C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{065A34AD-7DA7-4242-ACBD-4ED8237E6360}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB5B1F85-3362-4502-B466-8FA0186AD10E}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~2\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/18 00:14:49 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\HPAppData
[2013/03/18 00:14:33 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Geeks to Go! – Free help from tech experts_files
[2013/03/17 23:59:13 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/03/17 23:57:25 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Qwiklinx
[2013/03/17 23:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qwiklinx
[2013/03/17 23:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/03/17 23:52:15 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\SearchProtect
[2013/03/17 23:51:36 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/17 23:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
[2013/03/17 23:44:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/17 19:25:12 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Decor
[2013/03/17 19:15:01 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Unity of Wicca_files
[2013/03/17 19:08:09 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\(72) Unity of Wicca_files
[2013/03/17 19:05:38 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Vacation
[2013/03/12 23:56:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/03/12 23:56:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/03/12 23:41:44 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Pyracy Pub_files
[2013/03/12 23:29:05 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Ghost Towns and History of the American West_files
[2013/03/12 03:25:57 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\Spotify
[2013/03/12 03:23:24 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Spotify
[2013/03/12 03:23:13 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\{A3905300-C593-4B26-876C-532F48096AA5}
[2013/03/11 00:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/03/11 00:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/03/11 00:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/03/10 02:19:02 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/03/10 02:17:20 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\Savings Addon
[2013/03/10 02:16:36 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[2013/03/10 02:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com
[2013/03/08 18:56:00 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2013/03/08 17:00:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2013/03/08 17:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze Remote Toolbar
[2013/03/07 11:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/02/28 18:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/02/25 23:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/02/21 00:08:09 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\internethelper
[2013/02/21 00:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Internet Helper Anti-phishing
[2013/02/20 23:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar
[2013/02/20 23:59:21 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\iLivid
[2013/02/20 16:50:19 | 000,000,000 | ---D | C] -- C:\Users\bigred\Documents\Adobe Scripts
[2013/02/20 16:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/02/18 18:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuguu SL
[2013/02/18 18:39:49 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\player
[2013/02/18 18:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPlayer
[2013/02/18 18:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/02/18 18:28:37 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\Supreme Savings
[2013/02/18 11:07:45 | 000,000,000 | ---D | C] -- C:\New folder
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\bigred\Desktop\*.tmp files -> C:\Users\bigred\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/18 00:30:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/18 00:14:33 | 000,182,694 | ---- | M] () -- C:\Users\bigred\Desktop\Geeks to Go! – Free help from tech experts.htm
[2013/03/17 23:58:31 | 000,000,258 | RHS- | M] () -- C:\Users\bigred\ntuser.pol
[2013/03/17 23:55:07 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/17 23:55:07 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/17 23:55:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3343391003-4272309500-464388543-1000UA.job
[2013/03/17 23:54:03 | 000,000,009 | ---- | M] () -- C:\END
[2013/03/17 23:51:36 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/17 23:51:36 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/17 23:51:14 | 000,001,103 | ---- | M] () -- C:\Users\bigred\Desktop\Flash Player Pro.lnk
[2013/03/17 23:42:24 | 000,000,012 | ---- | M] () -- C:\Windows\SysWow64\haspaddr.dat
[2013/03/17 23:38:53 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/03/17 23:38:12 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/17 23:37:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/17 23:37:54 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/17 19:15:01 | 003,009,352 | ---- | M] () -- C:\Users\bigred\Desktop\Unity of Wicca.htm
[2013/03/17 19:08:09 | 001,655,027 | ---- | M] () -- C:\Users\bigred\Desktop\(72) Unity of Wicca.htm
[2013/03/12 23:41:44 | 000,104,994 | ---- | M] () -- C:\Users\bigred\Desktop\Pyracy Pub.htm
[2013/03/12 23:32:20 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/12 23:29:05 | 000,003,177 | ---- | M] () -- C:\Users\bigred\Desktop\Ghost Towns and History of the American West.htm
[2013/03/12 23:07:31 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/03/12 04:12:03 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/03/12 03:30:36 | 000,001,811 | ---- | M] () -- C:\Users\bigred\Desktop\Spotify.lnk
[2013/03/12 03:20:58 | 000,684,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/12 03:20:58 | 000,129,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/12 03:20:56 | 000,812,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/11 00:30:29 | 000,002,166 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/03/11 00:30:28 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/03/11 00:29:03 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/10 20:55:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3343391003-4272309500-464388543-1000Core.job
[2013/03/10 02:06:04 | 000,000,084 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013/03/08 18:56:45 | 000,001,318 | ---- | M] () -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013/03/07 11:55:11 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/03/06 16:36:07 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbigred.job
[2013/03/02 16:47:13 | 000,002,279 | ---- | M] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/28 18:06:59 | 000,001,254 | ---- | M] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/20 14:36:07 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/02/20 14:36:07 | 000,001,848 | ---- | M] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/02/19 18:55:49 | 000,806,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/18 18:39:49 | 000,002,603 | ---- | M] () -- C:\Users\Public\Desktop\VPlayer.lnk
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\bigred\Desktop\*.tmp files -> C:\Users\bigred\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/18 00:14:33 | 000,182,694 | ---- | C] () -- C:\Users\bigred\Desktop\Geeks to Go! – Free help from tech experts.htm
[2013/03/17 23:58:31 | 000,000,258 | RHS- | C] () -- C:\Users\bigred\ntuser.pol
[2013/03/17 23:51:14 | 000,001,103 | ---- | C] () -- C:\Users\bigred\Desktop\Flash Player Pro.lnk
[2013/03/17 23:50:31 | 000,000,009 | ---- | C] () -- C:\END
[2013/03/17 19:15:01 | 003,009,352 | ---- | C] () -- C:\Users\bigred\Desktop\Unity of Wicca.htm
[2013/03/17 19:08:06 | 001,655,027 | ---- | C] () -- C:\Users\bigred\Desktop\(72) Unity of Wicca.htm
[2013/03/12 23:41:44 | 000,104,994 | ---- | C] () -- C:\Users\bigred\Desktop\Pyracy Pub.htm
[2013/03/12 23:29:04 | 000,003,177 | ---- | C] () -- C:\Users\bigred\Desktop\Ghost Towns and History of the American West.htm
[2013/03/12 03:50:07 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/03/12 03:25:55 | 000,001,797 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/03/12 03:25:54 | 000,001,811 | ---- | C] () -- C:\Users\bigred\Desktop\Spotify.lnk
[2013/03/11 00:30:29 | 000,002,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/03/11 00:30:28 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/03/11 00:29:03 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/11 00:29:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/05 21:56:02 | 000,001,318 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2013/02/28 18:13:24 | 000,002,279 | ---- | C] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/28 18:13:24 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/20 16:46:52 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2013/02/20 16:46:01 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2013/02/20 16:43:39 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2013/02/20 16:43:08 | 000,001,262 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2013/02/20 16:41:21 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2013/02/20 16:41:09 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2013/02/18 18:39:49 | 000,002,603 | ---- | C] () -- C:\Users\Public\Desktop\VPlayer.lnk
[2013/02/05 13:55:04 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\haspaddr.dat
[2013/02/05 13:54:04 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2013/01/11 23:16:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/11 23:16:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/11 23:16:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/11 23:16:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/11 23:16:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/08 19:57:57 | 000,027,520 | ---- | C] () -- C:\Users\bigred\AppData\Local\dt.dat
[2012/07/26 21:01:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\kkwzdpqb.dll
[2012/07/10 00:06:54 | 000,000,132 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/12 18:14:40 | 000,172,776 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2012/06/12 18:14:40 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2012/03/03 01:06:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/13 18:41:52 | 000,870,128 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\mcs.rma
[2011/12/24 07:16:14 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/09/22 01:53:36 | 000,006,144 | ---- | C] () -- C:\Users\bigred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/07 22:25:15 | 000,000,218 | ---- | C] () -- C:\Users\bigred\.recently-used.xbel
[2011/03/22 18:52:53 | 000,001,854 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\GhostObjGAFix.xml
[2011/02/26 01:48:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/09 15:44:34 | 000,000,132 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/02/08 03:29:55 | 001,189,163 | ---- | C] () -- C:\Users\bigred\fileurns.cache
[2011/02/08 03:29:25 | 000,665,887 | ---- | C] () -- C:\Users\bigred\createtimes.cache
[2011/02/08 03:29:24 | 001,048,693 | ---- | C] () -- C:\Users\bigred\library5.dat
[2011/02/08 03:29:24 | 000,002,826 | ---- | C] () -- C:\Users\bigred\limewire.props
[2011/02/08 03:29:24 | 000,000,312 | ---- | C] () -- C:\Users\bigred\mojito.props
[2011/02/02 12:24:21 | 000,000,084 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\bigred\AppData\Roaming\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKCU..\Run: [SearchProtect] C:\Users\bigred\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O20 - AppInit_DLLs: (c:\progra~3\browse~2\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
[2013/03/17 23:59:13 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/03/17 23:57:25 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Qwiklinx
[2013/03/17 23:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qwiklinx
[2013/03/17 23:52:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/03/17 23:52:15 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\SearchProtect
[2013/02/21 00:08:09 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\internethelper
[2013/02/21 00:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Internet Helper Anti-phishing
[2013/02/20 23:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar
[2013/02/20 23:59:21 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\iLivid

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#9
bigredyeeha

bigredyeeha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Delta Search is still there. Still very slow and the pages freeze or won't open. Pretty much the same as when we started... Did I do something wrong? Carla
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you run the OTL fix ?

If so could you run a fresh OTL scan and let me know which browsers delta search appears in
  • 0

Advertisements


#11
bigredyeeha

bigredyeeha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Here is the log from the fix run:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E7C8B5A-96AB-438F-BF9B-782400655440}\ deleted successfully.
C:\Users\bigred\AppData\Roaming\Qwiklinx\Qwiklinx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect deleted successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect\bin\cltmng.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~2\261095~1.52\{c16c1~1\browse~1.dll deleted successfully.
File move failed. c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll scheduled to be moved on reboot.
C:\AI_RecycleBin\{EF2F9860-97F1-4D33-9509-7989B73052D2}\0 folder moved successfully.
C:\AI_RecycleBin\{EF2F9860-97F1-4D33-9509-7989B73052D2} folder moved successfully.
C:\AI_RecycleBin\{90D3D64D-9AC7-4310-802E-50B1CB9FCFF8}\1 folder moved successfully.
C:\AI_RecycleBin\{90D3D64D-9AC7-4310-802E-50B1CB9FCFF8}\0 folder moved successfully.
C:\AI_RecycleBin\{90D3D64D-9AC7-4310-802E-50B1CB9FCFF8} folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\6\Strongvault Online Backup folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\6 folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\5\Strongvault Online Backup\WebForms\Content\Style folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\5\Strongvault Online Backup\WebForms\Content\Images folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\5\Strongvault Online Backup\WebForms\Content folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\5\Strongvault Online Backup\WebForms folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\5\Strongvault Online Backup\Chrome\style folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\5\Strongvault Online Backup\Chrome\scripts folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\5\Strongvault Online Backup\Chrome\images folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\5\Strongvault Online Backup\Chrome folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\5\Strongvault Online Backup folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\5 folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\4 folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\3\Strongvault Online Backup folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\3 folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\2\Strongvault folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\2 folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\1\Strongvault Online Backup\Tools folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\1\Strongvault Online Backup folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\1 folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\0\Services folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16}\0 folder moved successfully.
C:\AI_RecycleBin\{6086DEF8-5DB0-4835-A391-48770A38FA16} folder moved successfully.
C:\AI_RecycleBin folder moved successfully.
C:\Users\bigred\AppData\Roaming\Qwiklinx\TestFeeds folder moved successfully.
C:\Users\bigred\AppData\Roaming\Qwiklinx folder moved successfully.
C:\Program Files (x86)\Qwiklinx folder moved successfully.
C:\Program Files (x86)\SearchProtect\ffprotect folder moved successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images folder moved successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spsd folder moved successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images folder moved successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\spbd folder moved successfully.
C:\Program Files (x86)\SearchProtect\Dialogs\lib folder moved successfully.
C:\Program Files (x86)\SearchProtect\Dialogs folder moved successfully.
C:\Program Files (x86)\SearchProtect\bin folder moved successfully.
C:\Program Files (x86)\SearchProtect folder moved successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository folder moved successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images folder moved successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd folder moved successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images folder moved successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd folder moved successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib folder moved successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect\ffprotect\Dialogs folder moved successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect\ffprotect folder moved successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect\Dialogs\spsd\images folder moved successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect\Dialogs\spsd folder moved successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect\Dialogs\spbd\images folder moved successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect\Dialogs\spbd folder moved successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect\Dialogs\lib folder moved successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect\Dialogs folder moved successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect\bin folder moved successfully.
C:\Users\bigred\AppData\Roaming\SearchProtect folder moved successfully.
C:\Users\bigred\AppData\Local\internethelper\data folder moved successfully.
C:\Users\bigred\AppData\Local\internethelper folder moved successfully.
C:\ProgramData\Internet Helper Anti-phishing folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\searchbar folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\options folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib\debugbar folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\skin folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\weather folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data\search folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\data folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\net.vmn.www.RadioBeta folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.
Folder move failed. C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets scheduled to be moved on reboot.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1 folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin\images folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin\css folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config\skin folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\ChromeExtension\config folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr\ChromeExtension folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar folder moved successfully.
C:\Users\bigred\AppData\Local\iLivid\iLivid folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: bigred
->Temp folder emptied: 176334405 bytes
->Temporary Internet Files folder emptied: 3686534 bytes
->Java cache emptied: 20226885 bytes
->FireFox cache emptied: 80368460 bytes
->Google Chrome cache emptied: 163618641 bytes
->Flash cache emptied: 1163239 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-BIGRED-HP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 56475 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 244876 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67697 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 666 bytes
RecycleBin emptied: 14146065104 bytes

Total Files Cleaned = 13,916.00 mb

System Restore Service not available.

OTL by OldTimer - Version 3.2.69.0 log created on 03202013_085358

Files\Folders moved on Reboot...
c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll moved successfully.
File\Folder C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\chrome\content\widgets not found!
C:\Users\bigred\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



Here is the new OTL log:
OTL logfile created on: 3/20/2013 8:52:26 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bigred\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 58.04% Memory free
7.60 Gb Paging File | 5.64 Gb Available in Paging File | 74.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 56.47 Gb Free Space | 12.59% Space Free | Partition Type: NTFS
Drive D: | 17.01 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
Drive F: | 1.84 Gb Total Space | 0.88 Gb Free Space | 47.79% Space Free | Partition Type: FAT
Drive G: | 7.45 Gb Total Space | 5.20 Gb Free Space | 69.82% Space Free | Partition Type: FAT32

Computer Name: BIGRED-HP | User Name: bigred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/18 00:03:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bigred\Desktop\OTL.exe
PRC - [2013/03/10 17:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/03/07 16:31:48 | 019,357,112 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/02/23 20:16:58 | 001,297,728 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2013/02/23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2013/02/09 23:53:21 | 000,200,336 | ---- | M] (http://www.goforfiles.com/) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
PRC - [2013/02/09 23:38:46 | 000,245,168 | ---- | M] (http://yourfiledownloader.com) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\bigred\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/11/08 13:16:41 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/09/05 08:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2012/08/21 20:50:26 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\bigred\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/07/06 20:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 10:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 10:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2005/05/29 11:59:56 | 000,249,856 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysWOW64\nhsrvice.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/20 08:39:41 | 000,128,512 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\_elementtree.pyd
MOD - [2013/03/20 08:39:41 | 000,044,032 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\_socket.pyd
MOD - [2013/03/20 08:39:40 | 000,098,816 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\win32api.pyd
MOD - [2013/03/20 08:39:39 | 000,022,528 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\win32ts.pyd
MOD - [2013/03/20 08:39:38 | 000,557,056 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\pysqlite2._sqlite.pyd
MOD - [2013/03/20 08:39:38 | 000,320,512 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\win32com.shell.shell.pyd
MOD - [2013/03/20 08:39:37 | 000,805,888 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\wx._gdi_.pyd
MOD - [2013/03/20 08:39:37 | 000,070,656 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\wx._html2.pyd
MOD - [2013/03/20 08:39:37 | 000,011,264 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\win32crypt.pyd
MOD - [2013/03/20 08:39:35 | 001,022,416 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\windows._cacheinvalidation.pyd
MOD - [2013/03/20 08:39:35 | 000,364,544 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\pythoncom27.dll
MOD - [2013/03/20 08:39:35 | 000,087,040 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\_ctypes.pyd
MOD - [2013/03/20 08:39:35 | 000,017,408 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\win32profile.pyd
MOD - [2013/03/20 08:39:34 | 001,175,040 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\wx._core_.pyd
MOD - [2013/03/20 08:39:34 | 001,153,024 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\_ssl.pyd
MOD - [2013/03/20 08:39:34 | 000,735,232 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\wx._misc_.pyd
MOD - [2013/03/20 08:39:34 | 000,110,080 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\PyWinTypes27.dll
MOD - [2013/03/20 08:39:34 | 000,108,544 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\win32security.pyd
MOD - [2013/03/20 08:39:33 | 000,025,600 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\win32pdh.pyd
MOD - [2013/03/20 08:39:32 | 000,811,008 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\wx._windows_.pyd
MOD - [2013/03/20 08:39:32 | 000,711,680 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\_hashlib.pyd
MOD - [2013/03/20 08:39:32 | 000,035,840 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\win32process.pyd
MOD - [2013/03/20 08:39:31 | 000,122,368 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\wx._wizard.pyd
MOD - [2013/03/20 08:39:30 | 000,119,808 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\win32file.pyd
MOD - [2013/03/20 08:39:29 | 000,038,912 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\win32inet.pyd
MOD - [2013/03/20 08:39:27 | 001,062,400 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\wx._controls_.pyd
MOD - [2013/03/20 08:39:26 | 000,686,080 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\unicodedata.pyd
MOD - [2013/03/20 08:39:26 | 000,127,488 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\pyexpat.pyd
MOD - [2013/03/20 08:39:26 | 000,018,432 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\win32event.pyd
MOD - [2013/03/20 08:39:26 | 000,010,240 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI45042\select.pyd
MOD - [2013/03/10 17:22:06 | 000,459,728 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppgooglenaclpluginchrome.dll
MOD - [2013/03/10 17:22:05 | 012,662,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
MOD - [2013/03/10 17:22:04 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
MOD - [2013/03/10 17:21:18 | 000,596,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libglesv2.dll
MOD - [2013/03/10 17:21:18 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\libegl.dll
MOD - [2013/03/10 17:21:16 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll
MOD - [2013/02/19 17:07:31 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/19 17:07:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/02/19 17:07:19 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/02/19 17:07:16 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll
MOD - [2013/02/19 17:07:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/19 17:07:02 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/02/19 17:06:53 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/02/19 17:06:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/02/19 17:06:43 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/02/19 17:06:28 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/03/11 15:15:28 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2013/02/23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/12 11:57:00 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/11/08 13:16:41 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/05 08:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 10:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/05/29 11:59:56 | 000,249,856 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nhsrvice.exe -- (HASP Loader)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/12 08:03:17 | 000,016,712 | ---- | M] (Sysinternals - www.sysinternals.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PROCEXP113.SYS -- (PROCEXP113)
DRV:64bit: - [2012/11/19 12:44:05 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012/11/16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/11/08 13:16:41 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/10/22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/10 09:14:40 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/10/01 02:16:50 | 000,393,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/01 12:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/02 01:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/07/28 22:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/05/31 12:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 07:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2005/06/14 14:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2010/12/01 12:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/09/22 18:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{2329682A-A937-45B6-BEAC-7478F846FA98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{56FA97F6-0390-4321-AA15-0448C1B784F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{FC7D8A10-BD57-4211-BA96-6C35D96EBE76}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{FC974F47-E694-49EB-A6D3-0BBF6E78B730}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {71F3F320-6F03-4742-B74C-81C8040E9EB6}
IE - HKLM\..\SearchScopes\{2329682A-A937-45B6-BEAC-7478F846FA98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{56FA97F6-0390-4321-AA15-0448C1B784F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{FC7D8A10-BD57-4211-BA96-6C35D96EBE76}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{FC974F47-E694-49EB-A6D3-0BBF6E78B730}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...1A-07EBB6B826BE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {1B250067-DB47-42EF-9FC9-5E3320D3236F}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...000c0cb3865fdbb
IE - HKCU\..\SearchScopes\{1B250067-DB47-42EF-9FC9-5E3320D3236F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{2329682A-A937-45B6-BEAC-7478F846FA98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{56FA97F6-0390-4321-AA15-0448C1B784F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{71F3F320-6F03-4742-B74C-81C8040E9EB6}: "URL" = http://search.condui...0592912019&UM=2
IE - HKCU\..\SearchScopes\{BB807376-C05D-4BC0-B7B7-31853703B487}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{F2CE6E4D-57C5-467F-8599-01193454C044}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{FC7D8A10-BD57-4211-BA96-6C35D96EBE76}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{FC974F47-E694-49EB-A6D3-0BBF6E78B730}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledAddons: [email protected]:5.1
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..CT3279141.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=994519&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/29 13:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/17 23:53:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/11 00:28:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/29 13:25:45 | 000,000,000 | ---D | M]

[2013/02/20 23:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Extensions
[2013/03/17 23:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions
[2013/03/18 00:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\staged
[2013/03/17 23:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 05:09:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\BIGRED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV4YIGHU.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\BIGRED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV4YIGHU.DEFAULT\EXTENSIONS\[email protected]
[2011/07/08 00:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/19 16:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 16:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/03/10 02:18:12 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/20 08:56:12 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\bigred\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\bigred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{065A34AD-7DA7-4242-ACBD-4ED8237E6360}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB5B1F85-3362-4502-B466-8FA0186AD10E}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/20 08:56:14 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Pirates of the Caribbean, Pirate Ships, Blackbeards Queen Annes Revenge_files
[2013/03/18 00:14:49 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\HPAppData
[2013/03/18 00:14:33 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Geeks to Go! – Free help from tech experts_files
[2013/03/18 00:03:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bigred\Desktop\OTL.exe
[2013/03/17 23:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
[2013/03/17 23:44:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/17 19:25:12 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Decor
[2013/03/17 19:15:01 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Unity of Wicca_files
[2013/03/17 19:08:09 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\(72) Unity of Wicca_files
[2013/03/17 19:05:38 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Vacation
[2013/03/12 23:56:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/03/12 23:56:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/03/12 23:41:44 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Pyracy Pub_files
[2013/03/12 23:29:05 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Ghost Towns and History of the American West_files
[2013/03/12 03:25:57 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\Spotify
[2013/03/12 03:23:24 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Spotify
[2013/03/12 03:23:13 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\{A3905300-C593-4B26-876C-532F48096AA5}
[2013/03/11 00:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/03/11 00:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/03/11 00:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/03/10 02:19:02 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/03/10 02:17:20 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\Savings Addon
[2013/03/10 02:16:36 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[2013/03/10 02:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com
[2013/03/08 18:56:00 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2013/03/08 17:00:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2013/03/08 17:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze Remote Toolbar
[2013/03/07 11:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/02/28 18:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/02/25 23:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/02/20 23:59:21 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\iLivid
[2013/02/20 16:50:19 | 000,000,000 | ---D | C] -- C:\Users\bigred\Documents\Adobe Scripts
[2013/02/20 16:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/02/18 18:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuguu SL
[2013/02/18 18:39:49 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\player
[2013/02/18 18:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPlayer
[2013/02/18 18:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/02/18 18:28:37 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\Supreme Savings
[2013/02/18 11:07:45 | 000,000,000 | ---D | C] -- C:\New folder
[1 C:\Users\bigred\Desktop\*.tmp files -> C:\Users\bigred\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/20 09:30:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/20 09:22:02 | 000,074,368 | ---- | M] () -- C:\Users\bigred\Desktop\575235_10151597043191461_856798105_n.jpg
[2013/03/20 08:57:56 | 000,119,525 | ---- | M] () -- C:\Users\bigred\Desktop\Loaded Potato and Buffalo Chicken Casserole.jpg
[2013/03/20 08:56:14 | 000,115,436 | ---- | M] () -- C:\Users\bigred\Desktop\Pirates of the Caribbean, Pirate Ships, Blackbeards Queen Annes Revenge.htm
[2013/03/20 08:56:12 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/03/20 08:55:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3343391003-4272309500-464388543-1000UA.job
[2013/03/20 08:48:32 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 08:48:31 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 08:46:48 | 000,009,656 | ---- | M] () -- C:\Users\bigred\Desktop\RI PVC Wine Rack 1.jpg
[2013/03/20 08:39:32 | 000,123,510 | ---- | M] () -- C:\Users\bigred\Desktop\Courtney and Teddy 3-21-13.jpg
[2013/03/20 08:36:38 | 000,000,012 | ---- | M] () -- C:\Windows\SysWow64\haspaddr.dat
[2013/03/20 08:34:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/20 08:34:42 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/03/20 08:34:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/20 08:34:20 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/20 08:33:54 | 000,456,488 | ---- | M] () -- C:\Users\bigred\Desktop\Hayley and Belle all strapped in... 3-20-13.jpg
[2013/03/18 00:14:33 | 000,182,694 | ---- | M] () -- C:\Users\bigred\Desktop\Geeks to Go! – Free help from tech experts.htm
[2013/03/18 00:03:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bigred\Desktop\OTL.exe
[2013/03/17 23:58:31 | 000,000,258 | RHS- | M] () -- C:\Users\bigred\ntuser.pol
[2013/03/17 23:54:03 | 000,000,009 | ---- | M] () -- C:\END
[2013/03/17 23:51:14 | 000,001,103 | ---- | M] () -- C:\Users\bigred\Desktop\Flash Player Pro.lnk
[2013/03/17 19:15:01 | 003,009,352 | ---- | M] () -- C:\Users\bigred\Desktop\Unity of Wicca.htm
[2013/03/17 19:08:09 | 001,655,027 | ---- | M] () -- C:\Users\bigred\Desktop\(72) Unity of Wicca.htm
[2013/03/12 23:41:44 | 000,104,994 | ---- | M] () -- C:\Users\bigred\Desktop\Pyracy Pub.htm
[2013/03/12 23:32:20 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/12 23:29:05 | 000,003,177 | ---- | M] () -- C:\Users\bigred\Desktop\Ghost Towns and History of the American West.htm
[2013/03/12 23:07:31 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/03/12 04:12:03 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/03/12 03:30:36 | 000,001,811 | ---- | M] () -- C:\Users\bigred\Desktop\Spotify.lnk
[2013/03/12 03:20:58 | 000,684,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/12 03:20:58 | 000,129,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/12 03:20:56 | 000,812,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/11 00:30:29 | 000,002,166 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/03/11 00:30:28 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/03/11 00:29:03 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/10 20:55:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3343391003-4272309500-464388543-1000Core.job
[2013/03/10 02:06:04 | 000,000,084 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013/03/07 11:55:11 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/03/06 16:36:07 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbigred.job
[2013/03/02 16:47:13 | 000,002,279 | ---- | M] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/28 18:06:59 | 000,001,254 | ---- | M] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/20 14:36:07 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/02/20 14:36:07 | 000,001,848 | ---- | M] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/02/19 18:55:49 | 000,806,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/18 18:39:49 | 000,002,603 | ---- | M] () -- C:\Users\Public\Desktop\VPlayer.lnk
[1 C:\Users\bigred\Desktop\*.tmp files -> C:\Users\bigred\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/20 09:22:01 | 000,074,368 | ---- | C] () -- C:\Users\bigred\Desktop\575235_10151597043191461_856798105_n.jpg
[2013/03/20 08:57:55 | 000,119,525 | ---- | C] () -- C:\Users\bigred\Desktop\Loaded Potato and Buffalo Chicken Casserole.jpg
[2013/03/20 08:56:13 | 000,115,436 | ---- | C] () -- C:\Users\bigred\Desktop\Pirates of the Caribbean, Pirate Ships, Blackbeards Queen Annes Revenge.htm
[2013/03/20 08:45:23 | 000,009,656 | ---- | C] () -- C:\Users\bigred\Desktop\RI PVC Wine Rack 1.jpg
[2013/03/20 08:39:32 | 000,123,510 | ---- | C] () -- C:\Users\bigred\Desktop\Courtney and Teddy 3-21-13.jpg
[2013/03/20 08:33:54 | 000,456,488 | ---- | C] () -- C:\Users\bigred\Desktop\Hayley and Belle all strapped in... 3-20-13.jpg
[2013/03/18 00:14:33 | 000,182,694 | ---- | C] () -- C:\Users\bigred\Desktop\Geeks to Go! – Free help from tech experts.htm
[2013/03/17 23:58:31 | 000,000,258 | RHS- | C] () -- C:\Users\bigred\ntuser.pol
[2013/03/17 23:51:14 | 000,001,103 | ---- | C] () -- C:\Users\bigred\Desktop\Flash Player Pro.lnk
[2013/03/17 23:50:31 | 000,000,009 | ---- | C] () -- C:\END
[2013/03/17 19:15:01 | 003,009,352 | ---- | C] () -- C:\Users\bigred\Desktop\Unity of Wicca.htm
[2013/03/17 19:08:06 | 001,655,027 | ---- | C] () -- C:\Users\bigred\Desktop\(72) Unity of Wicca.htm
[2013/03/12 23:41:44 | 000,104,994 | ---- | C] () -- C:\Users\bigred\Desktop\Pyracy Pub.htm
[2013/03/12 23:29:04 | 000,003,177 | ---- | C] () -- C:\Users\bigred\Desktop\Ghost Towns and History of the American West.htm
[2013/03/12 03:50:07 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/03/12 03:25:55 | 000,001,797 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/03/12 03:25:54 | 000,001,811 | ---- | C] () -- C:\Users\bigred\Desktop\Spotify.lnk
[2013/03/11 00:30:29 | 000,002,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/03/11 00:30:28 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/03/11 00:29:03 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/11 00:29:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/02/28 18:13:24 | 000,002,279 | ---- | C] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/28 18:13:24 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/20 16:46:52 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2013/02/20 16:46:01 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2013/02/20 16:43:39 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2013/02/20 16:43:08 | 000,001,262 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2013/02/20 16:41:21 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2013/02/20 16:41:09 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2013/02/18 18:39:49 | 000,002,603 | ---- | C] () -- C:\Users\Public\Desktop\VPlayer.lnk
[2013/02/05 13:55:04 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\haspaddr.dat
[2013/02/05 13:54:04 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2013/01/11 23:16:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/11 23:16:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/11 23:16:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/11 23:16:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/11 23:16:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/08 19:57:57 | 000,027,520 | ---- | C] () -- C:\Users\bigred\AppData\Local\dt.dat
[2012/07/26 21:01:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\kkwzdpqb.dll
[2012/07/10 00:06:54 | 000,000,132 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/12 18:14:40 | 000,172,776 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2012/06/12 18:14:40 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2012/03/03 01:06:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/13 18:41:52 | 000,870,128 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\mcs.rma
[2011/12/24 07:16:14 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/09/22 01:53:36 | 000,006,144 | ---- | C] () -- C:\Users\bigred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/07 22:25:15 | 000,000,218 | ---- | C] () -- C:\Users\bigred\.recently-used.xbel
[2011/03/22 18:52:53 | 000,001,854 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\GhostObjGAFix.xml
[2011/02/26 01:48:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/09 15:44:34 | 000,000,132 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/02/08 03:29:55 | 001,189,163 | ---- | C] () -- C:\Users\bigred\fileurns.cache
[2011/02/08 03:29:25 | 000,665,887 | ---- | C] () -- C:\Users\bigred\createtimes.cache
[2011/02/08 03:29:24 | 001,048,693 | ---- | C] () -- C:\Users\bigred\library5.dat
[2011/02/08 03:29:24 | 000,002,826 | ---- | C] () -- C:\Users\bigred\limewire.props
[2011/02/08 03:29:24 | 000,000,312 | ---- | C] () -- C:\Users\bigred\mojito.props
[2011/02/02 12:24:21 | 000,000,084 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/21 19:52:08 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\.minecraft
[2011/05/07 21:42:41 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Aventail
[2012/09/26 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\AVG2013
[2013/03/20 09:18:40 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Azureus
[2013/02/08 16:22:39 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Babylon
[2012/07/02 20:07:26 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Barnes & Noble
[2013/02/05 15:28:37 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\BeadTool
[2013/01/22 18:21:40 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Blackboard
[2011/05/11 00:54:03 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Cache
[2012/12/27 03:50:14 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\calibre
[2012/06/03 12:38:38 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\DriverCure
[2013/02/08 16:22:43 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\DSite
[2012/03/30 13:21:28 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\EuroTalk
[2011/02/15 12:58:08 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\FrostWire
[2012/11/20 18:37:15 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\GlarySoft
[2013/02/21 00:15:39 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\go
[2013/02/09 23:53:25 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\GoforFiles
[2011/06/07 22:25:47 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\inkscape
[2011/03/26 02:01:39 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\InterTrust
[2011/04/28 20:07:56 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\MusicNet
[2011/05/08 19:24:30 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\OpenOffice.org
[2013/02/18 18:39:49 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\player
[2012/03/14 19:39:09 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\SoftGrid Client
[2012/06/03 12:38:38 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\SpeedyPC Software
[2013/03/12 23:39:22 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Spotify
[2011/02/09 18:12:32 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/03/18 00:13:08 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Strongvault
[2011/02/15 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\TP
[2012/09/26 14:04:30 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\TuneUp Software
[2011/01/31 19:19:09 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Uniblue
[2011/01/24 16:29:23 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\WildTangent
[2013/01/22 21:28:07 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Windows Live Writer
[2013/02/09 23:38:46 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

Delta search shows on Chrome, Search conduit shows on Internet Explorer.
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you install these two programmes ?
GoforFiles
YourFileDownloader


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
SRV - [2013/02/23 17:54:28 | 000,805,752 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...1A-07EBB6B826BE
IE - HKCU\..\SearchScopes\{71F3F320-6F03-4742-B74C-81C8040E9EB6}: "URL" = http://search.condui...0592912019&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
FF - prefs.js..extensions.enabledAddons: [email protected]:5.1[2013/03/10 02:18:12 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
[2013/02/20 23:59:21 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\iLivid
[2013/02/18 18:29:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/02/18 18:28:37 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\Supreme Savings
[2013/02/08 16:22:39 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Babylon

:Files
C:\Program Files (x86)\Common Files
C:\Program Files (x86)\Application Updater

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#13
bigredyeeha

bigredyeeha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Hello, no I did not install the two programs.

Here is the script for the OTL:

OTL logfile created on: 3/20/2013 8:49:38 AM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bigred\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 61.35% Memory free
7.60 Gb Paging File | 5.91 Gb Available in Paging File | 77.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 49.96 Gb Free Space | 11.14% Space Free | Partition Type: NTFS
Drive D: | 17.01 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS

Computer Name: BIGRED-HP | User Name: bigred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/18 00:03:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bigred\Desktop\OTL.exe
PRC - [2013/03/10 17:22:07 | 001,274,320 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/03/07 16:31:48 | 019,357,112 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/02/09 23:53:21 | 000,200,336 | ---- | M] (http://www.goforfiles.com/) -- C:\Program Files (x86)\GoforFiles\GFFUpdater.exe
PRC - [2013/02/09 23:38:46 | 000,245,168 | ---- | M] (http://yourfiledownloader.com) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\bigred\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/11 04:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/11/08 13:16:41 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/09/05 08:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
PRC - [2012/08/21 20:50:26 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\bigred\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/07/06 20:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 10:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 10:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2005/05/29 11:59:56 | 000,249,856 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysWOW64\nhsrvice.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/20 08:45:27 | 000,128,512 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\_elementtree.pyd
MOD - [2013/03/20 08:45:26 | 000,098,816 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\win32api.pyd
MOD - [2013/03/20 08:45:26 | 000,044,032 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\_socket.pyd
MOD - [2013/03/20 08:45:20 | 000,557,056 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\pysqlite2._sqlite.pyd
MOD - [2013/03/20 08:45:20 | 000,320,512 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\win32com.shell.shell.pyd
MOD - [2013/03/20 08:45:19 | 000,070,656 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\wx._html2.pyd
MOD - [2013/03/20 08:45:17 | 000,805,888 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\wx._gdi_.pyd
MOD - [2013/03/20 08:45:12 | 000,087,040 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\_ctypes.pyd
MOD - [2013/03/20 08:45:11 | 000,364,544 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\pythoncom27.dll
MOD - [2013/03/20 08:45:10 | 000,735,232 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\wx._misc_.pyd
MOD - [2013/03/20 08:45:07 | 000,110,080 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\PyWinTypes27.dll
MOD - [2013/03/20 08:45:00 | 001,175,040 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\wx._core_.pyd
MOD - [2013/03/20 08:45:00 | 000,108,544 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\win32security.pyd
MOD - [2013/03/20 08:44:59 | 001,153,024 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\_ssl.pyd
MOD - [2013/03/20 08:44:52 | 000,711,680 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\_hashlib.pyd
MOD - [2013/03/20 08:44:50 | 000,811,008 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\wx._windows_.pyd
MOD - [2013/03/20 08:44:46 | 000,122,368 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\wx._wizard.pyd
MOD - [2013/03/20 08:44:43 | 000,119,808 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\win32file.pyd
MOD - [2013/03/20 08:44:39 | 000,038,912 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\win32inet.pyd
MOD - [2013/03/20 08:44:35 | 001,062,400 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\wx._controls_.pyd
MOD - [2013/03/20 08:44:34 | 000,127,488 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\pyexpat.pyd
MOD - [2013/03/20 08:44:34 | 000,018,432 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\win32event.pyd
MOD - [2013/03/20 08:44:33 | 000,686,080 | ---- | M] () -- C:\Users\bigred\AppData\Local\Temp\_MEI51042\unicodedata.pyd
MOD - [2013/02/19 17:07:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/02/19 17:07:19 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/02/19 17:07:16 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ee98383179eca974083a41a8ca0c213\IAStorUtil.ni.dll
MOD - [2013/02/19 17:07:11 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/19 17:07:02 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/02/19 17:06:53 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/02/19 17:06:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/02/19 17:06:43 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/02/19 17:06:28 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/03/11 15:15:28 | 000,535,807 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/16 00:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/12 11:57:00 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/11/08 13:16:41 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/22 14:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/05 08:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 10:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 12:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/05/29 11:59:56 | 000,249,856 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nhsrvice.exe -- (HASP Loader)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/12 08:03:17 | 000,016,712 | ---- | M] (Sysinternals - www.sysinternals.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PROCEXP113.SYS -- (PROCEXP113)
DRV:64bit: - [2012/11/19 12:44:05 | 000,030,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro36.sys -- (hitmanpro36)
DRV:64bit: - [2012/11/16 00:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/11/08 13:16:41 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/10/22 14:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 04:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/10 09:14:40 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2011/10/01 02:16:50 | 000,393,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/16 15:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/01 12:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/02 01:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/07/28 22:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/05/31 12:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/03 07:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/19 19:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2005/06/14 14:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV - [2010/12/01 12:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/09/22 18:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/15 17:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{2329682A-A937-45B6-BEAC-7478F846FA98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{56FA97F6-0390-4321-AA15-0448C1B784F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{FC7D8A10-BD57-4211-BA96-6C35D96EBE76}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{FC974F47-E694-49EB-A6D3-0BBF6E78B730}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {71F3F320-6F03-4742-B74C-81C8040E9EB6}
IE - HKLM\..\SearchScopes\{2329682A-A937-45B6-BEAC-7478F846FA98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{56FA97F6-0390-4321-AA15-0448C1B784F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{FC7D8A10-BD57-4211-BA96-6C35D96EBE76}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{FC974F47-E694-49EB-A6D3-0BBF6E78B730}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {1B250067-DB47-42EF-9FC9-5E3320D3236F}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...000c0cb3865fdbb
IE - HKCU\..\SearchScopes\{1B250067-DB47-42EF-9FC9-5E3320D3236F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{2329682A-A937-45B6-BEAC-7478F846FA98}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{25D8ABA0-5F45-D212-4914-794A69246E1D}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKCU\..\SearchScopes\{56FA97F6-0390-4321-AA15-0448C1B784F3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{BB807376-C05D-4BC0-B7B7-31853703B487}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{F2CE6E4D-57C5-467F-8599-01193454C044}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{FC7D8A10-BD57-4211-BA96-6C35D96EBE76}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{FC974F47-E694-49EB-A6D3-0BBF6E78B730}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledAddons: [email protected]:5.1
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..CT3279141.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=994519&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=994519"


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/29 13:25:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/17 23:53:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/11 00:28:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/29 13:25:45 | 000,000,000 | ---D | M]

[2013/02/20 23:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Extensions
[2013/03/17 23:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions
[2013/03/18 00:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigred\AppData\Roaming\Mozilla\Firefox\Profiles\kv4yighu.default\extensions\staged
[2013/03/17 23:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/08 05:09:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\BIGRED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV4YIGHU.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\BIGRED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KV4YIGHU.DEFAULT\EXTENSIONS\[email protected]
[2011/07/08 00:16:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/19 16:18:49 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/10/19 16:18:57 | 000,248,192 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/03/10 02:18:12 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\bigred\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\bigred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/20 08:59:17 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files (x86)\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\bigred\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\bigred\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files (x86)\MasterCook 9\Web\MCIEContext.hta ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{065A34AD-7DA7-4242-ACBD-4ED8237E6360}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB5B1F85-3362-4502-B466-8FA0186AD10E}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/20 08:56:14 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Pirates of the Caribbean, Pirate Ships, Blackbeards Queen Annes Revenge_files
[2013/03/18 00:14:49 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\HPAppData
[2013/03/18 00:14:33 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Geeks to Go! – Free help from tech experts_files
[2013/03/18 00:03:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bigred\Desktop\OTL.exe
[2013/03/17 23:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
[2013/03/17 23:44:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/17 19:25:12 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Decor
[2013/03/17 19:15:01 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Unity of Wicca_files
[2013/03/17 19:08:09 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\(72) Unity of Wicca_files
[2013/03/17 19:05:38 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Vacation
[2013/03/12 23:56:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/03/12 23:56:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/03/12 23:41:44 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Pyracy Pub_files
[2013/03/12 23:29:05 | 000,000,000 | ---D | C] -- C:\Users\bigred\Desktop\Ghost Towns and History of the American West_files
[2013/03/12 03:25:57 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\Spotify
[2013/03/12 03:23:24 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Spotify
[2013/03/12 03:23:13 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\{A3905300-C593-4B26-876C-532F48096AA5}
[2013/03/11 00:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/03/11 00:30:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/03/11 00:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/03/10 02:19:02 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013/03/10 02:17:20 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Local\Savings Addon
[2013/03/10 02:16:36 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[2013/03/10 02:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com
[2013/03/08 18:56:00 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2013/03/08 17:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze Remote Toolbar
[2013/03/07 11:55:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/02/28 18:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/02/25 23:13:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/02/20 16:50:19 | 000,000,000 | ---D | C] -- C:\Users\bigred\Documents\Adobe Scripts
[2013/02/20 16:46:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/02/18 18:39:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuguu SL
[2013/02/18 18:39:49 | 000,000,000 | ---D | C] -- C:\Users\bigred\AppData\Roaming\player
[2013/02/18 18:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlashPlayer
[2013/02/18 11:07:45 | 000,000,000 | ---D | C] -- C:\New folder
[1 C:\Users\bigred\Desktop\*.tmp files -> C:\Users\bigred\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/20 09:30:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/20 09:22:02 | 000,074,368 | ---- | M] () -- C:\Users\bigred\Desktop\575235_10151597043191461_856798105_n.jpg
[2013/03/20 08:59:17 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/03/20 08:56:14 | 000,115,436 | ---- | M] () -- C:\Users\bigred\Desktop\Pirates of the Caribbean, Pirate Ships, Blackbeards Queen Annes Revenge.htm
[2013/03/20 08:55:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3343391003-4272309500-464388543-1000UA.job
[2013/03/20 08:51:10 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 08:51:09 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 08:38:53 | 000,000,012 | ---- | M] () -- C:\Windows\SysWow64\haspaddr.dat
[2013/03/20 08:37:26 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/03/20 08:36:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/20 08:34:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/20 08:34:18 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/18 00:14:33 | 000,182,694 | ---- | M] () -- C:\Users\bigred\Desktop\Geeks to Go! – Free help from tech experts.htm
[2013/03/18 00:03:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bigred\Desktop\OTL.exe
[2013/03/17 23:58:31 | 000,000,258 | RHS- | M] () -- C:\Users\bigred\ntuser.pol
[2013/03/17 23:54:03 | 000,000,009 | ---- | M] () -- C:\END
[2013/03/17 23:51:14 | 000,001,103 | ---- | M] () -- C:\Users\bigred\Desktop\Flash Player Pro.lnk
[2013/03/17 19:15:01 | 003,009,352 | ---- | M] () -- C:\Users\bigred\Desktop\Unity of Wicca.htm
[2013/03/17 19:08:09 | 001,655,027 | ---- | M] () -- C:\Users\bigred\Desktop\(72) Unity of Wicca.htm
[2013/03/12 23:41:44 | 000,104,994 | ---- | M] () -- C:\Users\bigred\Desktop\Pyracy Pub.htm
[2013/03/12 23:32:20 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/12 23:29:05 | 000,003,177 | ---- | M] () -- C:\Users\bigred\Desktop\Ghost Towns and History of the American West.htm
[2013/03/12 23:07:31 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/03/12 04:12:03 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/03/12 03:30:36 | 000,001,811 | ---- | M] () -- C:\Users\bigred\Desktop\Spotify.lnk
[2013/03/12 03:20:58 | 000,684,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/12 03:20:58 | 000,129,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/12 03:20:56 | 000,812,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/11 00:30:29 | 000,002,166 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/03/11 00:30:28 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/03/11 00:29:03 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/10 20:55:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3343391003-4272309500-464388543-1000Core.job
[2013/03/10 02:06:04 | 000,000,084 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013/03/07 11:55:11 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/03/06 16:36:07 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForbigred.job
[2013/03/02 16:47:13 | 000,002,279 | ---- | M] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/28 18:06:59 | 000,001,254 | ---- | M] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/20 14:36:07 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/02/20 14:36:07 | 000,001,848 | ---- | M] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/02/19 18:55:49 | 000,806,298 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/02/18 18:39:49 | 000,002,603 | ---- | M] () -- C:\Users\Public\Desktop\VPlayer.lnk
[1 C:\Users\bigred\Desktop\*.tmp files -> C:\Users\bigred\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/20 09:22:01 | 000,074,368 | ---- | C] () -- C:\Users\bigred\Desktop\575235_10151597043191461_856798105_n.jpg
[2013/03/20 08:56:13 | 000,115,436 | ---- | C] () -- C:\Users\bigred\Desktop\Pirates of the Caribbean, Pirate Ships, Blackbeards Queen Annes Revenge.htm
[2013/03/18 00:14:33 | 000,182,694 | ---- | C] () -- C:\Users\bigred\Desktop\Geeks to Go! – Free help from tech experts.htm
[2013/03/17 23:58:31 | 000,000,258 | RHS- | C] () -- C:\Users\bigred\ntuser.pol
[2013/03/17 23:51:14 | 000,001,103 | ---- | C] () -- C:\Users\bigred\Desktop\Flash Player Pro.lnk
[2013/03/17 23:50:31 | 000,000,009 | ---- | C] () -- C:\END
[2013/03/17 19:15:01 | 003,009,352 | ---- | C] () -- C:\Users\bigred\Desktop\Unity of Wicca.htm
[2013/03/17 19:08:06 | 001,655,027 | ---- | C] () -- C:\Users\bigred\Desktop\(72) Unity of Wicca.htm
[2013/03/12 23:41:44 | 000,104,994 | ---- | C] () -- C:\Users\bigred\Desktop\Pyracy Pub.htm
[2013/03/12 23:29:04 | 000,003,177 | ---- | C] () -- C:\Users\bigred\Desktop\Ghost Towns and History of the American West.htm
[2013/03/12 03:50:07 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/03/12 03:25:55 | 000,001,797 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/03/12 03:25:54 | 000,001,811 | ---- | C] () -- C:\Users\bigred\Desktop\Spotify.lnk
[2013/03/11 00:30:29 | 000,002,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/03/11 00:30:28 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/03/11 00:29:03 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/11 00:29:00 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/02/28 18:13:24 | 000,002,279 | ---- | C] () -- C:\Users\bigred\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/28 18:13:24 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/20 16:46:52 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5 (64 Bit).lnk
[2013/02/20 16:46:01 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.lnk
[2013/02/20 16:43:39 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.lnk
[2013/02/20 16:43:08 | 000,001,262 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.lnk
[2013/02/20 16:41:21 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.lnk
[2013/02/20 16:41:09 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2013/02/18 18:39:49 | 000,002,603 | ---- | C] () -- C:\Users\Public\Desktop\VPlayer.lnk
[2013/02/05 13:55:04 | 000,000,012 | ---- | C] () -- C:\Windows\SysWow64\haspaddr.dat
[2013/02/05 13:54:04 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2013/01/11 23:16:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/11 23:16:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/11 23:16:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/11 23:16:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/11 23:16:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/08 19:57:57 | 000,027,520 | ---- | C] () -- C:\Users\bigred\AppData\Local\dt.dat
[2012/07/26 21:01:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\kkwzdpqb.dll
[2012/07/10 00:06:54 | 000,000,132 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/12 18:14:40 | 000,172,776 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2012/06/12 18:14:40 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2012/03/03 01:06:01 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/02/13 18:41:52 | 000,870,128 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\mcs.rma
[2011/12/24 07:16:14 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/09/22 01:53:36 | 000,006,144 | ---- | C] () -- C:\Users\bigred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/07 22:25:15 | 000,000,218 | ---- | C] () -- C:\Users\bigred\.recently-used.xbel
[2011/03/22 18:52:53 | 000,001,854 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\GhostObjGAFix.xml
[2011/02/26 01:48:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/09 15:44:34 | 000,000,132 | ---- | C] () -- C:\Users\bigred\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/02/08 03:29:55 | 001,189,163 | ---- | C] () -- C:\Users\bigred\fileurns.cache
[2011/02/08 03:29:25 | 000,665,887 | ---- | C] () -- C:\Users\bigred\createtimes.cache
[2011/02/08 03:29:24 | 001,048,693 | ---- | C] () -- C:\Users\bigred\library5.dat
[2011/02/08 03:29:24 | 000,002,826 | ---- | C] () -- C:\Users\bigred\limewire.props
[2011/02/08 03:29:24 | 000,000,312 | ---- | C] () -- C:\Users\bigred\mojito.props
[2011/02/02 12:24:21 | 000,000,084 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/21 19:52:08 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\.minecraft
[2011/05/07 21:42:41 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Aventail
[2012/09/26 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\AVG2013
[2013/03/20 08:53:40 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Azureus
[2012/07/02 20:07:26 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Barnes & Noble
[2013/02/05 15:28:37 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\BeadTool
[2013/01/22 18:21:40 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Blackboard
[2011/05/11 00:54:03 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Cache
[2012/12/27 03:50:14 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\calibre
[2012/06/03 12:38:38 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\DriverCure
[2013/02/08 16:22:43 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\DSite
[2012/03/30 13:21:28 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\EuroTalk
[2011/02/15 12:58:08 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\FrostWire
[2012/11/20 18:37:15 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\GlarySoft
[2013/02/21 00:15:39 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\go
[2013/02/09 23:53:25 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\GoforFiles
[2011/06/07 22:25:47 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\inkscape
[2011/03/26 02:01:39 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\InterTrust
[2011/04/28 20:07:56 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\MusicNet
[2011/05/08 19:24:30 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\OpenOffice.org
[2013/02/18 18:39:49 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\player
[2012/03/14 19:39:09 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\SoftGrid Client
[2012/06/03 12:38:38 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\SpeedyPC Software
[2013/03/12 23:39:22 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Spotify
[2011/02/09 18:12:32 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/03/18 00:13:08 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Strongvault
[2011/02/15 14:42:41 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\TP
[2012/09/26 14:04:30 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\TuneUp Software
[2011/01/31 19:19:09 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Uniblue
[2011/01/24 16:29:23 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\WildTangent
[2013/01/22 21:28:07 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Windows Live Writer
[2013/02/09 23:38:46 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

Thank you
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK let me know if this cures it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
FF - prefs.js..extensions.enabledAddons: [email protected]:5.1
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {1B250067-DB47-42EF-9FC9-5E3320D3236F}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...000c0cb3865fdbb
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2013/03/10 02:18:12 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013/02/09 23:53:25 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\GoforFiles
[2013/02/09 23:38:46 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\YourFileDownloader
[2013/03/18 00:13:08 | 000,000,000 | ---D | M] -- C:\Users\bigred\AppData\Roaming\Strongvault
[2013/03/12 23:56:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins

:Files
C:\Program Files (x86)\GoforFiles
C:\Program Files (x86)\YourFileDownloader

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#15
bigredyeeha

bigredyeeha

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
All processes killed
========== OTL ==========
Prefs.js: [email protected]:5.1 removed from extensions.enabledAddons
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Users\bigred\AppData\Roaming\GoforFiles folder moved successfully.
C:\Users\bigred\AppData\Roaming\YourFileDownloader folder moved successfully.
C:\Users\bigred\AppData\Roaming\Strongvault folder moved successfully.
C:\Windows\SysWow64\searchplugins folder moved successfully.
========== FILES ==========
C:\Program Files (x86)\GoforFiles\language folder moved successfully.
C:\Program Files (x86)\GoforFiles folder moved successfully.
C:\Program Files (x86)\YourFileDownloader folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: bigred
->Temp folder emptied: 40002535 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 78167606 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-BIGRED-HP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20058 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 7584766274 bytes

Total Files Cleaned = 7,346.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 03202013_084441

Files\Folders moved on Reboot...
C:\Users\bigred\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll moved successfully.
C:\Users\bigred\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP