Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help with Ukash RCMP [Solved]


  • This topic is locked This topic is locked

#1
PKL2011

PKL2011

    New Member

  • Member
  • Pip
  • 4 posts
Father in law gave me this to fix, I've tried a few things that didn't work, also followed a reply in March, http://www.geekstogo...mp-ukash-virus/

I've had no success after the initial OTL scan, here is the log information gathered. I think the custom fix was designed for the particular system in reference above. I rebooted the system and still had the screen locked by the RCMP page. I have all the other removal tools ready to go, just need a fix to get the screen unlocked.

Thanks for your help,

Patrick

OTL logfile created on: 6/8/2013 9:58:39 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 834.00 Mb Available Physical Memory | 82.00% Memory free
902.00 Mb Paging File | 848.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.28 Gb Total Space | 62.63 Gb Free Space | 84.32% Space Free | Partition Type: NTFS
Drive D: | 490.72 Mb Total Space | 452.56 Mb Free Space | 92.22% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/05/25 14:17:07 | 000,159,744 | ---- | M] () [Auto] -- C:\Documents and Settings\All Users\Application Data\833h.dat -- (winmgmt)
SRV - [2013/05/21 14:13:56 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto] -- C:\Program Files\GamingWonderland\bar\2.bin\gtbarsvc.exe -- (GamingWonderlandService)
SRV - [2013/05/15 01:06:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/21 19:37:20 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto] -- C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe -- (TelevisionFanaticService)
SRV - [2012/11/12 13:05:22 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto] -- C:\Program Files\yourlocallotto1_20\bar\1.bin\20barsvc.exe -- (yourlocallotto1_20Service)
SRV - [2012/02/21 23:40:48 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto] -- C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe -- (TotalRecipeSearch_14Service)
SRV - [2011/09/20 15:15:28 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.229\McCHSvc.exe -- (McComponentHostService)
SRV - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/01/17 04:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/27 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2005/12/09 04:48:40 | 004,123,136 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/05 05:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/30 15:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/29 22:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 13:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/14 21:00:22 | 001,122,656 | R--- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/20 18:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/06 09:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 09:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 09:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 09:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 09:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 09:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 09:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/09 18:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 16:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 16:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/06/01 15:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/01/29 02:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/01/24 15:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?fr=fp-reg


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Don_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...CFelAMgodxDcAgQ
IE - HKU\Don_ON_C\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - Reg Error: Key error. File not found
IE - HKU\Don_ON_C\..\URLSearchHook: {52f57613-4c36-4757-a961-621c2adedfc9} - Reg Error: Key error. File not found
IE - HKU\Don_ON_C\..\URLSearchHook: {8a7d2060-824d-4b17-b00a-759b1b5f30d9} - Reg Error: Key error. File not found
IE - HKU\Don_ON_C\..\URLSearchHook: {a8625cb7-85fe-4936-92a4-b2a7c925209e} - Reg Error: Key error. File not found
IE - HKU\Don_ON_C\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\Don_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://shoptoshiba.ca/welcome
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




FF - HKLM\Software\MozillaPlugins\@GamingWonderland.com/Plugin: C:\Program Files\GamingWonderland\bar\2.bin\NPgtStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin: C:\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@yourlocallotto1_20.com/Plugin: C:\Program Files\yourlocallotto1_20\bar\1.bin\NP20Stub.dll (MindSpark)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\14ffxtbr@TotalRecipeSearch_14.com: C:\Program Files\TotalRecipeSearch_14\bar\1.bin [2012/02/21 23:40:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SiteRanker\firefox\ [2012/10/02 10:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\20ffxtbr@yourlocallotto1_20.com: C:\Program Files\yourlocallotto1_20\bar\1.bin [2012/11/12 13:05:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\TelevisionFanatic\bar\1.bin [2012/11/21 19:37:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\GamingWonderland\bar\2.bin [2013/05/21 14:14:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 18:22:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/03 18:22:03 | 000,000,000 | ---D | M]

[2011/04/05 20:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/05 15:22:48 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Search Assistant BHO) - {5d79f641-c168-40df-a32f-bacea7509e75} - C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll (MindSpark)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Toolbar BHO) - {7b120170-d03b-451c-9fcc-369bf9900302} - C:\Program Files\yourlocallotto1_20\bar\1.bin\20bar.dll (MindSpark)
O2 - BHO: (Toolbar BHO) - {7c8f8fe5-9785-4f74-bcf8-895ef9752d97} - C:\Program Files\GamingWonderland\bar\2.bin\gtbar.dll (MindSpark)
O2 - BHO: (Toolbar BHO) - {ab56dfde-0c14-45b3-9df6-7b0eba617870} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll (MindSpark)
O2 - BHO: (Search Assistant BHO) - {ab5d199e-9659-47a2-930b-fc3b69061353} - C:\Program Files\GamingWonderland\bar\2.bin\gtSrcAs.dll (MindSpark)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O2 - BHO: (Toolbar BHO) - {cb41fc95-f1b3-4797-8bb6-1012ff62abba} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Search Assistant BHO) - {ddddb845-30e9-481f-b76d-82522e6fd79c} - C:\Program Files\yourlocallotto1_20\bar\1.bin\20SrcAs.dll (MindSpark)
O2 - BHO: (Search Assistant BHO) - {df22384f-cf68-4d19-969f-10423715528b} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll (MindSpark)
O3 - HKLM\..\Toolbar: (TotalRecipeSearch) - {a0154e07-2b48-475c-a82a-80efd84ea33e} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (GamingWonderland) - {a899079d-206f-43a6-be6a-07e0fa648ea0} - C:\Program Files\GamingWonderland\bar\2.bin\gtbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (TelevisionFanatic) - {c98d5b61-b0ea-4d48-9839-1079d352d880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (YourLocalLotto Toolbar) - {e2993f50-db88-405c-baec-91a1805c3517} - C:\Program Files\yourlocallotto1_20\bar\1.bin\20bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Don_ON_C\..\Toolbar\WebBrowser: (TotalRecipeSearch) - {A0154E07-2B48-475C-A82A-80EFD84EA33E} - C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll (MindSpark)
O3 - HKU\Don_ON_C\..\Toolbar\WebBrowser: (GamingWonderland) - {A899079D-206F-43A6-BE6A-07E0FA648EA0} - C:\Program Files\GamingWonderland\bar\2.bin\gtbar.dll (MindSpark)
O3 - HKU\Don_ON_C\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKU\Don_ON_C\..\Toolbar\WebBrowser: (TelevisionFanatic) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll (MindSpark)
O3 - HKU\Don_ON_C\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\Don_ON_C\..\Toolbar\WebBrowser: (YourLocalLotto Toolbar) - {E2993F50-DB88-405C-BAEC-91A1805C3517} - C:\Program Files\yourlocallotto1_20\bar\1.bin\20bar.dll (MindSpark)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [GamingWonderland Browser Plugin Loader] C:\Program Files\GamingWonderland\bar\2.bin\gtbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [GamingWonderland Search Scope Monitor] C:\Program Files\GamingWonderland\bar\2.bin\gtSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TelevisionFanatic Browser Plugin Loader] C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [TelevisionFanatic Search Scope Monitor] C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TotalRecipeSearch Search Scope Monitor] C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [TotalRecipeSearch_14 Browser Plugin Loader] C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [YourLocalLotto Toolbar Search Scope Monitor] C:\Program Files\yourlocallotto1_20\bar\1.bin\20SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [yourlocallotto1_20 Browser Plugin Loader] C:\Program Files\yourlocallotto1_20\bar\1.bin\20brmon.exe (VER_COMPANY_NAME)
O4 - HKU\Administrator_ON_C..\Run: [ctfmon32.exe] C:\Documents and Settings\All Users\Application Data\833h.dat ()
O4 - HKU\Administrator_ON_C..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKU\Don_ON_C..\Run: [AGupdate] C:\Program Files\AppGraffiti\AGupdate.exe (Omega Partners Ltd)
O4 - HKU\Don_ON_C..\Run: [ctfmon32.exe] C:\Documents and Settings\All Users\Application Data\833h.dat ()
O4 - HKU\Don_ON_C..\Run: [MediaGet2] C:\Documents and Settings\Don\Local Settings\Application Data\MediaGet2\mediaget.exe ()
O4 - HKU\Guest_ON_C..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\IEHOME.BAT ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\regmonstd.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = File not found
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\IEHOME.BAT ()
O4 - Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\regmonstd.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Don_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1288783809292 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/21 06:35:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/06/07 15:39:01 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2013/06/07 15:34:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2013/06/07 15:34:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2013/06/07 15:34:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/06/07 15:34:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2013/06/07 15:34:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2013/06/07 15:34:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2013/06/07 15:34:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2013/06/07 15:34:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2013/06/07 15:34:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2013/06/07 15:34:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2013/06/07 15:34:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2013/06/07 15:34:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2013/06/07 15:34:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2013/06/07 15:34:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2013/06/07 15:34:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2013/06/07 15:34:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2013/06/07 15:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2013/06/07 15:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2013/06/07 15:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Intel
[2013/06/07 15:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2013/06/07 15:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2013/06/07 15:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2013/06/07 15:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150040}
[2013/05/25 14:17:07 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe
[2013/05/21 14:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\GamingWonderland
[2013/05/09 22:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
[2013/05/09 22:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\Inbox Toolbar
[2013/05/09 22:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Inbox Toolbar
[2006/03/03 02:07:17 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/07 19:30:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/07 19:29:38 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\h338.pad
[2013/06/07 15:36:51 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\regmonstd.lnk
[2013/06/07 15:32:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E12114FD-365E-4D33-9501-13C8776D0DA3}.job
[2013/06/07 15:31:10 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/25 14:17:41 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Don\Start Menu\Programs\Startup\regmonstd.lnk
[2013/05/25 14:17:20 | 000,003,046 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\h338.js
[2013/05/25 14:17:07 | 000,159,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\833h.dat
[2013/05/25 14:17:07 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe
[2013/05/25 14:17:01 | 000,159,744 | ---- | M] () -- C:\Documents and Settings\Don\182281.exe
[2013/05/25 13:57:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/25 01:06:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/25 00:13:30 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/05/21 22:42:45 | 000,000,290 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Topics - Myzer.com.url
[2013/05/18 17:04:19 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\OLG - Winning Numbers.url
[2013/05/16 14:50:55 | 000,104,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/16 14:27:38 | 000,442,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/16 14:27:38 | 000,071,822 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/16 13:26:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/16 13:12:25 | 000,000,340 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Online Banking.url
[2013/05/16 13:11:00 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\RBC Royal Bank - Sign In to Online Banking.url
[2013/05/15 01:06:35 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/15 01:06:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/09 22:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/07 15:36:47 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\regmonstd.lnk
[2013/06/07 15:34:41 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/07 15:34:41 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/06/07 15:34:38 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2013/06/07 15:34:38 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2013/06/07 15:34:38 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2013/06/07 15:34:37 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\IEHOME.LNK
[2013/05/25 14:17:41 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Don\Start Menu\Programs\Startup\regmonstd.lnk
[2013/05/25 14:17:20 | 000,003,046 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\h338.js
[2013/05/25 14:17:16 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\h338.pad
[2013/05/25 14:17:07 | 000,159,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\833h.dat
[2013/05/25 14:17:00 | 000,159,744 | ---- | C] () -- C:\Documents and Settings\Don\182281.exe
[2013/04/24 23:16:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/14 21:54:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/02 13:41:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/11/03 18:22:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/03 11:15:12 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Tbiosdrv.sys
[2006/03/03 02:59:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/03 02:08:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/03/03 02:07:17 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/02/21 11:41:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/21 11:32:23 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/21 11:32:23 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/02/21 11:31:45 | 000,000,216 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/21 10:19:21 | 000,000,176 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2006/02/21 10:19:21 | 000,000,176 | R--- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2006/02/21 10:19:15 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/21 10:19:15 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/02/21 10:18:38 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/21 10:18:37 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/21 10:18:37 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/21 10:18:37 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/21 09:49:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/21 06:38:36 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/02/21 06:37:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/02/21 06:33:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/21 04:37:59 | 000,002,392 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/21 04:37:48 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/21 04:37:46 | 000,442,052 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/21 04:37:46 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/21 04:37:46 | 000,071,822 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/21 04:37:46 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/21 04:37:46 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/21 04:37:45 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/21 04:37:45 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/02/21 04:37:43 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/21 04:37:43 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/21 04:37:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/21 04:37:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/20 22:28:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/02/20 22:27:52 | 000,104,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/28 08:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/02 18:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/23 01:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 21:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 18:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2004/01/13 06:46:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll

========== LOP Check ==========

[2006/02/21 11:28:32 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\toshiba
[2006/02/21 11:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2012/09/13 09:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\AppGraffiti
[2011/04/05 18:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\BabylonToolbar
[2013/05/09 22:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Inbox Toolbar
[2011/04/26 08:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Media Get LLC
[2012/08/15 14:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Party
[2013/06/04 18:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\PriceGong
[2012/10/02 10:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\SiteRanker
[2013/01/18 01:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Systweak
[2006/02/21 11:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\toshiba
[2011/04/26 00:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\uTorrent
[2012/11/12 13:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\yourlocallotto1_20
[2012/10/12 02:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SiteRanker
[2006/02/21 11:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\toshiba
[2011/04/26 08:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Media Get LLC
[2010/11/03 11:14:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 1.job
[2010/11/03 11:14:03 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job
[2013/06/07 15:32:00 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E12114FD-365E-4D33-9501-13C8776D0DA3}.job

========== Purity Check ==========


< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there download the attached fix.txt to a USB
[attachment=64975:fix.txt]
Start the Reatogo desktop as before
Run OTL and press Run Fix
OTL will ask for the location of fix.txt
Locate it on the USB and select the file
Press Run Fix again
On completion a log will be saved to the USB post that

THEN

Reboot the computer to normal windows
and run this copy of OTL

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
PKL2011

PKL2011

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I was unable to extract the fix directly from my USB drive, it froze the UI trying to click Run Fix twice. I pasted the text into the custom scans/fixes and extracted the log file from the "moved files" folder.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winmgmt deleted successfully.
C:\Documents and Settings\All Users\Application Data\833h.dat moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TelevisionFanaticService deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64barsvc.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yourlocallotto1_20Service deleted successfully.
C:\Program Files\yourlocallotto1_20\bar\1.bin\20barsvc.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TotalRecipeSearch_14Service deleted successfully.
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14barsvc.exe moved successfully.
Registry value HKEY_USERS\Don_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0696f815-a3a9-490a-bb14-9ec3350b1276} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}\ not found.
Registry value HKEY_USERS\Don_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{52f57613-4c36-4757-a961-621c2adedfc9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52f57613-4c36-4757-a961-621c2adedfc9}\ not found.
Registry value HKEY_USERS\Don_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8a7d2060-824d-4b17-b00a-759b1b5f30d9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a7d2060-824d-4b17-b00a-759b1b5f30d9}\ not found.
Registry value HKEY_USERS\Don_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a8625cb7-85fe-4936-92a4-b2a7c925209e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8625cb7-85fe-4936-92a4-b2a7c925209e}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}\ deleted successfully.
C:\Program Files\SiteRanker\SiteRank.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5d79f641-c168-40df-a32f-bacea7509e75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75}\ deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64SrcAs.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b120170-d03b-451c-9fcc-369bf9900302}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b120170-d03b-451c-9fcc-369bf9900302}\ deleted successfully.
C:\Program Files\yourlocallotto1_20\bar\1.bin\20bar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c8f8fe5-9785-4f74-bcf8-895ef9752d97}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c8f8fe5-9785-4f74-bcf8-895ef9752d97}\ deleted successfully.
C:\Program Files\GamingWonderland\bar\2.bin\gtbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab56dfde-0c14-45b3-9df6-7b0eba617870}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab56dfde-0c14-45b3-9df6-7b0eba617870}\ deleted successfully.
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ab5d199e-9659-47a2-930b-fc3b69061353}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ab5d199e-9659-47a2-930b-fc3b69061353}\ deleted successfully.
C:\Program Files\GamingWonderland\bar\2.bin\gtSrcAs.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba}\ deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ddddb845-30e9-481f-b76d-82522e6fd79c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddddb845-30e9-481f-b76d-82522e6fd79c}\ deleted successfully.
C:\Program Files\yourlocallotto1_20\bar\1.bin\20SrcAs.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df22384f-cf68-4d19-969f-10423715528b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df22384f-cf68-4d19-969f-10423715528b}\ deleted successfully.
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrcAs.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a0154e07-2b48-475c-a82a-80efd84ea33e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0154e07-2b48-475c-a82a-80efd84ea33e}\ deleted successfully.
File C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a899079d-206f-43a6-be6a-07e0fa648ea0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a899079d-206f-43a6-be6a-07e0fa648ea0}\ deleted successfully.
File C:\Program Files\GamingWonderland\bar\2.bin\gtbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c98d5b61-b0ea-4d48-9839-1079d352d880} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880}\ deleted successfully.
File C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e2993f50-db88-405c-baec-91a1805c3517} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2993f50-db88-405c-baec-91a1805c3517}\ deleted successfully.
File C:\Program Files\yourlocallotto1_20\bar\1.bin\20bar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\Don_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A0154E07-2B48-475C-A82A-80EFD84EA33E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0154E07-2B48-475C-A82A-80EFD84EA33E}\ not found.
File C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14bar.dll not found.
Registry value HKEY_USERS\Don_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A899079D-206F-43A6-BE6A-07E0FA648EA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A899079D-206F-43A6-BE6A-07E0FA648EA0}\ not found.
File C:\Program Files\GamingWonderland\bar\2.bin\gtbar.dll not found.
Registry value HKEY_USERS\Don_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C98D5B61-B0EA-4D48-9839-1079D352D880} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C98D5B61-B0EA-4D48-9839-1079D352D880}\ not found.
File C:\Program Files\TelevisionFanatic\bar\1.bin\64bar.dll not found.
Registry value HKEY_USERS\Don_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E2993F50-DB88-405C-BAEC-91A1805C3517} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2993F50-DB88-405C-BAEC-91A1805C3517}\ not found.
File C:\Program Files\yourlocallotto1_20\bar\1.bin\20bar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CFSServ.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GamingWonderland Browser Plugin Loader deleted successfully.
C:\Program Files\GamingWonderland\bar\2.bin\gtbrmon.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GamingWonderland Search Scope Monitor deleted successfully.
C:\Program Files\GamingWonderland\bar\2.bin\gtSrchMn.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SiteRanker deleted successfully.
C:\Program Files\SiteRanker\SiteRankTray.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic Browser Plugin Loader deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64brmon.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TelevisionFanatic Search Scope Monitor deleted successfully.
C:\Program Files\TelevisionFanatic\bar\1.bin\64SrchMn.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TFncKy deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TotalRecipeSearch Search Scope Monitor deleted successfully.
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14SrchMn.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TotalRecipeSearch_14 Browser Plugin Loader deleted successfully.
C:\Program Files\TotalRecipeSearch_14\bar\1.bin\14brmon.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\YourLocalLotto Toolbar Search Scope Monitor deleted successfully.
C:\Program Files\yourlocallotto1_20\bar\1.bin\20SrchMn.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\yourlocallotto1_20 Browser Plugin Loader deleted successfully.
C:\Program Files\yourlocallotto1_20\bar\1.bin\20brmon.exe moved successfully.
Registry value HKEY_USERS\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon32.exe deleted successfully.
File C:\Documents and Settings\All Users\Application Data\833h.dat not found.
Registry value HKEY_USERS\Don_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon32.exe deleted successfully.
File C:\Documents and Settings\All Users\Application Data\833h.dat not found.
Registry value HKEY_USERS\Don_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\MediaGet2 deleted successfully.
C:\Documents and Settings\Don\Local Settings\Application Data\MediaGet2\mediaget.exe moved successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\IEHOME.LNK moved successfully.
File C:\Documents and Settings\Default User\Local Settings\Temp\IEHOME.BAT not found.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\regmonstd.lnk moved successfully.
File move failed. X:\I386\SYSTEM32\RUNDLL32.EXE scheduled to be moved on reboot.
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\IEHOME.LNK moved successfully.
File C:\Documents and Settings\Default User\Local Settings\Temp\IEHOME.BAT not found.
C:\Documents and Settings\Don\Start Menu\Programs\Startup\regmonstd.lnk moved successfully.
File move failed. X:\I386\SYSTEM32\RUNDLL32.EXE scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Application Data\rundll32.exe moved successfully.
C:\Program Files\GamingWonderland\GamingWonderland\Cache folder moved successfully.
C:\Program Files\GamingWonderland\GamingWonderland folder moved successfully.
C:\Documents and Settings\All Users\Application Data\h338.pad moved successfully.
File C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\regmonstd.lnk not found.
C:\Documents and Settings\All Users\Application Data\h338.js moved successfully.
File C:\Documents and Settings\All Users\Application Data\833h.dat not found.
File C:\Documents and Settings\All Users\Application Data\rundll32.exe not found.
C:\Documents and Settings\Don\182281.exe moved successfully.
File C:\Documents and Settings\Don\Start Menu\Programs\Startup\regmonstd.lnk not found.
File C:\Documents and Settings\All Users\Application Data\h338.js not found.
File C:\Documents and Settings\All Users\Application Data\h338.pad not found.
File C:\Documents and Settings\All Users\Application Data\833h.dat not found.
File C:\Documents and Settings\Don\182281.exe not found.

OTLPE by OldTimer - Version 3.1.48.0 log created on 06082013_171408


New OTL.txt

OTL logfile created on: 6/8/2013 5:23:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 584.51 Mb Available Physical Memory | 57.65% Memory free
2.39 Gb Paging File | 2.14 Gb Available in Paging File | 89.53% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.28 Gb Total Space | 62.10 Gb Free Space | 83.60% Space Free | Partition Type: NTFS
Drive E: | 490.72 Mb Total Space | 451.86 Mb Free Space | 92.08% Space Free | Partition Type: FAT

Computer Name: DON-LAPTOP | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/08 17:22:28 | 001,165,776 | ---- | M] (Google Inc.) -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\CR_83300.tmp\setup.exe
PRC - [2013/06/08 14:03:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2013/06/04 13:00:00 | 000,746,848 | ---- | M] () -- C:\Program Files\Google\Update\Install\{8A91DD54-C36A-42EF-B262-AAB94F1E1092}\27.0.1453.110_27.0.1453.94_chrome_updater.exe
PRC - [2013/04/25 23:10:12 | 001,712,280 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files\Inbox Toolbar\Inbox.exe
PRC - [2011/09/20 15:15:28 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/02 03:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/01/05 18:02:24 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/12/05 13:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/30 16:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/11/28 12:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 12:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/02 04:41:04 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/10/06 09:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/05/31 22:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 21:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 20:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/03/11 19:03:16 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
PRC - [2005/01/17 04:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/08/27 12:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/27 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/17 15:37:44 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/04 13:00:00 | 000,746,848 | ---- | M] () -- C:\Program Files\Google\Update\Install\{8A91DD54-C36A-42EF-B262-AAB94F1E1092}\27.0.1453.110_27.0.1453.94_chrome_updater.exe
MOD - [2006/01/04 22:14:36 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2005/11/28 12:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 12:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/28 12:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/11/03 12:37:58 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2002/03/03 08:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/21 14:13:56 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\GamingWonderland\bar\2.bin\gtbarsvc.exe -- (GamingWonderlandService)
SRV - [2013/05/15 01:06:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/20 15:15:28 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.229\McCHSvc.exe -- (McComponentHostService)
SRV - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/01/17 04:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/27 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2005/12/09 04:48:40 | 004,123,136 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2005/12/05 05:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/11/30 15:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/29 22:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 13:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/14 21:00:22 | 001,122,656 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/20 18:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/06 09:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 09:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 09:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 09:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 09:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 09:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 09:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/09 18:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 16:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 16:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/06/01 15:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/01/29 02:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/01/24 15:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?fr=fp-reg
IE - HKLM\..\SearchScopes,DefaultScope = {cca2e567-1987-4100-a3c6-5b4267084510}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9215525D-4BC2-4DD1-BC76-19D7300E0093}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebs...r={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www2.inbox.co...tb_id&%language
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...CFelAMgodxDcAgQ
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...search&AF=17434
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\SearchScopes\{9215525D-4BC2-4DD1-BC76-19D7300E0093}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.3.0001.0(B)
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3196716
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...&iwk=254&lng=en
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...earch&AF=17434"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylo.../home?AF=17434"
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@GamingWonderland.com/Plugin: C:\Program Files\GamingWonderland\bar\2.bin\NPgtStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin: C:\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@yourlocallotto1_20.com/Plugin: C:\Program Files\yourlocallotto1_20\bar\1.bin\NP20Stub.dll (MindSpark)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\14ffxtbr@TotalRecipeSearch_14.com: C:\Program Files\TotalRecipeSearch_14\bar\1.bin [2013/06/08 17:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SiteRanker\firefox\ [2012/10/02 10:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\20ffxtbr@yourlocallotto1_20.com: C:\Program Files\yourlocallotto1_20\bar\1.bin [2013/06/08 17:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\TelevisionFanatic\bar\1.bin [2013/06/08 17:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\GamingWonderland\bar\2.bin [2013/06/08 17:14:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 18:22:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/03 18:22:03 | 000,000,000 | ---D | M]

[2010/11/03 18:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Don\Application Data\Mozilla\Extensions
[2013/05/21 14:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions
[2010/11/07 22:36:06 | 000,000,000 | ---D | M] (uTorrentBar Toolbar) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/02/21 23:40:52 | 000,000,000 | ---D | M] (TotalRecipeSearch) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\14ffxtbr@TotalRecipeSearch_14.com
[2012/11/12 13:05:26 | 000,000,000 | ---D | M] (YourLocalLotto Toolbar) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\20ffxtbr@yourlocallotto1_20.com
[2012/11/21 19:37:24 | 000,000,000 | ---D | M] (TelevisionFanatic) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\[email protected]
[2012/09/13 09:21:51 | 000,000,000 | ---D | M] (AppGraffiti) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\[email protected]
[2011/04/05 15:22:54 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\[email protected]
[2013/05/21 14:14:00 | 000,000,000 | ---D | M] (GamingWonderland) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\[email protected]
[2011/04/05 20:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/05 15:22:48 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\GamingWonderland\bar\2.bin\NPgtStub.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\yourlocallotto1_20\bar\1.bin\NP20Stub.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006..\Run: [AGupdate] C:\Program Files\AppGraffiti\AGupdate.exe (Omega Partners Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.gamin...2013052114&cv=1 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1288783809292 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABBB4B52-C748-4ABB-A7E0-6973D561EC97}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/21 06:35:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: winmgmt - C:\WINDOWS\system32\wbem\winmgmt.exe (Microsoft Corporation)

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2013/06/08 10:15:48 | 000,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2013/06/08 10:12:25 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013/06/08 10:11:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/21 14:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\GamingWonderland
[2013/05/09 22:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
[2013/05/09 22:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\Inbox Toolbar
[2013/05/09 22:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Inbox Toolbar
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/08 17:22:09 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E12114FD-365E-4D33-9501-13C8776D0DA3}.job
[2013/06/08 17:21:40 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/08 17:21:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/08 17:21:31 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/25 13:57:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/25 01:06:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/25 00:13:30 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/05/21 22:42:45 | 000,000,290 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Topics - Myzer.com.url
[2013/05/18 17:04:19 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\OLG - Winning Numbers.url
[2013/05/16 14:50:55 | 000,104,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/16 14:27:38 | 000,442,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/16 14:27:38 | 000,071,822 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/16 13:26:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/16 13:12:25 | 000,000,340 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Online Banking.url
[2013/05/16 13:11:00 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\RBC Royal Bank - Sign In to Online Banking.url
[2013/05/15 01:06:35 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/15 01:06:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/08 10:14:31 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/24 23:16:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/14 21:54:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2006/02/21 09:51:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2006/02/21 11:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2011/04/26 08:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Media Get LLC
[2006/02/21 11:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
[2012/09/13 09:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\AppGraffiti
[2011/04/05 18:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\BabylonToolbar
[2013/05/09 22:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Inbox Toolbar
[2011/04/26 08:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Media Get LLC
[2012/08/15 14:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Party
[2013/06/08 10:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\PriceGong
[2012/10/02 10:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\SiteRanker
[2013/01/18 01:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Systweak
[2006/02/21 11:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\toshiba
[2011/04/26 00:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\uTorrent
[2012/11/12 13:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\yourlocallotto1_20
[2012/10/12 02:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SiteRanker
[2006/02/21 11:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\toshiba

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 09:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 20:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 20:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 20:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 20:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 20:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 20:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
No service found with a name of winmgmt
No service found with a name of Wmi
SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 20:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2011/07/12 22:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES >
[2004/08/04 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2004/08/04 08:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\WINDOWS\I386\SERVICES._

< MD5 for: SERVICES.EX_ >
[2004/08/04 08:00:00 | 000,049,955 | ---- | M] () MD5=85A738BA493104ED103B26CADEB8B543 -- C:\WINDOWS\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 08:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtUninstallKB956572_0$\services.exe

< MD5 for: SERVICES.LNK >
[2006/02/21 06:35:29 | 000,001,602 | ---- | M] () MD5=95689A5A23181EA3134B378A22CB9AC5 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MS_ >
[2004/08/04 08:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\WINDOWS\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2004/08/04 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is S3A2422D004
Volume Serial Number is 14C6-E772
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
05/16/2013 02:19 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
05/16/2013 02:16 PM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 66,411,429,888 bytes free

< End of report >

OTL Extras logfile created on: 6/8/2013 5:23:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 584.51 Mb Available Physical Memory | 57.65% Memory free
2.39 Gb Paging File | 2.14 Gb Available in Paging File | 89.53% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.28 Gb Total Space | 62.10 Gb Free Space | 83.60% Space Free | Partition Type: NTFS
Drive E: | 490.72 Mb Total Space | 451.86 Mb Free Space | 92.08% Space Free | Partition Type: FAT

Computer Name: DON-LAPTOP | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2561889146-3969142049-1357816821-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\MediaGet\mediaget.exe" = C:\Program Files\MediaGet\mediaget.exe:*:Enabled:mediaget
"C:\Documents and Settings\Don\Local Settings\Application Data\MediaGet2\mediaget.exe" = C:\Documents and Settings\Don\Local Settings\Application Data\MediaGet2\mediaget.exe:*:Enabled:MediaGet torrent client
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1" = AppGraffiti
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Foldit" = Foldit
"GamingWonderlandbar Uninstall" = GamingWonderland Toolbar
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InterActual Player" = InterActual Player
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TelevisionFanaticbar Uninstall" = TelevisionFanatic Toolbar
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"TotalRecipeSearch_14bar Uninstall" = TotalRecipeSearch Toolbar
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"yourlocallotto1_20bar Uninstall" = YourLocalLotto Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2561889146-3969142049-1357816821-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9193306E-5935-47E0-B458-2548778C1614}_is1" = MediaGet2 version 2.1.890.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/24/2012 3:38:39 AM | Computer Name = DON-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/24/2012 3:38:54 AM | Computer Name = DON-LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 11/29/2012 2:04:58 AM | Computer Name = DON-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/6/2012 1:52:18 PM | Computer Name = DON-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/21/2012 5:38:41 PM | Computer Name = DON-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/14/2013 7:27:15 PM | Computer Name = DON-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/17/2013 1:02:30 AM | Computer Name = DON-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/19/2013 1:40:25 PM | Computer Name = DON-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2013 3:01:38 PM | Computer Name = DON-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/20/2013 3:01:54 PM | Computer Name = DON-LAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 6/8/2013 10:16:00 AM | Computer Name = DON-LAPTOP | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 6/8/2013 10:16:30 AM | Computer Name = DON-LAPTOP | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 6/8/2013 10:17:00 AM | Computer Name = DON-LAPTOP | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 6/8/2013 10:17:30 AM | Computer Name = DON-LAPTOP | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 6/8/2013 10:18:00 AM | Computer Name = DON-LAPTOP | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 6/8/2013 10:18:30 AM | Computer Name = DON-LAPTOP | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 6/8/2013 10:19:00 AM | Computer Name = DON-LAPTOP | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 6/8/2013 10:19:30 AM | Computer Name = DON-LAPTOP | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 6/8/2013 10:20:00 AM | Computer Name = DON-LAPTOP | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 6/8/2013 10:20:30 AM | Computer Name = DON-LAPTOP | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.


< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There are a fair few adware toolbars showing so I will clear those as well. On completion of this can you let me know what problems are outstanding

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...search&AF=17434
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\SearchScopes\{A531D99C-5A22-449b-83DA-872725C6D0ED}: "URL" = http://search.alot.c...on=1.3.0001.0(B)
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3196716
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.co...&iwk=254&lng=en
IE - HKU\S-1-5-21-2561889146-3969142049-1357816821-1006\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebs...r={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17434"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home?AF=17434"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
[2011/04/05 15:22:54 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\[email protected]
[2011/04/05 15:22:48 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/04/05 18:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\BabylonToolbar
[2013/06/08 10:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\PriceGong
[2012/10/02 10:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\SiteRanker
[2013/01/18 01:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Systweak
[2012/10/12 02:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SiteRanker

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#5
PKL2011

PKL2011

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OTL logfile created on: 6/8/2013 10:14:38 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 704.31 Mb Available Physical Memory | 69.46% Memory free
2.39 Gb Paging File | 2.17 Gb Available in Paging File | 90.97% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.28 Gb Total Space | 62.24 Gb Free Space | 83.78% Space Free | Partition Type: NTFS
Drive E: | 490.72 Mb Total Space | 445.95 Mb Free Space | 90.88% Space Free | Partition Type: FAT

Computer Name: DON-LAPTOP | User Name: Don | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/08 14:03:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2013/04/25 23:10:12 | 001,712,280 | ---- | M] (Inbox.com, Inc.) -- C:\Program Files\Inbox Toolbar\Inbox.exe
PRC - [2011/09/20 15:15:28 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/02 03:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/01/05 18:02:24 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005/12/05 13:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/30 16:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/11/28 12:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 12:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/02 04:41:04 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/10/06 09:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/05/31 22:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 21:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 20:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/03/11 19:03:16 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
PRC - [2005/01/17 04:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/08/27 12:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/27 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2004/08/17 15:37:44 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe


========== Modules (No Company Name) ==========

MOD - [2006/01/04 22:14:36 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2005/11/28 12:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 12:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/28 12:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/11/03 12:37:58 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/06/22 10:31:00 | 000,073,728 | ---- | M] () -- C:\Program Files\Sonic\RecordNow!\shlext.dll
MOD - [2002/03/03 08:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/05/21 14:13:56 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\GamingWonderland\bar\2.bin\gtbarsvc.exe -- (GamingWonderlandService)
SRV - [2013/05/15 01:06:39 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/09/20 15:15:28 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.229\McCHSvc.exe -- (McComponentHostService)
SRV - [2005/12/20 15:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/01/17 04:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/27 12:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2005/12/09 04:48:40 | 004,123,136 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2005/12/05 05:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005/11/30 15:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/29 22:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 13:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/14 21:00:22 | 001,122,656 | R--- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/20 18:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/06 09:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 09:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 09:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 09:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 09:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 09:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 09:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/09 18:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 16:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 16:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/06/01 15:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/01/29 02:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/01/24 15:43:40 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tbiosdrv.sys -- (TBiosDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?fr=fp-reg
IE - HKLM\..\SearchScopes,DefaultScope = {cca2e567-1987-4100-a3c6-5b4267084510}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9215525D-4BC2-4DD1-BC76-19D7300E0093}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www2.inbox.co...tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...CFelAMgodxDcAgQ
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{9215525D-4BC2-4DD1-BC76-19D7300E0093}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:2.7.2.0
FF - prefs.js..extensions.enabledItems:
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@GamingWonderland.com/Plugin: C:\Program Files\GamingWonderland\bar\2.bin\NPgtStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TotalRecipeSearch_14.com/Plugin: C:\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@yourlocallotto1_20.com/Plugin: C:\Program Files\yourlocallotto1_20\bar\1.bin\NP20Stub.dll (MindSpark)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\14ffxtbr@TotalRecipeSearch_14.com: C:\Program Files\TotalRecipeSearch_14\bar\1.bin [2013/06/08 17:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SiteRanker\firefox\ [2012/10/02 10:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\20ffxtbr@yourlocallotto1_20.com: C:\Program Files\yourlocallotto1_20\bar\1.bin [2013/06/08 17:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\TelevisionFanatic\bar\1.bin [2013/06/08 17:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\GamingWonderland\bar\2.bin [2013/06/08 17:14:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 18:22:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/03 18:22:03 | 000,000,000 | ---D | M]

[2010/11/03 18:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Don\Application Data\Mozilla\Extensions
[2013/05/21 14:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions
[2010/11/07 22:36:06 | 000,000,000 | ---D | M] (uTorrentBar Toolbar) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012/02/21 23:40:52 | 000,000,000 | ---D | M] (TotalRecipeSearch) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\14ffxtbr@TotalRecipeSearch_14.com
[2012/11/12 13:05:26 | 000,000,000 | ---D | M] (YourLocalLotto Toolbar) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\20ffxtbr@yourlocallotto1_20.com
[2012/11/21 19:37:24 | 000,000,000 | ---D | M] (TelevisionFanatic) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\[email protected]
[2012/09/13 09:21:51 | 000,000,000 | ---D | M] (AppGraffiti) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\[email protected]
[2013/05/21 14:14:00 | 000,000,000 | ---D | M] (GamingWonderland) -- C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\[email protected]
[2011/04/05 20:45:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\GamingWonderland\bar\2.bin\NPgtStub.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\TelevisionFanatic\bar\1.bin\NP64Stub.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\yourlocallotto1_20\bar\1.bin\NP20Stub.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/06/08 22:12:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTo2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [InboxToolbar] C:\Program Files\Inbox Toolbar\Inbox.exe (Inbox.com, Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [AGupdate] C:\Program Files\AppGraffiti\AGupdate.exe (Omega Partners Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.gamin...2013052114&cv=1 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1288783809292 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABBB4B52-C748-4ABB-A7E0-6973D561EC97}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/21 06:35:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/08 10:12:25 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013/06/08 10:11:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/21 14:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\GamingWonderland
[2013/05/09 22:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
[2013/05/09 22:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Don\Application Data\Inbox Toolbar
[2013/05/09 22:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Inbox Toolbar

========== Files - Modified Within 30 Days ==========

[2013/06/08 22:14:05 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/08 22:13:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/06/08 22:13:52 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/08 22:12:43 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/06/08 22:12:05 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E12114FD-365E-4D33-9501-13C8776D0DA3}.job
[2013/06/08 17:34:35 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/05/25 13:57:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/25 01:06:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/21 22:42:45 | 000,000,290 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Topics - Myzer.com.url
[2013/05/18 17:04:19 | 000,000,261 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\OLG - Winning Numbers.url
[2013/05/16 14:50:55 | 000,104,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/16 14:27:38 | 000,442,052 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/16 14:27:38 | 000,071,822 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/16 13:26:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/16 13:12:25 | 000,000,340 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\Online Banking.url
[2013/05/16 13:11:00 | 000,000,405 | ---- | M] () -- C:\Documents and Settings\Don\Desktop\RBC Royal Bank - Sign In to Online Banking.url

========== Files Created - No Company Name ==========

[2013/06/08 10:14:31 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/24 23:16:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/14 21:54:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== ZeroAccess Check ==========

[2006/02/21 09:51:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/04/26 08:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Media Get LLC
[2012/09/13 09:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\AppGraffiti
[2013/06/08 22:12:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\BabylonToolbar
[2013/05/09 22:57:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Inbox Toolbar
[2011/04/26 08:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Media Get LLC
[2012/08/15 14:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\Party
[2006/02/21 11:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\toshiba
[2011/04/26 00:02:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\uTorrent
[2012/11/12 13:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Don\Application Data\yourlocallotto1_20

========== Purity Check ==========



< End of report >


# AdwCleaner v2.302 - Logfile created 06/08/2013 at 22:21:05
# Updated 06/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Don - DON-LAPTOP
# Boot Mode : Normal
# Running from : E:\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : GamingWonderlandService

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\AppGraffiti
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\SiteRanker
Folder Deleted : C:\Documents and Settings\Don\Application Data\AppGraffiti
Folder Deleted : C:\Documents and Settings\Don\Application Data\BabylonToolbar
Folder Deleted : C:\Documents and Settings\Don\Application Data\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\Conduit
Folder Deleted : C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\CT2786678
Folder Deleted : C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Deleted : C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\14ffxtbr@TotalRecipeSearch_14.com
Folder Deleted : C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\20ffxtbr@yourlocallotto1_20.com
Folder Deleted : C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\Don\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Don\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\Don\Local Settings\Application Data\uTorrentBar
Folder Deleted : C:\Program Files\AppGraffiti
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\GamingWonderland
Folder Deleted : C:\Program Files\Inbox Toolbar
Folder Deleted : C:\Program Files\SiteRanker
Folder Deleted : C:\Program Files\TelevisionFanatic
Folder Deleted : C:\Program Files\uTorrentBar

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppGraffiti
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Inbox Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{037AD39A-4B17-4DF1-8AC6-79AB7898C8BE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0696F815-A3A9-490A-BB14-9EC3350B1276}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\uTorrentBar
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\AppGraffiti
Key Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{037AD39A-4B17-4DF1-8AC6-79AB7898C8BE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.AppServer
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.IBX404
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.JSServer
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{19B8E27C-72BF-43BE-AFB5-484B6074193E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AEE62ADA-A650-426A-AB71-607AC26B47C5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{037AD39A-4B17-4DF1-8AC6-79AB7898C8BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\Software\uTorrentBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [InboxToolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^Z7^xdm029^S05149^ca&ptb=7FB2D870-6F02-4E01-A374-1985DBE157DA&si=CMGAjbXmp7cCFelAMgodxDcAgQ --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6.12 (en-US)

File : C:\Documents and Settings\Don\Application Data\Mozilla\Firefox\Profiles\bdam2o5r.default\prefs.js

Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CurrentServerDate", "10-9-2011");
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Sat Sep 10 2011 09:37:21 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 550);
Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Sun May 15 2011 11:55:52 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Sun May 15 2011 11:55:53 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Sun May 15 2011 11:55:52 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Sun May 15 2011 11:55:52 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Sun May 15 2011 11:55:52 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Sun May 15 2011 11:55:52 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Sun May 15 2011 11:55:52 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Sun May 15 2011 11:55:52 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Sun May 15 2011 11:55:52 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Sun May 15 2011 11:55:52 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Sun May 15 2011 11:55:52 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Sat Sep 10 2011 09:26:22 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Sat Sep 10 2011 09:26:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Sat Sep 10 2011 09:26:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Sat Sep 10 2011 09:26:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Sat Sep 10 2011 09:26:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Sat Sep 10 2011 09:26:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Sat Sep 10 2011 09:26:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Sat Sep 10 2011 09:26:22 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Sat Sep 10 2011 09:26:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Sat Sep 10 2011 09:26:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Sat Sep 10 2011 09:26:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "28-12-2010");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2786678.InstalledDate", "Mon Dec 27 2010 17:31:45 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", false);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Sat Sep 10 2011 09:26:19 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_2.7.2.0", "Sat Sep 10 2011 09:26:20 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2786678.LatestVersion", "3.6.0.10");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.LoginCache", 4);
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2786678.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sat Sep 10 2011 09:26:19 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2786678.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Sat Sep 10 2011 09:26:18 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1313448551");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sat Sep 10 2011 09:26:17 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2786678.UserID", "UN72226589398209022");
Deleted : user_pref("CT2786678.ValidationData_Search", 0);
Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Sat Sep 10 2011 09:26:22 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2786678.WeatherUnit", "F");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E676F6F676C652E63612F75726C3[...]
Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333135363631363831373833");
Deleted : user_pref("CT2786678.clientLogIsEnabled", true);
Deleted : user_pref("CT2786678.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Sep 10 2011 09:26:20 GMT-0400 (Eas[...]
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 10);
Deleted : user_pref("extensions.BabylonToolbar.cntry", "CA");
Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "9C08DF7C37C9861C96F5B167EF962508");
Deleted : user_pref("extensions.BabylonToolbar.lastActv", "10");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 10);

-\\ Google Chrome v27.0.1453.110

File : C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [23937 octets] - [08/06/2013 22:21:05]

########## EOF - C:\AdwCleaner[S1].txt - [23998 octets] ##########
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer behaving now, any outstanding problems ?
  • 0

#7
PKL2011

PKL2011

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Seems to be working. If the Ukash is gone i'm pretty sure that was the only issue. The real test will be when I return the laptop to my father in law...

Thanks so much for your assistance!
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP