Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help, malware problem again [Solved]


  • This topic is locked This topic is locked

#1
rigs

rigs

    Member

  • Member
  • PipPipPip
  • 322 posts
Last night, I noticed my windows security essentials warnings to scan my pc and that it may be at risk. I did. It was normal for a few minutes than it started to warn me again. I immediately came to conclude that my pc may have a malware. I had a similar problem about a year ago. So I ran a malawarebytes quick scan and it detected 128 infections. I removed all of them and my WSE went back to normal. I turned off my pc. This morning, I turned my pc on and the problem was back. This time I ran a full malawarebytes scan. This time it only detected 4 infections. I removed them and my WSE started acting up again. Both times I ran WSE and both times it tells me that I hadn’t run WSE in a while. Like I mentioned before. I had a similar problem about a year ago. Since I didn’t want to bother you guys, again. I was going to look for the old posting and go from there. Then I realized that it may be a different and more serious malware that’s inside my system, this time. I’m running windows 7 64. I hope you guys can help me, again. now I'm posting the corect log in the next message window....



Thank You

Edited by rigs, 11 August 2013 - 09:11 PM.

  • 0

Advertisements


#2
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok, here's the OTL log







OTL logfile created on: 8/11/2013 7:26:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RIGO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 60.76% Memory free
7.98 Gb Paging File | 6.09 Gb Available in Paging File | 76.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 171.54 Gb Free Space | 60.53% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.15 Gb Free Space | 48.84% Space Free | Partition Type: NTFS
Drive E: | 6.67 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 3.73 Gb Total Space | 3.69 Gb Free Space | 98.76% Space Free | Partition Type: NTFS
Drive K: | 7.39 Gb Total Space | 7.28 Gb Free Space | 98.39% Space Free | Partition Type: FAT32

Computer Name: PC | User Name: RIGO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/11 19:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.exe
PRC - [2013/07/25 11:57:36 | 000,853,800 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
PRC - [2013/07/25 11:57:08 | 000,548,136 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013/07/25 11:56:22 | 001,650,472 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
PRC - [2013/07/22 10:35:19 | 017,289,640 | ---- | M] (Zemana Ltd.) -- C:\Program Files (x86)\AntiLogger\AntiLogger.exe
PRC - [2013/06/30 10:31:02 | 001,888,576 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2013/06/19 16:55:32 | 008,136,504 | ---- | M] (Lamantine Software a.s.) -- C:\Program Files (x86)\Sticky Password\stpass.exe
PRC - [2013/04/18 20:38:38 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2013/04/16 14:47:42 | 001,799,680 | ---- | M] (xwidget.com) -- C:\Program Files (x86)\XWidget\xwidget.exe
PRC - [2013/04/03 01:47:54 | 006,096,992 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE
PRC - [2013/03/25 01:36:10 | 003,679,344 | ---- | M] (GetGo Software) -- C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GetGoDM.exe
PRC - [2013/02/26 12:22:40 | 000,071,280 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2012/11/29 21:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/11/09 14:44:10 | 000,366,576 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
PRC - [2012/11/09 14:44:10 | 000,264,176 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
PRC - [2012/04/16 19:49:41 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2010/10/29 15:43:54 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/24 14:18:40 | 000,744,744 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
MOD - [2013/06/08 18:14:16 | 000,048,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2013/04/03 01:47:54 | 006,096,992 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GOM.EXE
MOD - [2013/04/03 00:13:20 | 000,935,424 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GSFU.ax
MOD - [2013/02/25 21:03:32 | 005,414,400 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\libavcodec.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013/01/13 22:56:44 | 007,831,311 | ---- | M] () -- C:\Users\RIGO\AppData\Roaming\MediaFilters\LAV\avcodec-lav-54.dll
MOD - [2013/01/13 22:56:44 | 001,251,612 | ---- | M] () -- C:\Users\RIGO\AppData\Roaming\MediaFilters\LAV\avformat-lav-54.dll
MOD - [2013/01/13 22:56:44 | 000,242,190 | ---- | M] () -- C:\Users\RIGO\AppData\Roaming\MediaFilters\LAV\avutil-lav-52.dll
MOD - [2013/01/13 22:56:44 | 000,159,427 | ---- | M] () -- C:\Users\RIGO\AppData\Roaming\MediaFilters\LAV\avresample-lav-1.dll
MOD - [2012/11/29 21:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/29 21:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/11/09 14:44:14 | 000,108,448 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\PMC.dll
MOD - [2012/11/09 14:44:14 | 000,071,664 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
MOD - [2012/11/09 14:44:12 | 000,268,272 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
MOD - [2012/11/09 14:44:11 | 000,133,104 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
MOD - [2012/11/09 14:44:11 | 000,079,856 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll
MOD - [2012/11/09 14:44:11 | 000,032,680 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll
MOD - [2012/07/10 02:24:22 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GRFU.ax
MOD - [2012/05/21 19:05:24 | 003,449,856 | ---- | M] () -- C:\Program Files (x86)\ffdshow\ffdshow.ax
MOD - [2011/05/16 19:49:30 | 000,421,520 | ---- | M] () -- C:\Program Files (x86)\GRETECH\GomPlayer\GomTVStrm.dll
MOD - [2009/08/12 12:09:14 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\XWidget\Res\Lib\lib.dll
MOD - [2009/08/11 22:21:20 | 001,021,440 | ---- | M] () -- C:\Program Files (x86)\AC3Filter\ac3filter_intl.dll
MOD - [2009/08/11 22:19:04 | 000,797,184 | ---- | M] () -- C:\Program Files (x86)\AC3Filter\ac3filter.ax


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/26 18:13:08 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV:64bit: - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/28 07:37:22 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV - [2013/08/10 13:35:11 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/25 11:57:36 | 000,853,800 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe -- (hshld)
SRV - [2013/07/25 11:57:08 | 000,548,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/07/23 21:17:10 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/07/08 15:12:10 | 000,028,160 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Spotflux\services\SpotfluxUpdateService.exe -- (SpotfluxUpdateService)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/22 14:51:07 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013/02/26 12:22:40 | 000,071,280 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/04/16 19:49:41 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/08 05:50:20 | 000,450,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto | Running] -- C:\Windows\SysWOW64\STGRAMDiskHandler64.exe -- (Steganos Volatile Disk)
SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/06 22:18:04 | 000,049,240 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2013/07/23 21:12:40 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/28 18:12:28 | 000,039,104 | ---- | M] (Spotflux, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapSF0901.sys -- (tapSF0901)
DRV:64bit: - [2013/05/22 18:49:32 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2013/04/24 14:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/07 12:51:18 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 01:59:16 | 000,694,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/03 09:45:08 | 000,028,576 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt.com) [Driver] [Kernel | System | Running] -- C:\Windows\SysNative\drivers\STGMFEngine64.sys -- (STGMFEngine64)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/09 19:05:24 | 000,032,840 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 09:06:18 | 000,197,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{79381CE2-7FB3-4DA9-A3DC-8EC4450E03CF}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {9AC1829D-7A9A-4919-903D-BDE627217599}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ew...ack/UP97_FRPage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.b1.org...xr&chid=c167991
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...51-37BEAD97B630
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {9AC1829D-7A9A-4919-903D-BDE627217599}
IE - HKCU\..\SearchScopes\{29CB62DF-BBC4-470B-8CBF-2B9FB07C4EC0}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{9AC1829D-7A9A-4919-903D-BDE627217599}: "URL" = http://search.condui...4417450229&UM=2
IE - HKCU\..\SearchScopes\{F01B81B9-BD9D-4301-938E-5E8B2B354E2A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\3B4DB950577045D68081C69BD7B8D762: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\RIGO\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\RIGO\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: File not found
FF - HKCU\Software\MozillaPlugins\@stickypassword.com/Sticky Password: C:\Program Files (x86)\Sticky Password\npspAutofill.dll (Lamantine Software a.s.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\RIGO\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\RIGO\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/13 19:14:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/10 14:39:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013/08/10 18:39:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/22 14:51:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/22 14:50:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Ex\\UnicodeExtensionMap: 0000000E9FD0003BF13CEA4EC7DE7926C3C4D5AE
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\RIGO\AppData\Roaming\Move Networks [2010/01/02 21:25:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/13 19:14:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{54affe52-8223-453b-be1e-2fe2e250045c}: C:\Users\RIGO\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2013/07/23 22:43:11 | 000,000,000 | ---D | M]

[2009/11/14 15:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Extensions
[2013/07/22 22:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions
[2013/01/22 19:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/07/22 22:22:59 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]
[2013/08/10 16:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions
[2013/07/30 20:02:36 | 000,000,000 | ---D | M] ("VisualBee") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com
[2013/08/10 16:45:26 | 000,000,000 | ---D | M] ("CouponDropDown Plugin") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]a08d473a7.com
[2013/07/22 22:22:59 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]
[2012/11/01 20:04:38 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]
[2012/12/22 14:25:16 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]
[2013/07/30 20:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com\chrome\content\extensionCode
[2013/08/10 16:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]a08d473a7.com\chrome\content\extensionCode
[2012/11/01 20:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]\chrome\content\extensionCode
[2013/08/10 16:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions
[2013/07/30 20:02:39 | 000,000,000 | ---D | M] ("VisualBee") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]13a3-4d42-8e90-53d9930111f9.com
[2013/08/10 16:45:29 | 000,000,000 | ---D | M] ("CouponDropDown Plugin") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]a08d473a7.com
[2013/07/22 22:22:59 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]
[2013/07/30 20:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com\chrome\content\extensionCode
[2013/08/10 16:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]a08d473a7.com\chrome\content\extensionCode
[2013/07/22 22:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk2y75.test\extensions
[2013/07/22 22:23:00 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk2y75.test\extensions\[email protected]
[2012/11/01 20:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk2y75.test\extensions\staged
[2013/07/22 22:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\hligfgny.rigo\extensions
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\hligfgny.rigo\extensions\[email protected]
[2012/11/01 20:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\hligfgny.rigo\extensions\staged
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\[email protected]
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\extensions
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\extensions\[email protected]
[2013/01/22 18:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\hligfgny.rigo\extensions
[2013/01/22 18:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\hligfgny.rigo\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/08/10 16:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions
[2013/04/20 20:37:12 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2013/05/03 22:20:19 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/07/19 22:24:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/08/07 20:01:50 | 000,000,000 | ---D | M] ("ImageHost Grabber") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
[2013/07/30 22:00:11 | 000,000,000 | ---D | M] (VisualBee V.6) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{f0af464e-5167-45cf-9cf0-66b396d1918c}
[2013/07/04 13:23:59 | 000,000,000 | ---D | M] (Theme Font & Size Changer) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2013/08/10 16:45:33 | 000,000,000 | ---D | M] ("CouponDropDown Plugin") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]a08d473a7.com
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/12 00:13:35 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 20:01:50 | 000,000,000 | ---D | M] (Image Picker) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/13 14:34:13 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/10 16:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]a08d473a7.com\chrome\content\extensionCode
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\pj3kgqd2.default\extensions
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\pj3kgqd2.default\extensions\[email protected]
[2013/01/16 00:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\pj3kgqd2.default\extensions\staged
[2013/01/22 18:55:02 | 000,066,364 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]
[2013/01/22 18:54:39 | 002,284,120 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
[2013/04/18 20:02:16 | 000,087,601 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\[email protected]
[2013/04/18 20:02:39 | 000,068,740 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\[email protected]
[2013/04/18 20:02:39 | 002,478,880 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
[2013/04/18 20:02:16 | 001,414,197 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
[2013/08/07 20:01:50 | 000,109,379 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/27 22:09:46 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 20:01:50 | 000,052,187 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/23 21:43:12 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/29 21:43:13 | 000,320,147 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/09 12:39:27 | 000,113,140 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 00:00:10 | 000,088,434 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/04/18 22:15:16 | 000,094,803 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]_Noia4dev.xpi
[2013/07/04 21:45:56 | 000,152,889 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/04 22:01:12 | 000,004,905 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/22 22:20:36 | 000,353,425 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/05 16:39:24 | 000,240,755 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/04 22:28:33 | 000,004,539 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 20:01:50 | 000,249,326 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/09 13:46:43 | 000,187,236 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/06/13 22:20:31 | 000,017,757 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 20:01:50 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/07/25 22:04:40 | 000,023,087 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}.xpi
[2013/08/07 20:01:50 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/07/04 17:38:56 | 000,048,903 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi
[2013/06/11 14:19:15 | 000,125,320 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
[2013/08/07 00:00:10 | 001,449,063 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
[2013/08/05 16:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/15 21:50:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/22 14:50:21 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/05/22 14:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/05/22 14:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/07/23 20:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/04 18:08:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/23 20:35:17 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]
[2013/07/04 18:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/07/04 18:00:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/04 18:00:13 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2013/07/04 18:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2013/07/04 18:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2013/07/04 17:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013/07/04 17:59:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/05/28 21:16:45 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\mozilla firefox\plugins\NPTURNMED.dll
[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll
[2011/12/16 16:14:50 | 000,002,067 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml

O1 HOSTS File: ([2013/07/31 14:23:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (GetGo URLCatch) - {0315AA2C-10C7-4504-A1C4-F552ABA8A095} - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\URLCatch.dll (GetGo Software)
O2 - BHO: (no name) - {11111111-1111-1111-1111-110011441193} - No CLSID value found.
O2 - BHO: (no name) - {11111111-1111-1111-1111-110211181104} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (GetGo Toolbar) - {075BBE29-FEC0-404a-A459-FF58713616FA} - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGToolBand.dll (GetGo Software)
O3 - HKLM\..\Toolbar: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files (x86)\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Sticker] C:\Program Files (x86)\Sticker\Sticker.exe (trion)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKCU..\Run: [GetGoDM] C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GetGoDM.exe (GetGo Software)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [StickyPassword] C:\Program Files (x86)\Sticky Password\stpass.exe (Lamantine Software a.s.)
O4 - HKCU..\Run: [xwidget] C:\Program Files (x86)\XWidget\xwidget.exe (xwidget.com)
O4 - Startup: C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O8:64bit: - Extra context menu item: &Down&load &Link& Us&ing Ge&tGo - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGCatch.htm ()
O8:64bit: - Extra context menu item: &Down&load All &Links& Us&ing Ge&tGo - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGCatchAll.htm ()
O8:64bit: - Extra context menu item: &GetGo Toolbar Search - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGToolBand.dll (GetGo Software)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: &Down&load &Link& Us&ing Ge&tGo - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGCatch.htm ()
O8 - Extra context menu item: &Down&load All &Links& Us&ing Ge&tGo - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGCatchAll.htm ()
O8 - Extra context menu item: &GetGo Toolbar Search - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGToolBand.dll (GetGo Software)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: GetGo - {01A13E40-2F55-4397-B39B-7851BCFB8008} - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GetGoDM.exe (GetGo Software)
O9 - Extra 'Tools' menuitem : GetGo Download Manager - {01A13E40-2F55-4397-B39B-7851BCFB8008} - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GetGoDM.exe (GetGo Software)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{833B7B77-AE2F-429E-AE62-A586F8191956}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C63867C0-F8B9-4190-B9EF-5B499D70B5C1}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC4FAEBF-33E1-45F7-B845-9EB92CD3C635}: NameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\RIGO\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\RIGO\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files (x86)\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/11 19:24:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.exe
[2013/08/11 14:54:56 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Documents\GomPlayer
[2013/08/11 14:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2013/08/11 14:54:17 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\GRETECH
[2013/08/11 13:20:12 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Media Player Classic
[2013/08/10 22:40:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/10 22:40:14 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/10 22:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/10 22:09:15 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Daum
[2013/08/10 20:47:47 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\OpenOffice
[2013/08/10 18:51:06 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Freemake Music Box
[2013/08/10 18:50:49 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Documents\Freemake
[2013/08/10 18:50:10 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/08/10 18:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/08/10 18:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013/08/10 18:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013/08/10 18:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/08/10 17:52:49 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0
[2013/08/10 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2013/08/10 16:49:05 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Streaming Video Downloader
[2013/08/10 16:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streaming Video Downloader
[2013/08/10 16:45:42 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Updater27793
[2013/08/10 16:45:19 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\CouponDropDown Plugin
[2013/08/10 16:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CouponDropDown Plugin
[2013/08/10 16:45:11 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Documents\Hanso Recorder
[2013/08/10 16:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hanso Recorder
[2013/08/10 16:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hanso Recorder
[2013/08/09 20:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\spotflux
[2013/08/09 14:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sanwhole
[2013/08/06 22:18:04 | 000,049,240 | ---- | C] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/08/06 22:18:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\{33CC04A6-7C06-4D73-B22D-D63FE2603F84}
[2013/08/06 22:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger
[2013/08/06 22:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AntiLogger
[2013/08/05 16:39:23 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\GetGo Software
[2013/08/05 16:39:09 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GetGo Software
[2013/08/05 16:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetGo Software
[2013/08/05 16:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013/08/01 22:22:44 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\wurst
[2013/07/31 18:10:23 | 000,000,000 | ---D | C] -- C:\Users\RIGO\.swt
[2013/07/31 18:09:26 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotflux
[2013/07/31 18:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spotflux
[2013/07/31 18:03:10 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\.spotflux
[2013/07/30 20:25:10 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/07/30 20:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/07/30 20:00:59 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Conduit
[2013/07/30 20:00:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/07/30 19:59:38 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\SearchProtect
[2013/07/30 19:59:01 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\emaze
[2013/07/30 14:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\iQNotes
[2013/07/28 21:54:57 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gmail Notifier
[2013/07/24 22:20:08 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2013/07/23 13:21:29 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Desktop\utmp
[2013/07/23 13:16:44 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Awesomium
[2013/07/23 13:13:24 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Badosoft
[2013/07/23 13:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Badosoft
[2013/07/19 21:23:25 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\PotPlayer64
[2013/07/19 13:13:00 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\PotPlayerMini64
[2013/07/19 13:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Daum
[2013/07/19 13:08:54 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
[2013/07/19 13:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
[2013/07/19 13:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\DAUM
[2013/07/19 13:04:56 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Aurora Software
[2013/07/19 13:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aurora Software
[2013/07/18 22:33:43 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/07/18 20:49:40 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Documents\Bulk Image Downloader
[2013/07/18 20:16:50 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\TheImageCollector
[2013/07/13 14:31:21 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2013/07/04 22:14:21 | 005,401,296 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2013/04/12 13:18:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\RIGO\AppData\Roaming\pcouffin.sys
[2012/12/08 20:16:38 | 014,794,312 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/11 19:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.exe
[2013/08/11 18:45:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/11 16:48:00 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\RGames Updater.job
[2013/08/11 15:23:37 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/11 15:23:37 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/11 15:20:26 | 000,001,926 | ---- | M] () -- C:\Windows\tasks\VisualBee-chromeinstaller.job
[2013/08/11 15:20:26 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013/08/11 15:20:25 | 000,001,850 | ---- | M] () -- C:\Windows\tasks\VisualBee-firefoxinstaller.job
[2013/08/11 15:20:25 | 000,001,222 | ---- | M] () -- C:\Windows\tasks\VisualBee-codedownloader.job
[2013/08/11 15:15:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/11 14:54:25 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2013/08/10 22:40:24 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/10 22:13:07 | 000,443,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/10 18:50:09 | 000,001,214 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Music Box.lnk
[2013/08/10 18:43:02 | 000,001,205 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013/08/10 17:52:49 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
[2013/08/10 16:49:05 | 000,001,264 | ---- | M] () -- C:\Users\RIGO\Desktop\Streaming Video Downloader.lnk
[2013/08/10 16:45:11 | 000,001,069 | ---- | M] () -- C:\Users\RIGO\Application Data\Microsoft\Internet Explorer\Quick Launch\Hanso Recorder.lnk
[2013/08/10 16:45:11 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Hanso Recorder.lnk
[2013/08/10 16:42:41 | 000,000,000 | ---- | M] () -- C:\end
[2013/08/09 20:02:26 | 000,001,851 | ---- | M] () -- C:\Users\RIGO\Desktop\Spotflux.lnk
[2013/08/09 00:25:54 | 000,000,600 | ---- | M] () -- C:\Users\RIGO\PUTTY.RND
[2013/08/08 00:39:49 | 000,034,134 | ---- | M] () -- C:\Windows\CUAppUsage.Dat
[2013/08/07 22:26:00 | 000,001,270 | ---- | M] () -- C:\Users\RIGO\Documents\cc_20130807_222553.reg
[2013/08/06 22:18:04 | 000,049,240 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/08/06 22:18:00 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\AntiLogger.lnk
[2013/08/05 22:09:02 | 000,000,792 | ---- | M] () -- C:\Users\RIGO\Documents\cc_20130805_220855.reg
[2013/08/05 16:39:11 | 000,001,215 | ---- | M] () -- C:\Users\RIGO\Desktop\GetGo Download Manager.lnk
[2013/08/04 23:00:27 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Surf Anonymous Free.lnk
[2013/08/03 22:38:47 | 000,014,866 | ---- | M] () -- C:\Users\RIGO\Documents\cc_20130803_223834.reg
[2013/07/30 22:02:22 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/30 20:24:43 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/07/25 22:13:47 | 000,000,228 | ---- | M] () -- C:\Users\RIGO\Desktop\u.ini
[2013/07/24 22:19:42 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2013/07/23 21:12:40 | 000,046,792 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/07/22 22:40:42 | 000,002,036 | ---- | M] () -- C:\Users\RIGO\Desktop\KCleaner.lnk
[2013/07/22 22:22:53 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013/07/22 22:22:52 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/07/22 22:17:38 | 000,008,956 | ---- | M] () -- C:\Users\RIGO\Documents\cc_20130722_221733.reg
[2013/07/18 22:33:43 | 000,001,230 | ---- | M] () -- C:\Users\RIGO\Desktop\Revo Uninstaller.lnk
[2013/07/13 14:31:09 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/11 14:54:25 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2013/08/10 22:40:24 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/10 18:50:09 | 000,001,214 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Music Box.lnk
[2013/08/10 17:52:49 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
[2013/08/10 16:49:05 | 000,001,264 | ---- | C] () -- C:\Users\RIGO\Desktop\Streaming Video Downloader.lnk
[2013/08/10 16:45:11 | 000,001,069 | ---- | C] () -- C:\Users\RIGO\Application Data\Microsoft\Internet Explorer\Quick Launch\Hanso Recorder.lnk
[2013/08/10 16:45:11 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Hanso Recorder.lnk
[2013/08/07 22:25:55 | 000,001,270 | ---- | C] () -- C:\Users\RIGO\Documents\cc_20130807_222553.reg
[2013/08/06 22:18:00 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\AntiLogger.lnk
[2013/08/05 22:08:58 | 000,000,792 | ---- | C] () -- C:\Users\RIGO\Documents\cc_20130805_220855.reg
[2013/08/05 16:39:11 | 000,001,215 | ---- | C] () -- C:\Users\RIGO\Desktop\GetGo Download Manager.lnk
[2013/08/03 22:38:45 | 000,014,866 | ---- | C] () -- C:\Users\RIGO\Documents\cc_20130803_223834.reg
[2013/07/31 19:58:36 | 000,001,851 | ---- | C] () -- C:\Users\RIGO\Desktop\Spotflux.lnk
[2013/07/30 20:02:55 | 000,001,222 | ---- | C] () -- C:\Windows\tasks\VisualBee-codedownloader.job
[2013/07/30 20:02:32 | 000,001,850 | ---- | C] () -- C:\Windows\tasks\VisualBee-firefoxinstaller.job
[2013/07/30 20:02:27 | 000,001,926 | ---- | C] () -- C:\Windows\tasks\VisualBee-chromeinstaller.job
[2013/07/30 19:59:01 | 000,001,220 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2013/07/25 22:04:16 | 000,000,228 | ---- | C] () -- C:\Users\RIGO\Desktop\u.ini
[2013/07/24 22:19:44 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2013/07/23 20:30:06 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/07/23 13:21:31 | 000,000,600 | ---- | C] () -- C:\Users\RIGO\PUTTY.RND
[2013/07/23 13:21:18 | 002,000,488 | ---- | C] () -- C:\Users\RIGO\Desktop\u1301.exe
[2013/07/22 22:40:42 | 000,002,036 | ---- | C] () -- C:\Users\RIGO\Desktop\KCleaner.lnk
[2013/07/22 22:17:35 | 000,008,956 | ---- | C] () -- C:\Users\RIGO\Documents\cc_20130722_221733.reg
[2013/04/12 13:19:38 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\sysdvdcp6free.dll
[2013/04/12 13:18:48 | 000,099,384 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\inst.exe
[2013/04/12 13:18:48 | 000,007,859 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\pcouffin.cat
[2013/04/12 13:18:48 | 000,001,167 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\pcouffin.inf
[2013/03/17 20:21:01 | 000,034,134 | ---- | C] () -- C:\Windows\CUAppUsage.Dat
[2013/03/16 22:47:22 | 000,000,000 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\wklnhst.dat
[2013/03/07 20:00:58 | 000,007,680 | ---- | C] () -- C:\Windows\26034991.exe
[2013/03/07 20:00:58 | 000,000,004 | ---- | C] () -- C:\Windows\26034991.dat
[2013/03/07 12:54:46 | 000,007,680 | ---- | C] () -- C:\Windows\463619.exe
[2013/03/07 12:54:46 | 000,000,004 | ---- | C] () -- C:\Windows\463619.dat
[2013/03/07 01:42:24 | 000,007,680 | ---- | C] () -- C:\Windows\46609058.exe
[2013/03/07 01:42:24 | 000,000,004 | ---- | C] () -- C:\Windows\46609058.dat
[2013/03/06 12:53:00 | 000,007,680 | ---- | C] () -- C:\Windows\445460.exe
[2013/03/06 12:53:00 | 000,000,004 | ---- | C] () -- C:\Windows\445460.dat
[2013/03/06 01:38:12 | 000,007,680 | ---- | C] () -- C:\Windows\15752481.exe
[2013/03/06 01:38:12 | 000,000,004 | ---- | C] () -- C:\Windows\15752481.dat
[2013/03/05 21:15:13 | 000,007,680 | ---- | C] () -- C:\Windows\27602894.exe
[2013/03/05 21:15:13 | 000,002,056 | ---- | C] () -- C:\Windows\27602894.dat
[2012/12/22 14:25:43 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/12/03 20:40:58 | 000,000,322 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\burnaware.ini
[2012/12/01 13:47:07 | 000,000,090 | ---- | C] () -- C:\Windows\SysWow64\91207717.sys
[2012/08/23 19:53:29 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/07/10 19:38:40 | 000,000,106 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/06/22 22:10:12 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/28 16:59:14 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/03/02 20:48:53 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/01/28 17:56:54 | 006,664,208 | ---- | C] () -- C:\Windows\SysWow64\dvdripcore.dll
[2012/01/28 17:56:49 | 000,066,048 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll
[2011/08/22 16:21:58 | 000,011,545 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\UserTile.png
[2011/08/18 19:18:52 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/16 21:39:08 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\SysInfo.dll
[2011/05/02 14:41:46 | 000,051,802 | ---- | C] () -- C:\Users\RIGO\4e920be4_b4f8_fcc6_4e920be4_b4f8_fcc6.pdf
[2009/12/23 21:25:28 | 000,000,436 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\mainhst.zgh
[2009/11/14 16:22:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 08:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 08:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 08:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/14 12:21:31 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\.dvdcss
[2013/08/09 21:02:46 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\.spotflux
[2013/02/09 23:09:30 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\1-abc
[2011/04/29 14:46:06 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\4Media
[2009/11/14 15:56:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\4Team
[2013/05/03 22:12:26 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\7 Sticky Notes
[2011/11/26 23:16:27 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Abelssoft
[2009/11/14 15:56:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\AbleFaxTifView
[2013/04/17 13:28:24 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Actual Tools
[2012/05/05 15:55:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\AnnVideo
[2011/11/26 23:21:59 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\AnvSoft
[2013/08/05 15:01:00 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Ashampoo
[2011/10/04 18:59:21 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Atari
[2009/04/27 11:14:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Audio Caller ID
[2013/04/13 12:30:39 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Aunsoft
[2012/04/25 18:02:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\AutoHideIP
[2012/03/18 19:38:59 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Avanquest
[2013/07/23 13:16:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Awesomium
[2013/02/15 23:27:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\B1Toolbar
[2012/05/03 22:19:31 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Big Angry Dog
[2013/03/01 13:49:16 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\BinaryMark
[2013/03/20 22:50:26 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\BleachBit
[2010/10/07 21:19:47 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Blueberry
[2012/11/15 22:11:57 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\BlueSprig
[2012/09/12 15:23:16 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Byngo
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\com.AccuWeather.air.stratus.6AF67E59E785A9A644FCA43BED05A7731922EF40.1
[2009/04/27 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Cool Record Edit Deluxe
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Cool Record Edit Pro
[2012/04/02 19:00:50 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Creevity Mp3 Cover Downloader
[2013/06/11 19:51:42 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\CuteReminder
[2012/05/09 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\DAEMON Tools Lite
[2009/09/04 18:15:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\DAEMON Tools Pro
[2012/05/18 22:26:32 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Digiarty
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Diodia
[2013/04/04 12:29:05 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Downloaded Installations
[2011/10/28 23:12:18 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Dream Aquarium
[2013/08/10 18:43:18 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\DVDVideoSoft
[2013/02/15 23:20:34 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/07/10 18:53:05 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\EurekaLog
[2012/11/01 20:10:45 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Expert PDF Reader
[2010/06/27 17:44:04 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Facebook
[2013/02/15 00:10:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\FileOpen
[2012/08/27 14:02:34 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Firetrust
[2013/05/15 15:53:46 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\FN Clock
[2013/05/11 18:22:01 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Focus Mp3 Recorder
[2012/11/01 19:57:21 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Foxit Software
[2010/12/27 22:52:56 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Foxreal
[2013/04/16 18:50:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Free Audio Editor
[2013/05/31 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Free Easy Audio Recorder
[2012/08/13 22:18:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Free Mp3 Wma Ogg Converter
[2009/04/27 11:11:12 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Free Sound Recorder
[2010/10/10 11:16:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\FreeBurner
[2010/09/30 20:14:27 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\FreeFLVConverter
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Gabob.NowBoarding.B1EDF665FD3C3F3F09EA618A6CFE5BBDBDB5E912.1
[2012/04/10 13:16:04 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Gaijin Ent
[2012/06/24 20:36:12 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Get from YouTube
[2013/08/05 16:39:23 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\GetGo Software
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\GetRightToGo
[2007/01/01 04:10:02 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\GlarySoft
[2012/12/01 13:51:12 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Glarysoft Giveaway
[2012/04/17 20:29:34 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\HamsterSoft
[2013/02/07 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Hotspot Shield
[2011/05/24 14:00:12 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Image Zone Express
[2012/07/10 19:38:14 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Intermedia Software
[2013/04/23 23:08:09 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\IObit
[2013/03/10 22:48:50 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\IrfanView
[2013/04/27 13:33:24 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\KC Softwares
[2012/09/20 15:32:51 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\KeePass
[2012/11/22 15:03:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\kingsoft
[2013/04/09 22:41:51 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Kristanix Software
[2013/03/12 22:53:36 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Lamantine
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Leadertech
[2012/11/21 22:00:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Light Developer
[2012/03/18 21:15:46 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Littlelan
[2010/09/14 13:40:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\LogSys
[2012/04/08 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\MAGIX
[2011/09/23 19:58:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Marine Aquarium 3
[2013/04/07 12:50:27 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\MediaFilters
[2011/04/03 13:37:51 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\mediAvatar
[2011/08/20 13:38:40 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Modiac
[2012/07/08 20:18:37 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\MP3 Editor for Free
[2012/08/12 22:38:14 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Mp3tag
[2012/03/02 20:51:25 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\mresreg
[2012/08/14 22:15:06 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\MusicBrainz
[2013/07/18 20:19:15 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\NeoDownloader
[2013/02/15 00:10:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Nitro
[2013/06/08 14:22:38 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Nitro PDF
[2012/04/10 14:28:28 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Oberon Media
[2013/03/11 21:00:23 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\onOne Software
[2013/08/10 20:47:47 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\OpenOffice
[2011/04/28 21:16:14 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\OpenOffice.org
[2013/01/15 21:42:28 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Opera
[2013/04/16 21:11:18 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Participatory Culture Foundation
[2012/11/18 19:24:23 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Pavtube
[2010/11/26 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PCHC
[2011/08/05 12:48:36 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PearlMountainSoft
[2011/03/17 19:54:39 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PhotoScape
[2013/05/02 23:08:15 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Pixpedia Publisher
[2009/11/14 15:57:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PlayFirst
[2013/07/19 21:23:25 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PotPlayer64
[2013/07/19 13:13:00 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PotPlayerMini64
[2010/02/17 23:22:47 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PPStream
[2013/04/18 21:21:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Preme for Windows
[2009/11/14 15:57:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Printer Info Cache
[2012/04/17 21:54:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Privacy Guardian
[2012/04/09 21:59:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Product_FR
[2010/10/28 17:23:57 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Publish Providers
[2013/08/10 23:03:55 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SearchProtect
[2012/11/02 13:16:39 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SlimCleaner
[2012/08/15 22:10:34 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Smart Audio Editor
[2009/12/23 21:09:05 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Smart PDF Converter Pro
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Snappy Fax
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Snappy Fax Archives
[2011/10/02 14:13:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Softland
[2012/10/21 22:16:43 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SoftMaker
[2012/11/01 22:56:38 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SomePDF
[2013/05/31 21:28:07 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Sonarca Sound Recorder Free
[2010/10/28 17:25:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Sony
[2012/06/26 15:36:39 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Sound Editor Pro
[2012/10/27 23:02:45 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Spotify
[2013/04/23 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\StarBurn
[2012/07/04 16:49:42 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Steganos
[2013/06/14 00:34:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Sticker
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\StreamTorrent
[2013/02/15 20:17:47 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SumatraPDF
[2012/04/25 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SurfAnonymousFree
[2013/05/31 21:29:18 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Swifturn Free Audio Editor
[2013/06/11 21:53:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Systweak
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Template
[2013/07/18 22:37:23 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\TheImageCollector
[2010/02/13 22:36:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Thinstall
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\TuneUp Software
[2011/05/20 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Uniblue
[2011/11/21 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\URSoft
[2011/04/21 12:26:57 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\visualsearchpony.com
[2013/04/14 18:49:56 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Vso
[2010/12/08 12:31:28 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\VSRevoGroup
[2011/08/15 16:03:40 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\WaveMax Sound Editor
[2009/03/02 23:09:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Windows Live Writer
[2012/07/11 20:36:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\WindSolutions
[2012/11/01 22:15:32 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Wondershare
[2013/08/01 22:22:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\wurst
[2013/07/03 22:07:14 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\XnView
[2012/05/09 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\ZipGenius
[2013/03/01 14:03:55 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Zoner

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/05/19 11:30:15 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z?????????????????????????????????) -- C:\Windows\SysWow64\☚簐읞耠㌍駕팿萸㽪셴㍌⠊桇઀튅笵哢箼᠘ᐖṆ☚ਃ州઀픳㾙㣓檄琿⡓圦聘ℌ鞿㠤⼅籪㖽೰騐[ঀ౶➌耩팒㉞㈍⵭Ĝ刘룠澦ꥬᒿᓴဎꀒ뜌耘䐉垣࿴풬䝉ሌ栚♢猢㸂ᡚᩘธ儦઀ꄉ⎏⏀쇩᠄Ḟ儌ಀ깂撊䬃ꇼ쀧戄倔ಀ桄ኝ㉸꯾腩숫ሒ᠚ᠬ摬⹒Җ瀐夘ڀ홳촞ொఄ຀鎴ꃀ꘶懼翛羵党₃鎬ᠰ峌긌ⱐႌ聝稉䑮착ই犹ఄ⩸聉騎胎ឿ鳹ꇑ䱏੮౤၌聍帍℠慭䅰㥋㶴냣ఄఢ聑墲ຌ퓒솕喒蹜ێ襖藍ꆲ诽䨄堖ᐘ奌ঀ䕞廒ꒆѲ儶ހ촺௙઀ȓဌ聍昍�≎蟗ź뙆ꃁఄᐺ胑儍因尐︾ᱜ햐ሒ獒ᐂࡶภ⁣獒ယ聹ꨔꕡ荫꛶ꓝ痊אַᆯⲒ೗擟
[2013/05/19 11:30:15 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z?????????????????????????????????) -- C:\Windows\SysWow64\☚簐읞耠㌍駕팿萸㽪셴㍌⠊桇઀튅笵哢箼᠘ᐖṆ☚ਃ州઀픳㾙㣓檄琿⡓圦聘ℌ鞿㠤⼅籪㖽೰騐[ঀ౶➌耩팒㉞㈍⵭Ĝ刘룠澦ꥬᒿᓴဎꀒ뜌耘䐉垣࿴풬䝉ሌ栚♢猢㸂ᡚᩘธ儦઀ꄉ⎏⏀쇩᠄Ḟ儌ಀ깂撊䬃ꇼ쀧戄倔ಀ桄ኝ㉸꯾腩숫ሒ᠚ᠬ摬⹒Җ瀐夘ڀ홳촞ொఄ຀鎴ꃀ꘶懼翛羵党₃鎬ᠰ峌긌ⱐႌ聝稉䑮착ই犹ఄ⩸聉騎胎ឿ鳹ꇑ䱏੮౤၌聍帍℠慭䅰㥋㶴냣ఄఢ聑墲ຌ퓒솕喒蹜ێ襖藍ꆲ诽䨄堖ᐘ奌ঀ䕞廒ꒆѲ儶ހ촺௙઀ȓဌ聍昍�≎蟗ź뙆ꃁఄᐺ胑儍因尐︾ᱜ햐ሒ獒ᐂࡶภ⁣獒ယ聹ꨔꕡ荫꛶ꓝ痊אַᆯⲒ೗擟
[2011/03/23 20:01:12 | 000,000,000 | ---D | M](C:\Windows\SysNative\?š) -- C:\Windows\SysNative\买š
[2011/03/23 20:01:12 | 000,000,000 | ---D | C](C:\Windows\SysNative\?š) -- C:\Windows\SysNative\买š

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\RIGO\Documents\bebe1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\RIGO\Documents\bebe.jpg:Roxio EMC Stream
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

< End of report >

Edited by rigs, 11 August 2013 - 07:13 PM.

  • 0

#3
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
I posted the previous two messages a couple days ago. Since then, my need for help has taken urgency. I did something stupid. I tried to reinstall myn Microsft security essentials. It did not do so. so, now I have a virus or malware problem and no protection for my pc. Please, help.........
  • 0

#4
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
I think that I really messed up my whole system. I ran combofix and now when I click on an icon. I get following message, ''illegal operation attempted on a registry key that has been marked for deletion'' can I still save my system?
  • 0

#5
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

  • You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
  • Please make sure to carefully read any instruction that I give you and in perform them in the order they are posted. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions! :)
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean.
  • Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
  • Please reply within 3 days. Topics with no reply in 4 days are closed!

Sorry for your delay, helpers generally look for topics with zero replies, when you reply to your own topic it appears the user may already been getting help.


I think that I really messed up my whole system. I ran combofix and now when I click on an icon. I get following message, ''illegal operation attempted on a registry key that has been marked for deletion'' can I still save my system?

ComboFix is a tool that is recommended only for use when being assisted by an experienced helper, however if you will restart you computer it should resolve that issue. Please post the Combofix log in your next reply.

Then, let's get a fresh OTL Scan with a Custom Scan.

Re-open OTL on your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Make sure Use SafeList is selected under Extra Registry.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. ComboFix Log
2. New OTL Log
3. Extras.txt
  • 0

#6
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
Hello.
First of all thank you for taking on my problem. The combofix problem was resolved a few days ago. However, I cannot find the log. Could it have been deleted it when I uninstalled combofix. Thank you for the heads up about the reply thing.
I ran OTL and here are the logs..................


OTL logs.......

OTL logfile created on: 8/15/2013 1:24:05 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RIGO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 69.27% Memory free
7.98 Gb Paging File | 6.55 Gb Available in Paging File | 82.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 182.02 Gb Free Space | 64.23% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.15 Gb Free Space | 48.84% Space Free | Partition Type: NTFS
Drive J: | 7.40 Gb Total Space | 7.37 Gb Free Space | 99.62% Space Free | Partition Type: FAT32
Drive K: | 7.39 Gb Total Space | 7.28 Gb Free Space | 98.39% Space Free | Partition Type: FAT32

Computer Name: PC | User Name: RIGO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/11 19:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.exe
PRC - [2013/07/25 11:57:36 | 000,853,800 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
PRC - [2013/07/25 11:57:08 | 000,548,136 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013/07/25 11:56:22 | 001,650,472 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
PRC - [2013/07/22 10:35:19 | 017,289,640 | ---- | M] (Zemana Ltd.) -- C:\Program Files (x86)\AntiLogger\AntiLogger.exe
PRC - [2013/06/30 10:31:02 | 001,888,576 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2013/06/19 16:55:32 | 008,136,504 | ---- | M] (Lamantine Software a.s.) -- C:\Program Files (x86)\Sticky Password\stpass.exe
PRC - [2013/04/18 20:38:38 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2013/04/16 14:47:42 | 001,799,680 | ---- | M] (xwidget.com) -- C:\Program Files (x86)\XWidget\xwidget.exe
PRC - [2013/03/25 01:36:10 | 003,679,344 | ---- | M] (GetGo Software) -- C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GetGoDM.exe
PRC - [2013/02/26 12:22:40 | 000,071,280 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2012/11/29 21:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/11/09 14:44:10 | 000,366,576 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
PRC - [2012/11/09 14:44:10 | 000,264,176 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
PRC - [2012/04/16 19:49:41 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2010/10/29 15:43:54 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/24 14:18:40 | 000,744,744 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
MOD - [2013/06/08 18:14:16 | 000,048,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2012/11/29 21:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/29 21:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/11/09 14:44:14 | 000,108,448 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\PMC.dll
MOD - [2012/11/09 14:44:14 | 000,071,664 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
MOD - [2012/11/09 14:44:12 | 000,268,272 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
MOD - [2012/11/09 14:44:11 | 000,133,104 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
MOD - [2012/11/09 14:44:11 | 000,079,856 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll
MOD - [2012/11/09 14:44:11 | 000,032,680 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll
MOD - [2009/08/12 12:09:14 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\XWidget\Res\Lib\lib.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/26 18:13:08 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV:64bit: - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/28 07:37:22 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV - [2013/08/10 13:35:11 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/25 11:57:36 | 000,853,800 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe -- (hshld)
SRV - [2013/07/25 11:57:08 | 000,548,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/07/23 21:17:10 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/07/08 15:12:10 | 000,028,160 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Spotflux\services\SpotfluxUpdateService.exe -- (SpotfluxUpdateService)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/22 14:51:07 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013/02/26 12:22:40 | 000,071,280 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/04/16 19:49:41 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/08 05:50:20 | 000,450,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto | Running] -- C:\Windows\SysWOW64\STGRAMDiskHandler64.exe -- (Steganos Volatile Disk)
SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/06 22:18:04 | 000,049,240 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2013/07/23 21:12:40 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/05/28 18:12:28 | 000,039,104 | ---- | M] (Spotflux, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapSF0901.sys -- (tapSF0901)
DRV:64bit: - [2013/05/22 18:49:32 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2013/04/24 14:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/07 12:51:18 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 01:59:16 | 000,694,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/03 09:45:08 | 000,028,576 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt.com) [Driver] [Kernel | System | Running] -- C:\Windows\SysNative\drivers\STGMFEngine64.sys -- (STGMFEngine64)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/09 19:05:24 | 000,032,840 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 09:06:18 | 000,197,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{79381CE2-7FB3-4DA9-A3DC-8EC4450E03CF}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = {9AC1829D-7A9A-4919-903D-BDE627217599}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 200.54.92.187:80

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 200.54.92.187:80

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ew...ack/UP97_FRPage
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...51-37BEAD97B630
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\..\SearchScopes,DefaultScope = {9AC1829D-7A9A-4919-903D-BDE627217599}
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\..\SearchScopes\{29CB62DF-BBC4-470B-8CBF-2B9FB07C4EC0}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\..\SearchScopes\{9AC1829D-7A9A-4919-903D-BDE627217599}: "URL" = http://search.condui...4417450229&UM=2
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\..\SearchScopes\{F01B81B9-BD9D-4301-938E-5E8B2B354E2A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\..\SearchScopes\3B4DB950577045D68081C69BD7B8D762: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\RIGO\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\RIGO\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: File not found
FF - HKCU\Software\MozillaPlugins\@stickypassword.com/Sticky Password: C:\Program Files (x86)\Sticky Password\npspAutofill.dll (Lamantine Software a.s.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\RIGO\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\RIGO\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/13 19:14:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/10 14:39:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013/08/10 18:39:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/22 14:51:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/22 14:50:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Ex\\UnicodeExtensionMap: 0000000E9FD0003BF13CEA4EC7DE7926C3C4D5AE
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\RIGO\AppData\Roaming\Move Networks [2010/01/02 21:25:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/13 19:14:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{54affe52-8223-453b-be1e-2fe2e250045c}: C:\Users\RIGO\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2013/07/23 22:43:11 | 000,000,000 | ---D | M]

[2009/11/14 15:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Extensions
[2013/07/22 22:22:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions
[2013/01/22 19:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/07/22 22:22:59 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]
[2013/08/10 16:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions
[2013/07/30 20:02:36 | 000,000,000 | ---D | M] ("VisualBee") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com
[2013/08/10 16:45:26 | 000,000,000 | ---D | M] ("CouponDropDown Plugin") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]a08d473a7.com
[2013/07/22 22:22:59 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]
[2012/11/01 20:04:38 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]
[2012/12/22 14:25:16 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]
[2013/07/30 20:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com\chrome\content\extensionCode
[2013/08/10 16:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]a08d473a7.com\chrome\content\extensionCode
[2012/11/01 20:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]\chrome\content\extensionCode
[2013/08/10 16:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions
[2013/07/30 20:02:39 | 000,000,000 | ---D | M] ("VisualBee") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com
[2013/08/10 16:45:29 | 000,000,000 | ---D | M] ("CouponDropDown Plugin") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]a08d473a7.com
[2013/07/22 22:22:59 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]
[2013/07/30 20:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com\chrome\content\extensionCode
[2013/08/10 16:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]a08d473a7.com\chrome\content\extensionCode
[2013/07/22 22:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk2y75.test\extensions
[2013/07/22 22:23:00 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk2y75.test\extensions\[email protected]
[2012/11/01 20:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk2y75.test\extensions\staged
[2013/07/22 22:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\hligfgny.rigo\extensions
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\hligfgny.rigo\extensions\[email protected]
[2012/11/01 20:04:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\hligfgny.rigo\extensions\staged
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\[email protected]
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\extensions
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\extensions\[email protected]
[2013/01/22 18:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\hligfgny.rigo\extensions
[2013/01/22 18:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\hligfgny.rigo\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/08/10 16:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions
[2013/04/20 20:37:12 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2013/05/03 22:20:19 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/07/19 22:24:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/08/07 20:01:50 | 000,000,000 | ---D | M] ("ImageHost Grabber") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
[2013/07/30 22:00:11 | 000,000,000 | ---D | M] (VisualBee V.6) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{f0af464e-5167-45cf-9cf0-66b396d1918c}
[2013/07/04 13:23:59 | 000,000,000 | ---D | M] (Theme Font &amp; Size Changer) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2013/08/10 16:45:33 | 000,000,000 | ---D | M] ("CouponDropDown Plugin") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]a08d473a7.com
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/12 00:13:35 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 20:01:50 | 000,000,000 | ---D | M] (Image Picker) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/13 14:34:13 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/10 16:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]a08d473a7.com\chrome\content\extensionCode
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\pj3kgqd2.default\extensions
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\pj3kgqd2.default\extensions\[email protected]
[2013/01/16 00:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\pj3kgqd2.default\extensions\staged
[2013/01/22 18:55:02 | 000,066,364 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]
[2013/01/22 18:54:39 | 002,284,120 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
[2013/04/18 20:02:16 | 000,087,601 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\[email protected]
[2013/04/18 20:02:39 | 000,068,740 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\[email protected]
[2013/04/18 20:02:39 | 002,478,880 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
[2013/04/18 20:02:16 | 001,414,197 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
[2013/08/07 20:01:50 | 000,109,379 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/27 22:09:46 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 20:01:50 | 000,052,187 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/23 21:43:12 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/29 21:43:13 | 000,320,147 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/09 12:39:27 | 000,113,140 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 00:00:10 | 000,088,434 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/04/18 22:15:16 | 000,094,803 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]_Noia4dev.xpi
[2013/07/04 21:45:56 | 000,152,889 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/04 22:01:12 | 000,004,905 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/22 22:20:36 | 000,353,425 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/05 16:39:24 | 000,240,755 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/04 22:28:33 | 000,004,539 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 20:01:50 | 000,249,326 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/09 13:46:43 | 000,187,236 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/06/13 22:20:31 | 000,017,757 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\youtube-cin[email protected]
[2013/08/07 20:01:50 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/07/25 22:04:40 | 000,023,087 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}.xpi
[2013/08/07 20:01:50 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/07/04 17:38:56 | 000,048,903 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi
[2013/06/11 14:19:15 | 000,125,320 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
[2013/08/07 00:00:10 | 001,449,063 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
[2013/08/05 16:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/15 21:50:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/05/22 14:50:21 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/05/22 14:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/05/22 14:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/07/23 20:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/04 18:08:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/23 20:35:17 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]
[2013/07/04 18:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/07/04 18:00:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/04 18:00:13 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2013/07/04 18:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2013/07/04 18:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2013/07/04 17:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013/07/04 17:59:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/05/28 21:16:45 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\mozilla firefox\plugins\NPTURNMED.dll
[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll
[2011/12/16 16:14:50 | 000,002,067 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml

O1 HOSTS File: ([2013/08/12 19:33:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (GetGo URLCatch) - {0315AA2C-10C7-4504-A1C4-F552ABA8A095} - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\URLCatch.dll (GetGo Software)
O2 - BHO: (no name) - {11111111-1111-1111-1111-110011441193} - No CLSID value found.
O2 - BHO: (no name) - {11111111-1111-1111-1111-110211181104} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (GetGo Toolbar) - {075BBE29-FEC0-404a-A459-FF58713616FA} - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGToolBand.dll (GetGo Software)
O3 - HKLM\..\Toolbar: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files (x86)\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Sticker] C:\Program Files (x86)\Sticker\Sticker.exe (trion)
O4 - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000..\Run: [GetGoDM] C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GetGoDM.exe (GetGo Software)
O4 - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000..\Run: [StickyPassword] C:\Program Files (x86)\Sticky Password\stpass.exe (Lamantine Software a.s.)
O4 - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000..\Run: [xwidget] C:\Program Files (x86)\XWidget\xwidget.exe (xwidget.com)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O8:64bit: - Extra context menu item: &Down&load &Link& Us&ing Ge&tGo - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGCatch.htm ()
O8:64bit: - Extra context menu item: &Down&load All &Links& Us&ing Ge&tGo - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGCatchAll.htm ()
O8:64bit: - Extra context menu item: &GetGo Toolbar Search - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGToolBand.dll (GetGo Software)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: &Down&load &Link& Us&ing Ge&tGo - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGCatch.htm ()
O8 - Extra context menu item: &Down&load All &Links& Us&ing Ge&tGo - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGCatchAll.htm ()
O8 - Extra context menu item: &GetGo Toolbar Search - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGToolBand.dll (GetGo Software)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: GetGo - {01A13E40-2F55-4397-B39B-7851BCFB8008} - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GetGoDM.exe (GetGo Software)
O9 - Extra 'Tools' menuitem : GetGo Download Manager - {01A13E40-2F55-4397-B39B-7851BCFB8008} - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GetGoDM.exe (GetGo Software)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{833B7B77-AE2F-429E-AE62-A586F8191956}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C63867C0-F8B9-4190-B9EF-5B499D70B5C1}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC4FAEBF-33E1-45F7-B845-9EB92CD3C635}: NameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\RIGO\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\RIGO\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files (x86)\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/13 22:24:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/12 19:49:38 | 013,813,944 | ---- | C] (Microsoft Corporation) -- C:\Users\RIGO\Desktop\MSEInstall.exe
[2013/08/11 19:24:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.exe
[2013/08/11 14:54:56 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Documents\GomPlayer
[2013/08/11 14:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2013/08/11 14:54:17 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\GRETECH
[2013/08/11 13:20:12 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Media Player Classic
[2013/08/10 22:09:15 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Daum
[2013/08/10 20:47:47 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\OpenOffice
[2013/08/10 18:51:06 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Freemake Music Box
[2013/08/10 18:50:49 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Documents\Freemake
[2013/08/10 18:50:10 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/08/10 18:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/08/10 18:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013/08/10 18:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013/08/10 18:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/08/10 17:52:49 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0
[2013/08/10 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2013/08/10 16:49:05 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Streaming Video Downloader
[2013/08/10 16:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streaming Video Downloader
[2013/08/10 16:45:42 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Updater27793
[2013/08/10 16:45:19 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\CouponDropDown Plugin
[2013/08/10 16:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CouponDropDown Plugin
[2013/08/10 16:45:11 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Documents\Hanso Recorder
[2013/08/10 16:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hanso Recorder
[2013/08/10 16:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hanso Recorder
[2013/08/09 20:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\spotflux
[2013/08/09 14:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sanwhole
[2013/08/06 22:18:04 | 000,049,240 | ---- | C] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/08/06 22:18:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\{33CC04A6-7C06-4D73-B22D-D63FE2603F84}
[2013/08/06 22:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger
[2013/08/06 22:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AntiLogger
[2013/08/05 16:39:23 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\GetGo Software
[2013/08/05 16:39:09 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GetGo Software
[2013/08/05 16:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetGo Software
[2013/08/05 16:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013/08/01 22:22:44 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\wurst
[2013/07/31 18:10:23 | 000,000,000 | ---D | C] -- C:\Users\RIGO\.swt
[2013/07/31 18:09:26 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotflux
[2013/07/31 18:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spotflux
[2013/07/31 18:03:10 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\.spotflux
[2013/07/30 20:25:10 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/07/30 20:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/07/30 20:00:59 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Conduit
[2013/07/30 20:00:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/07/30 19:59:38 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\SearchProtect
[2013/07/30 19:59:01 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\emaze
[2013/07/30 14:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\iQNotes
[2013/07/28 21:54:57 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gmail Notifier
[2013/07/24 22:20:08 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2013/07/23 13:21:29 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Desktop\utmp
[2013/07/23 13:16:44 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Awesomium
[2013/07/23 13:13:24 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Badosoft
[2013/07/23 13:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Badosoft
[2013/07/19 21:23:25 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\PotPlayer64
[2013/07/19 13:13:00 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\PotPlayerMini64
[2013/07/19 13:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Daum
[2013/07/19 13:08:54 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
[2013/07/19 13:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
[2013/07/19 13:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\DAUM
[2013/07/19 13:04:56 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Aurora Software
[2013/07/19 13:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aurora Software
[2013/07/18 22:33:43 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/07/18 20:49:40 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Documents\Bulk Image Downloader
[2013/07/18 20:16:50 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\TheImageCollector
[2013/07/04 22:14:21 | 005,401,296 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2013/04/12 13:18:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\RIGO\AppData\Roaming\pcouffin.sys
[2012/12/08 20:16:38 | 014,794,312 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/15 12:53:35 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 12:53:35 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 12:45:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/14 21:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/14 15:19:59 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/08/13 22:27:18 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/13 22:27:18 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/13 22:27:18 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/13 20:50:24 | 000,012,899 | ---- | M] () -- C:\Users\RIGO\Documents\geeks1.odt
[2013/08/13 19:31:44 | 013,813,944 | ---- | M] (Microsoft Corporation) -- C:\Users\RIGO\Desktop\MSEInstall.exe
[2013/08/12 22:13:43 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\Hanso Recorder.lnk
[2013/08/12 22:13:03 | 000,002,118 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2013/08/12 19:33:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/11 19:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.exe
[2013/08/10 22:13:07 | 000,443,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/10 18:50:09 | 000,001,214 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Music Box.lnk
[2013/08/10 18:43:02 | 000,001,205 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013/08/10 17:52:49 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
[2013/08/10 16:49:05 | 000,001,264 | ---- | M] () -- C:\Users\RIGO\Desktop\Streaming Video Downloader.lnk
[2013/08/10 16:45:11 | 000,001,069 | ---- | M] () -- C:\Users\RIGO\Application Data\Microsoft\Internet Explorer\Quick Launch\Hanso Recorder.lnk
[2013/08/10 16:42:41 | 000,000,000 | ---- | M] () -- C:\end
[2013/08/10 13:35:11 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/08/10 13:35:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/09 20:02:26 | 000,001,851 | ---- | M] () -- C:\Users\RIGO\Desktop\Spotflux.lnk
[2013/08/09 00:25:54 | 000,000,600 | ---- | M] () -- C:\Users\RIGO\PUTTY.RND
[2013/08/08 00:39:49 | 000,034,134 | ---- | M] () -- C:\Windows\CUAppUsage.Dat
[2013/08/07 22:26:00 | 000,001,270 | ---- | M] () -- C:\Users\RIGO\Documents\cc_20130807_222553.reg
[2013/08/06 22:18:04 | 000,049,240 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/08/06 22:18:00 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\AntiLogger.lnk
[2013/08/05 22:09:02 | 000,000,792 | ---- | M] () -- C:\Users\RIGO\Documents\cc_20130805_220855.reg
[2013/08/05 16:39:11 | 000,001,215 | ---- | M] () -- C:\Users\RIGO\Desktop\GetGo Download Manager.lnk
[2013/08/04 23:00:27 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Surf Anonymous Free.lnk
[2013/08/03 22:38:47 | 000,014,866 | ---- | M] () -- C:\Users\RIGO\Documents\cc_20130803_223834.reg
[2013/07/31 14:29:27 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/07/31 14:29:27 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/07/30 22:02:22 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/30 20:24:43 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/07/25 22:13:47 | 000,000,228 | ---- | M] () -- C:\Users\RIGO\Desktop\u.ini
[2013/07/24 22:19:42 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2013/07/23 21:12:40 | 000,046,792 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/07/22 22:40:42 | 000,002,036 | ---- | M] () -- C:\Users\RIGO\Desktop\KCleaner.lnk
[2013/07/22 22:22:53 | 000,001,238 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2013/07/22 22:22:52 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/07/22 22:17:38 | 000,008,956 | ---- | M] () -- C:\Users\RIGO\Documents\cc_20130722_221733.reg
[2013/07/18 22:33:43 | 000,001,230 | ---- | M] () -- C:\Users\RIGO\Desktop\Revo Uninstaller.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/13 20:50:23 | 000,012,899 | ---- | C] () -- C:\Users\RIGO\Documents\geeks1.odt
[2013/08/11 14:54:25 | 000,002,118 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2013/08/10 18:50:09 | 000,001,214 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Music Box.lnk
[2013/08/10 17:52:49 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
[2013/08/10 16:49:05 | 000,001,264 | ---- | C] () -- C:\Users\RIGO\Desktop\Streaming Video Downloader.lnk
[2013/08/10 16:45:11 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\Hanso Recorder.lnk
[2013/08/10 16:45:11 | 000,001,069 | ---- | C] () -- C:\Users\RIGO\Application Data\Microsoft\Internet Explorer\Quick Launch\Hanso Recorder.lnk
[2013/08/07 22:25:55 | 000,001,270 | ---- | C] () -- C:\Users\RIGO\Documents\cc_20130807_222553.reg
[2013/08/06 22:18:00 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\AntiLogger.lnk
[2013/08/05 22:08:58 | 000,000,792 | ---- | C] () -- C:\Users\RIGO\Documents\cc_20130805_220855.reg
[2013/08/05 16:39:11 | 000,001,215 | ---- | C] () -- C:\Users\RIGO\Desktop\GetGo Download Manager.lnk
[2013/08/03 22:38:45 | 000,014,866 | ---- | C] () -- C:\Users\RIGO\Documents\cc_20130803_223834.reg
[2013/07/31 19:58:36 | 000,001,851 | ---- | C] () -- C:\Users\RIGO\Desktop\Spotflux.lnk
[2013/07/30 19:59:01 | 000,001,220 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2013/07/25 22:04:16 | 000,000,228 | ---- | C] () -- C:\Users\RIGO\Desktop\u.ini
[2013/07/24 22:19:44 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2013/07/23 20:30:06 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/07/23 13:21:31 | 000,000,600 | ---- | C] () -- C:\Users\RIGO\PUTTY.RND
[2013/07/23 13:21:18 | 002,000,488 | ---- | C] () -- C:\Users\RIGO\Desktop\u1301.exe
[2013/07/22 22:40:42 | 000,002,036 | ---- | C] () -- C:\Users\RIGO\Desktop\KCleaner.lnk
[2013/07/22 22:17:35 | 000,008,956 | ---- | C] () -- C:\Users\RIGO\Documents\cc_20130722_221733.reg
[2013/04/12 13:19:38 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\sysdvdcp6free.dll
[2013/04/12 13:18:48 | 000,007,859 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\pcouffin.cat
[2013/04/12 13:18:48 | 000,001,167 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\pcouffin.inf
[2013/03/17 20:21:01 | 000,034,134 | ---- | C] () -- C:\Windows\CUAppUsage.Dat
[2013/03/16 22:47:22 | 000,000,000 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\wklnhst.dat
[2013/03/07 20:00:58 | 000,000,004 | ---- | C] () -- C:\Windows\26034991.dat
[2013/03/07 12:54:46 | 000,000,004 | ---- | C] () -- C:\Windows\463619.dat
[2013/03/07 01:42:24 | 000,000,004 | ---- | C] () -- C:\Windows\46609058.dat
[2013/03/06 12:53:00 | 000,000,004 | ---- | C] () -- C:\Windows\445460.dat
[2013/03/06 01:38:12 | 000,000,004 | ---- | C] () -- C:\Windows\15752481.dat
[2013/03/05 21:15:13 | 000,002,056 | ---- | C] () -- C:\Windows\27602894.dat
[2012/12/22 14:25:43 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/12/03 20:40:58 | 000,000,322 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\burnaware.ini
[2012/12/01 13:47:07 | 000,000,090 | ---- | C] () -- C:\Windows\SysWow64\91207717.sys
[2012/08/23 19:53:29 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/07/10 19:38:40 | 000,000,106 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/06/22 22:10:12 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/28 16:59:14 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/03/02 20:48:53 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/01/28 17:56:54 | 006,664,208 | ---- | C] () -- C:\Windows\SysWow64\dvdripcore.dll
[2012/01/28 17:56:49 | 000,066,048 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll
[2011/08/22 16:21:58 | 000,011,545 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\UserTile.png
[2011/08/18 19:18:52 | 000,774,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/16 21:39:08 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\SysInfo.dll
[2011/05/02 14:41:46 | 000,051,802 | ---- | C] () -- C:\Users\RIGO\4e920be4_b4f8_fcc6_4e920be4_b4f8_fcc6.pdf
[2009/12/23 21:25:28 | 000,000,436 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\mainhst.zgh
[2009/11/14 16:22:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 08:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 08:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 08:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 08:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 08:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/05/13 00:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/05/12 23:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 08:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 07:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 08:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 08:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 08:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 08:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 01:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 08:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 08:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 07:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 08:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 08:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 07:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 08:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 08:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 08:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 08:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 08:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 08:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 07:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2012/08/21 08:09:40 | 000,219,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 17:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 08:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 08:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >
[2010/08/10 22:56:54 | 004,107,676 | ---- | M] (Aplus Software Inc. ) -- C:\AplusDVDRipper.exe
[2010/06/03 23:08:24 | 004,347,460 | ---- | M] (Aplus Software Inc. ) -- C:\AplusVideoConverter.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 21:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 21:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2013/07/16 15:28:04 | 000,186,248 | ---- | M] () MD5=3190DA6D96EAE3A354AE533BA0D35D5F -- C:\Program Files (x86)\OpenOffice 4\program\services.rdb

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 5070-6151
Directory of C:\
07/14/2009 12:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 12:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 12:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 12:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 12:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 12:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 12:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 12:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 12:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 12:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 12:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 12:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 12:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 12:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 12:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\fbwuser
04/26/2013 08:00 PM <JUNCTION> Application Data [C:\Users\fbwuser\AppData\Roaming]
04/26/2013 08:00 PM <JUNCTION> Cookies [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Cookies]
04/26/2013 08:00 PM <JUNCTION> Local Settings [C:\Users\fbwuser\AppData\Local]
04/26/2013 08:00 PM <JUNCTION> My Documents [C:\Users\fbwuser\Documents]
04/26/2013 08:00 PM <JUNCTION> NetHood [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
04/26/2013 08:00 PM <JUNCTION> PrintHood [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
04/26/2013 08:00 PM <JUNCTION> Recent [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Recent]
04/26/2013 08:00 PM <JUNCTION> SendTo [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\SendTo]
04/26/2013 08:00 PM <JUNCTION> Start Menu [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Start Menu]
04/26/2013 08:00 PM <JUNCTION> Templates [C:\Users\fbwuser\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\fbwuser\AppData\Local
04/26/2013 08:00 PM <JUNCTION> Application Data [C:\Users\fbwuser\AppData\Local]
04/26/2013 08:00 PM <JUNCTION> History [C:\Users\fbwuser\AppData\Local\Microsoft\Windows\History]
04/26/2013 08:00 PM <JUNCTION> Temporary Internet Files [C:\Users\fbwuser\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\fbwuser\Documents
04/26/2013 08:00 PM <JUNCTION> My Music [C:\Users\fbwuser\Music]
04/26/2013 08:00 PM <JUNCTION> My Pictures [C:\Users\fbwuser\Pictures]
04/26/2013 08:00 PM <JUNCTION> My Videos [C:\Users\fbwuser\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
11/14/2009 03:41 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
11/14/2009 03:41 PM <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
11/14/2009 03:41 PM <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
11/14/2009 03:41 PM <JUNCTION> My Documents [C:\Users\Guest\Documents]
11/14/2009 03:41 PM <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/14/2009 03:41 PM <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/14/2009 03:41 PM <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
11/14/2009 03:41 PM <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
11/14/2009 03:41 PM <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
11/14/2009 03:41 PM <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
11/14/2009 03:41 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
11/14/2009 03:41 PM <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
11/14/2009 03:41 PM <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
11/14/2009 03:41 PM <JUNCTION> My Music [C:\Users\Guest\Music]
11/14/2009 03:41 PM <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
11/14/2009 03:41 PM <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 12:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 12:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 12:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\RIGO
11/14/2009 03:41 PM <JUNCTION> Application Data [C:\Users\RIGO\AppData\Roaming]
11/14/2009 03:41 PM <JUNCTION> Cookies [C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Cookies]
11/14/2009 03:41 PM <JUNCTION> Local Settings [C:\Users\RIGO\AppData\Local]
11/14/2009 03:41 PM <JUNCTION> My Documents [C:\Users\RIGO\Documents]
11/14/2009 03:41 PM <JUNCTION> NetHood [C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/14/2009 03:41 PM <JUNCTION> PrintHood [C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/14/2009 03:41 PM <JUNCTION> Recent [C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Recent]
11/14/2009 03:41 PM <JUNCTION> SendTo [C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\SendTo]
11/14/2009 03:41 PM <JUNCTION> Start Menu [C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu]
11/14/2009 03:41 PM <JUNCTION> Templates [C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\RIGO\AppData\Local
11/14/2009 03:41 PM <JUNCTION> Application Data [C:\Users\RIGO\AppData\Local]
11/14/2009 03:41 PM <JUNCTION> History [C:\Users\RIGO\AppData\Local\Microsoft\Windows\History]
11/14/2009 03:41 PM <JUNCTION> Temporary Internet Files [C:\Users\RIGO\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\RIGO\Documents
11/14/2009 03:41 PM <JUNCTION> My Music [C:\Users\RIGO\Music]
11/14/2009 03:41 PM <JUNCTION> My Pictures [C:\Users\RIGO\Pictures]
11/14/2009 03:41 PM <JUNCTION> My Videos [C:\Users\RIGO\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
12/08/2009 04:15 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
12/08/2009 04:15 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
12/08/2009 04:15 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
12/08/2009 04:15 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
12/08/2009 04:15 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile
12/08/2009 04:15 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
12/08/2009 04:15 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
12/08/2009 04:15 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
12/08/2009 04:15 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
12/08/2009 04:15 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
91 Dir(s) 195,371,159,552 bytes free

========== Files - Unicode (All) ==========
[2013/05/19 11:30:15 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z?????????????????????????????????) -- C:\Windows\SysWow64\☚簐읞耠㌍駕팿萸㽪셴㍌⠊桇઀튅笵哢箼᠘ᐖṆ☚ਃ州઀픳㾙㣓檄琿⡓圦聘ℌ鞿㠤⼅籪㖽೰騐[ঀ౶➌耩팒㉞㈍⵭Ĝ刘룠澦ꥬᒿᓴဎꀒ뜌耘䐉垣࿴풬䝉ሌ栚♢猢㸂ᡚᩘธ儦઀ꄉ⎏⏀쇩᠄Ḟ儌ಀ깂撊䬃ꇼ쀧戄倔ಀ桄ኝ㉸꯾腩숫ሒ᠚ᠬ摬⹒Җ瀐夘ڀ홳촞ொఄ຀鎴ꃀ꘶懼翛羵党₃鎬ᠰ峌긌ⱐႌ聝稉䑮착ই犹ఄ⩸聉騎胎ឿ鳹ꇑ䱏੮౤၌聍帍℠慭䅰㥋㶴냣ఄఢ聑墲ຌ퓒솕喒蹜ێ襖藍ꆲ诽䨄堖ᐘ奌ঀ䕞廒ꒆѲ儶ހ촺௙઀ȓဌ聍昍�≎蟗ź뙆ꃁఄᐺ胑儍因尐︾ᱜ햐ሒ獒ᐂࡶภ⁣獒ယ聹ꨔꕡ荫꛶ꓝ痊אַᆯⲒ೗擟
[2013/05/19 11:30:15 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z?????????????????????????????????) -- C:\Windows\SysWow64\☚簐읞耠㌍駕팿萸㽪셴㍌⠊桇઀튅笵哢箼᠘ᐖṆ☚ਃ州઀픳㾙㣓檄琿⡓圦聘ℌ鞿㠤⼅籪㖽೰騐[ঀ౶➌耩팒㉞㈍⵭Ĝ刘룠澦ꥬᒿᓴဎꀒ뜌耘䐉垣࿴풬䝉ሌ栚♢猢㸂ᡚᩘธ儦઀ꄉ⎏⏀쇩᠄Ḟ儌ಀ깂撊䬃ꇼ쀧戄倔ಀ桄ኝ㉸꯾腩숫ሒ᠚ᠬ摬⹒Җ瀐夘ڀ홳촞ொఄ຀鎴ꃀ꘶懼翛羵党₃鎬ᠰ峌긌ⱐႌ聝稉䑮착ই犹ఄ⩸聉騎胎ឿ鳹ꇑ䱏੮౤၌聍帍℠慭䅰㥋㶴냣ఄఢ聑墲ຌ퓒솕喒蹜ێ襖藍ꆲ诽䨄堖ᐘ奌ঀ䕞廒ꒆѲ儶ހ촺௙઀ȓဌ聍昍�≎蟗ź뙆ꃁఄᐺ胑儍因尐︾ᱜ햐ሒ獒ᐂࡶภ⁣獒ယ聹ꨔꕡ荫꛶ꓝ痊אַᆯⲒ೗擟
[2011/03/23 20:01:12 | 000,000,000 | ---D | M](C:\Windows\SysNative\?š) -- C:\Windows\SysNative\买š
[2011/03/23 20:01:12 | 000,000,000 | ---D | C](C:\Windows\SysNative\?š) -- C:\Windows\SysNative\买š

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\RIGO\Documents\bebe1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\RIGO\Documents\bebe.jpg:Roxio EMC Stream

< End of report >


OTL Extras.....


OTL Extras logfile created on: 8/15/2013 1:24:06 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RIGO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.76 Gb Available Physical Memory | 69.27% Memory free
7.98 Gb Paging File | 6.55 Gb Available in Paging File | 82.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 182.02 Gb Free Space | 64.23% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.15 Gb Free Space | 48.84% Space Free | Partition Type: NTFS
Drive J: | 7.40 Gb Total Space | 7.37 Gb Free Space | 99.62% Space Free | Partition Type: FAT32
Drive K: | 7.39 Gb Total Space | 7.28 Gb Free Space | 98.39% Space Free | Partition Type: FAT32

Computer Name: PC | User Name: RIGO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Value error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Value error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Value error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Value error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" = C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe:*:Enabled:?? ?????
"C:\Program Files\DAUM\PotPlayer\PotPlayer64.exe" = C:\Program Files\DAUM\PotPlayer\PotPlayer64.exe:*:Enabled:?? ?????
"C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" = C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe:*:Enabled:?? ?????
"C:\Program Files\DAUM\PotPlayer\PotPlayer64.exe" = C:\Program Files\DAUM\PotPlayer\PotPlayer64.exe:*:Enabled:?? ?????

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{064E435A-49B3-4D9D-9E47-784618AE2F4E}" = rport=137 | protocol=17 | dir=out | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0C15F0C6-4BD5-4F8A-A34F-ADB939071628}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{0CE9172B-6234-41CD-8294-EA2E5791C717}" = lport=138 | protocol=17 | dir=in | app=system |
"{10610623-5ACE-4B9A-A7F6-65F901584F04}" = rport=139 | protocol=6 | dir=out | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1C891D3B-1BEF-4414-8448-57B6BBCDAE6E}" = lport=445 | protocol=6 | dir=in | app=system |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2603289E-4AA8-4AC2-9519-D5540E19CDDF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4D192B5C-175C-4B4E-9608-29AE8FBACDB3}" = rport=445 | protocol=6 | dir=out | app=system |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6E0E7F8F-BFE8-47B8-9B0A-D6843AF3D84A}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7594F4CE-B6A9-4610-A5A5-A19D9290C4BB}" = lport=139 | protocol=6 | dir=in | app=system |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{80E95F2A-814C-47AB-AD96-7B69D4B15476}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A478596-0931-42D7-AE7F-714165D20FE4}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{8B866915-6C02-4D51-AF82-E871A2AA2E21}" = lport=80 | protocol=6 | dir=in | name=http |
"{AA499B08-BBAD-4D12-AB60-DC8643177A53}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BA85C2E7-85FE-42D9-AFFC-FA1AD3F67862}" = lport=137 | protocol=17 | dir=in | app=system |
"{BD6F1944-200C-4F23-9B40-87AA2996DDB7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F90B2A26-728E-4890-971B-4703D222B2C3}" = rport=138 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | [email protected],-28545 |
"{06A01FC2-E4DB-4BC1-A9D3-268A5C48F5C0}" = protocol=6 | dir=in | app=c:\users\rigo\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{0A29DAEE-C4D7-49B8-90B6-A7C1EE82D155}" = protocol=1 | dir=in | [email protected],-28543 |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{23FB91B5-2DB6-4BFB-8419-C36E8D980524}" = protocol=1 | dir=out | [email protected],-28544 |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | [email protected],-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | [email protected],-28544 |
"{5EA98E85-EB73-49AD-B9E0-E5D04DC04863}" = protocol=58 | dir=out | [email protected],-28546 |
"{871EAE59-6B8B-4825-B5FC-24A4C6A2C6A2}" = protocol=17 | dir=in | app=c:\users\rigo\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{97A967D8-F89A-47A5-8920-5D1F04220B0B}" = dir=in | name=”youtubetweak” |
"{A4C230FE-7488-4E91-9BC1-87D691DBA3EA}" = protocol=17 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{BCB34FBC-1ACA-4B71-AD9D-093A03825A02}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DCDEECEF-5E2D-46FE-ADA5-AE9C954DFC70}" = protocol=6 | dir=in | app=c:\program files (x86)\realtek\11n usb wireless lan utility\rtwlan.exe |
"{DDF56D78-3760-4A4F-9F81-328EC37846F9}" = protocol=58 | dir=in | [email protected],-28545 |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | [email protected],-28546 |
"TCP Query User{1A74A6F8-7CA5-4557-BFD5-A0422311FF72}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{2682CB67-994D-44FB-929C-0B1BCA870F97}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{52F99C56-2101-4B4D-B2E7-1337B45DEA9B}C:\program files\daum\potplayer\potplayer64.exe" = protocol=6 | dir=in | app=c:\program files\daum\potplayer\potplayer64.exe |
"TCP Query User{5DEB0C24-EE74-46A1-86FB-375D2164A620}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{83FC09AC-1F1B-4D4F-AA17-691F0797ADD1}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{878B07F7-5CA0-4F58-9C0C-8036920E53BA}C:\program files (x86)\veetle\player\veetlenet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"TCP Query User{A147336E-D9E5-4184-8E45-B17D4890A5E1}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"TCP Query User{BD4B677C-55B1-4C1F-BE19-75B1D3C8CF07}C:\windows\system32\wfs.exe" = protocol=6 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{1AF34CDF-EB27-4BFD-8619-2BF1EC78558F}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{24C5DA10-F6DF-47FD-AAD7-9BDB8CE8FFFA}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{4206602B-7014-444E-B7ED-6DCC8359A256}C:\program files (x86)\veetle\player\veetlenet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"UDP Query User{4B079F4D-11BD-45AC-AFA7-ABB222B6E00A}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{62E2AE21-3293-4B09-91C3-0DDF54244F7A}C:\windows\system32\wfs.exe" = protocol=17 | dir=in | app=c:\windows\system32\wfs.exe |
"UDP Query User{92165A96-4079-46A4-8871-8E2D1A830972}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{C383AE42-A44F-4341-8D9E-C649EEDC3250}C:\program files\daum\potplayer\potplayer64.exe" = protocol=17 | dir=in | app=c:\program files\daum\potplayer\potplayer64.exe |
"UDP Query User{F62E6AB6-0F33-4FFA-8513-EBFB77DBBD91}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{20543C00-75E0-4F85-97A0-49AD1FF92175}" = Blaine's Transition Pack 1 (Circle Stretch, Push, Zoom Blur)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}" = Nitro Reader 3
"{53EE9AAB-CD12-454C-BDD8-32BDC289757F}" = Blaine's Letterbox Effects
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7F33EB5A-65DA-4283-A2F5-424D49E8B67F}" = Blaine's Transition Pack 4 (Twist)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90FF2D09-E2B1-4732-877A-7D52BAE1F0D4}" = Blaine's Paint Splat Titles
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A7395F20-2B22-4CB8-8510-B452C0F47E02}" = Movie Maker 6.0 for Windows 7 (64-bit)
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{B4F21D9A-4B0F-4259-BADE-E58D5F410579}" = Blaine's Transition Pack 3 (Paper Fold)
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C426AF87-96B7-4A03-86CB-0CA81213F131}" = Blaine's Transition Pack 2 (MultiSlide)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F45DF6DF-A6C8-462D-9954-2963B6E0BD7C}" = Talking Desktop Clock 1.2
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"CCleaner" = CCleaner
"GPL Ghostscript 9.06" = GPL Ghostscript
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"KeyboardImageViewer_is1" = Keyboard Image Viewer 1.5.3
"novaPDF Standard Desktop 7 printer_is1" = novaPDF Standard Desktop 7.4 printer
"OptimizerPro" = OptimizerPro
"ShaderTFX_is1" = ShaderTFX version 1.1
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{1102D7B1-098C-4F48-92F4-DC403E45A527}" = LightScribe Template Designs - Athletic Pack 1
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{14A023A2-3B5C-467A-A6C4-8583AE0BDF0E}" = LightScribe Template Designs - Kickin It Pack 1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DF6492-1394-457C-9CCC-19FCD8451061}" = Blaine's Bloom/Negative Effects
"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word
"{1921E7AC-4616-4A98-80E5-FAC4DCB31615}" = Hardwipe 2.0.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C0C5E50-8B6D-BECC-13B2-BA09E66F7F5A}" = AccuWeather.com Stratus
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{272F534A-29A8-40D4-8E0C-2A9A596F808D}" = LightScribe Template Designs - Tribal Pack 1
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}" = honestech VHS to DVD 3.0 SE
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F264191-64FB-4163-813C-70641B24089F}" = HP Print Diagnostic Utility
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39488AAE-73E4-42A3-B357-2C5C213B8B86}" = Blaine's Bubble Warp Effect
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43523FEF-9D8E-4572-BB11-0E914D366E0A}" = LightScribe Template Labeler
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45FE5100-6C09-4B34-AC2F-92D8B3864546}" = LiveUpload to Facebook
"{46233A94-8B6A-44B2-8DD8-AB04BD50581A}" = OpenOffice.org 3.4.1 Language Pack (Spanish)
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5B295E70-5256-46DD-ADA8-81E9EF7F4939}" = LightScribe Template Designs - Life Events Pack 1
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{5FA3097C-03C5-492e-ACF0-9924A56985C2}_is1" = Aiseesoft Media Converter Ultimate 6.3.58
"{605C0E57-BBB8-458F-9020-B17DCF0D5DEA}" = LightScribe Template Designs - Floral Pack 1
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61F25370-7465-4404-BE28-4629BF808699}" = LightScribe Applications
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{66F2E34E-A7D4-49AF-8D4A-2F6D8760EFAD}" = LightScribe Template Designs - Celebration Pack 1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77310F29-2F23-450E-9253-3E56EFEE78B1}" = honestech VHS to DVD 3.0 SE
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84B01A13-F78F-4281-9224-C96FB3530A2C}" = LightScribe Template Designs - Seasonal Pack 1
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9D30FAAF-459C-4876-AAE8-C7D0E6BFD41B}_is1" = Sticker version 1.0
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F618FDE-F24E-462F-8843-BD18E5377BA2}" = Blaine's Custom Blends (Translucency and Compositing)
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A6E16998-A241-438F-A916-5CD59B5506C0}_is1" = XWidget Ver1.83
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B6C766E9-B26D-4D54-A22B-A52B069C6C14}" = LightScribe Template Designs - Special Occasion Pack 1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE7E6C3D-A42B-4BA3-9767-124EB8ED27E3}" = LightScribe System Software
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C92AB6F1-4B66-808A-D77C-25EF81C0176A}_is1" = Ashampoo Photo Commander 10 v.10.2.1
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1C70CF7-F2F3-4A15-ADE5-5DF1BA0739E1}" = LightScribe Template Designs - Bonus Pack 1
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35A1183-F6D8-4DCA-A111-296AFFA00A5C}" = LightScribe Template Designs - Tattoo Pack 1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E417E34D-30D0-4552-9B48-E0448E0CABA9}" = Fix-It
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0DFB2F3-1066-4C77-8D45-AB45CC6FCA73}" = XML Adder
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D85517-6EAC-496A-965A-FA349036E74E}" = RehanFX Shader Transitions and Effects (ShaderTFX)
"{F3A482EC-55E0-48FA-A408-F40FDF265181}" = LightScribe Template Designs - Nature Pack 1
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F9C62746-BB57-48B2-853D-38DE983A703C}" = IncrediMail
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 2.5b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"AntiLogger" = AntiLogger
"Ashampoo Burning Studio 2013_is1" = Ashampoo Burning Studio 2013 v.11.0.5
"ATT-PRT22" = ATT-PRT22
"AVS Audio Recorder_is1" = AVS Audio Recorder version 4.0
"Bass Audio Decoder" = Bass Audio Decoder (remove only)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"com.AccuWeather.air.stratus.6AF67E59E785A9A644FCA43BED05A7731922EF40.1" = AccuWeather.com Stratus
"Coupon Companion" = Coupon Companion
"Coupon Companion Plugin" = Coupon Companion Plugin
"CouponDropDown Plugin" = CouponDropDown Plugin
"DCoder Image Source" = DCoder Image Source (remove only)
"DirectVobSub" = DirectVobSub (remove only)
"Dream Aquarium" = Dream Aquarium 1.234
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"ffdshow_is1" = ffdshow v1.2.4453 [2012-05-21]
"FFMPEG Core Files" = FFMPEG Core Files (remove only)
"FotoMix" = Digital Photo Software FotoMix 8.0
"Free Studio_is1" = Free Studio version 2013
"Freemake Music Box_is1" = Freemake Music Box
"GetGoSoft_GetGoDM" = GetGo Download Manager
"GOM Player" = GOM Player
"Hanso Recorder" = Hanso Recorder
"HotspotShield" = Hotspot Shield 3.11
"IncrediMail" = IncrediMail 2.0
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"KC Softwares KCleaner_is1" = KC Softwares KCleaner
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.0.0
"LAV Filters" = LAV Filters (remove only)
"lavfilters_is1" = LAV Filters 0.53.2
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"MadVR" = MadVR (remove only)
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MS Access 97 SP2" = MS Access 97 SP2
"OpenSource AVI Splitter" = OpenSource AVI Splitter (remove only)
"OpenSource DTS/AC3/DD+ Source Filter" = OpenSource DTS/AC3/DD+ Source Filter (remove only)
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PhoneTray" = PhoneTray Free
"PhotoScape" = PhotoScape
"pixpedia-en_is1" = Pixpedia Publisher 3.6.2
"Premiumplay Codec-C" = Premiumplay Codec-C
"Revo Uninstaller" = Revo Uninstaller 1.95
"Scanitto_is1" = Scanitto
"Shark Water World 3D Screensaver" = Shark Water World 3D Screensaver
"SlimBoat" = FlashPeak SlimBoat
"Smart Defrag 2_is1" = Smart Defrag 2
"Spotflux" = Spotflux
"Sticky Password_is1" = Sticky Password 6.0.11.449
"Streaming Video Downloader" = Streaming Video Downloader 6.0
"StreamTorrent 1.0" = Stream Torrent 1.0
"SurfAnonymousFree" = Surf Anonymous Free
"Swifturn Free Audio Editor_is1" = Swifturn Free Audio Editor 8.2.1
"Veetle TV" = Veetle TV
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"XnView_is1" = XnView 2.00

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager - 1
"DPL 2D Geometrical Deformation Effects for Vista MM" = DPL 2D Geometrical Deformation Effects for Vista MM
"DPL 3D Cube RotateB Transitions for Vista MM" = DPL 3D Cube RotateB Transitions for Vista MMll List ==========[/colo
"DPL Flashing TFX for Vista MM" = DPL Flashing TFX for Vista MM
"DPL Whirl Pinch TFX for Vista MM" = DPL Whirl Pinch TFX for Vista MM
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"webmdshow" = WebM Project Directshow Filters
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/13/2013 5:14:03 PM | Computer Name = PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
installation. An error has prevented the Security Essentials setup wizard from
completing successfully. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

Error - 8/13/2013 8:28:17 PM | Computer Name = PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
installation. An error has prevented the Security Essentials setup wizard from
completing successfully. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

Error - 8/13/2013 8:33:39 PM | Computer Name = PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
installation. An error has prevented the Security Essentials setup wizard from
completing successfully. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

Error - 8/13/2013 10:02:15 PM | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : GetNextFileMapContent() failed.

System
Error: The parameter is incorrect. .

Error - 8/13/2013 11:16:25 PM | Computer Name = PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
installation. An error has prevented the Security Essentials setup wizard from
completing successfully. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

Error - 8/14/2013 2:34:52 PM | Computer Name = PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 8/14/2013 4:19:03 PM | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\RIGO\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/14/2013 4:19:59 PM | Computer Name = PC | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
installation. An error has prevented the Security Essentials setup wizard from
completing successfully. Please restart your computer and try again. Error code:0x80070643.
Fatal error during installation.

Error - 8/14/2013 4:43:10 PM | Computer Name = PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 8/15/2013 1:47:13 PM | Computer Name = PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Event filter with query "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.
Events cannot be delivered through this filter until the problem is corrected.

Error - 8/15/2013 2:26:59 PM | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddCoreCsiFiles : GetNextFileMapContent() failed.

System
Error: The parameter is incorrect. .

[ Media Center Events ]
Error - 4/14/2009 9:31:35 PM | Computer Name = PC | Source = MCUpdate | ID = 0
Description =

Error - 6/10/2009 4:37:36 PM | Computer Name = PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/10/2009 4:38:53 PM | Computer Name = PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerAccumulate failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 6/13/2009 4:08:27 PM | Computer Name = PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 8/4/2009 9:24:38 PM | Computer Name = PC | Source = MCUpdate | ID = 0
Description =

[ System Events ]
Error - 8/14/2013 2:33:20 PM | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%2

Error - 8/14/2013 2:49:54 PM | Computer Name = PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR6.

Error - 8/14/2013 2:49:55 PM | Computer Name = PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR6.

Error - 8/14/2013 2:49:55 PM | Computer Name = PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR6.

Error - 8/14/2013 2:49:56 PM | Computer Name = PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR6.

Error - 8/14/2013 4:41:40 PM | Computer Name = PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:39:57 PM on ?8/?14/?2013 was unexpected.

Error - 8/14/2013 4:41:39 PM | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%2

Error - 8/14/2013 11:34:41 PM | Computer Name = PC | Source = Service Control Manager | ID = 7043
Description = The Steganos Volatile Disk service did not shut down properly after
receiving a preshutdown control.

Error - 8/15/2013 1:45:34 PM | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%2

Error - 8/15/2013 1:46:25 PM | Computer Name = PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Realtek11nSU service.


< End of report >
  • 0

#7
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
There will be several steps to this process to begin to get rid of the malware on your system. Please read the instructions carefully and if you have any questions at any point, please stop and ask. :) After these steps please let me know what problems you are still having with your computer.

Before we get started with the removal process, I have some information I feel is important to share regarding Registry Cleaners and P2P programs.

!! Registry Cleaner Warning !!
There were signs of multiple programs that are either currently or have been previously installed on your computer that contain registry cleaners.A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
At Geeks to Go we strongly advise that people stay away from any of the registry cleaners out there. Go here to get more information about why registry cleaners aren't needed. Technet blog also discusses this issue as well as Ed Bott.

P2P Warning!

IMPORTANT I notice there are signs of a P2P (Person to Person) File Sharing Program on your computer.

StreamTorrent


Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

Cyber Education Letter
File sharing infects 500,000 computers
USAToday

I would recommend that you uninstall the above, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.
[/list]
----------------------------
Now that's out of the way, lets get started :)


Step 1 - Uninstall Programs

If any of these programs are listed in Programs, please uninstall them. If not continue on to the next step. These programs are all considered adware, rogue software, or have a less that desirable reputation.

  • OptimizerPro
  • Advanced SystemCare 6 (any IObit programs)
  • Coupon Companion
  • Coupon Companion Plugin
  • CouponDropDown Plugin
  • Hotspot Shield 3.11

  • Open Programs and Features by clicking the Start button Posted Image, clicking Control Panel, clicking Programs, and then clicking Programs and Features.
  • Select a program, and then click Uninstall.

Step 2 - Run AdwCleaner

  • Download AdwCleaner from here or here and save it to your desktop.
  • Run AdwCleaner and select Delete

    Posted Image
  • Once it has completed it will ask to reboot the computer, please allow it to so.
  • After the computer reboots, a log will be produced. Please attach that log to your next post.

Step 3 - Run Junkware Removal Tool
Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3 - OTL Fix

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything inside the code box, right click and click Copy.

:Commands
[createrestorepoint]

:OTL
MOD - [2013/07/24 14:18:40 | 000,744,744 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
MOD - [2009/08/12 12:09:14 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\XWidget\Res\Lib\lib.dll
SRV - [2013/07/25 11:57:36 | 000,853,800 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe -- (hshld)
SRV - [2013/07/25 11:57:08 | 000,548,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/07/23 21:17:10 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
DRV:64bit: - [2013/07/23 21:12:40 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/05/22 18:49:32 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2013/04/24 14:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...51-37BEAD97B630
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\..\SearchScopes,DefaultScope = {9AC1829D-7A9A-4919-903D-BDE627217599}
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\..\SearchScopes\{9AC1829D-7A9A-4919-903D-BDE627217599}: "URL" = http://search.condui...4417450229&UM=2
[2013/07/22 22:22:59 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]
[2013/07/30 20:02:36 | 000,000,000 | ---D | M] ("VisualBee") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com
[2013/08/10 16:45:26 | 000,000,000 | ---D | M] ("CouponDropDown Plugin") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]a08d473a7.com
[2013/07/22 22:22:59 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]
[2012/11/01 20:04:38 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]
[2012/12/22 14:25:16 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]
[2013/07/30 20:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com\chrome\content\extensionCode
[2013/08/10 16:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]a08d473a7.com\chrome\content\extensionCode
[2012/11/01 20:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]\chrome\content\extensionCode
[2013/07/30 20:02:39 | 000,000,000 | ---D | M] ("VisualBee") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com
[2013/08/10 16:45:29 | 000,000,000 | ---D | M] ("CouponDropDown Plugin") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]a08d473a7.com
[2013/07/22 22:22:59 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]
[2013/07/30 20:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com\chrome\content\extensionCode
[2013/08/10 16:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]a08d473a7.com\chrome\content\extensionCode
[2013/07/22 22:23:00 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk2y75.test\extensions\[email protected]
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\hligfgny.rigo\extensions\[email protected]
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\[email protected]
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\extensions\[email protected]
[2013/07/30 22:00:11 | 000,000,000 | ---D | M] (VisualBee V.6) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{f0af464e-5167-45cf-9cf0-66b396d1918c}
[2013/08/10 16:45:33 | 000,000,000 | ---D | M] ("CouponDropDown Plugin") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]a08d473a7.com
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/10 16:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]a08d473a7.com\chrome\content\extensionCode
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\pj3kgqd2.default\extensions\[email protected]
[2013/05/22 14:50:21 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/05/22 14:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/07/23 20:35:17 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]
[2013/07/04 18:00:13 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2013/07/04 18:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/05/28 21:16:45 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\mozilla firefox\plugins\NPTURNMED.dll
[2011/12/16 16:14:50 | 000,002,067 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {11111111-1111-1111-1111-110011441193} - No CLSID value found.
O2 - BHO: (no name) - {11111111-1111-1111-1111-110211181104} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
[2013/08/10 16:45:42 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Updater27793
[2013/08/10 16:45:19 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\CouponDropDown Plugin
[2013/08/10 16:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CouponDropDown Plugin
[2013/08/05 16:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013/07/30 20:25:10 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/07/30 20:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/07/30 20:00:59 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Conduit
[2013/07/30 20:00:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/07/30 19:59:38 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\SearchProtect
[2013/07/24 22:20:08 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2013/07/04 22:14:21 | 005,401,296 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2013/07/30 20:24:43 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/07/24 22:19:42 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2013/07/23 21:12:40 | 000,046,792 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/07/22 22:22:52 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/07/24 22:19:44 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2013/07/23 20:30:06 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/04/12 13:19:38 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\sysdvdcp6free.dll
[2013/05/19 11:30:15 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z?????????????????????????????????) -- C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z?????????????????????????????????
[2013/05/19 11:30:15 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z?????????????????????????????????) -- C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z?????????????????????????????????
[2011/03/23 20:01:12 | 000,000,000 | ---D | M](C:\Windows\SysNative\?š) -- C:\Windows\SysNative\?š
[2011/03/23 20:01:12 | 000,000,000 | ---D | C](C:\Windows\SysNative\?š) -- C:\Windows\SysNative\?š
[2013/02/15 23:27:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\B1Toolbar
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\GetRightToGo
[2013/02/07 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Hotspot Shield
[2013/04/23 23:08:09 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\IObit
[2013/08/10 23:03:55 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SearchProtect
[2012/11/02 13:16:39 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SlimCleaner
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\StreamTorrent
[2013/06/11 21:53:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Systweak
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\TuneUp Software
[2011/05/20 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Uniblue


:Files
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files (x86)\IObit
C:\Windows\26034991.dat
C:\Windows\463619.dat
C:\Windows\46609058.dat
C:\Windows\445460.dat
C:\Windows\15752481.dat
C:\Windows\27602894.dat
:Commands
[emptytemp]

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. AdwCleaner Log
2. Junkware Removal Log
3. OTL Fix
4. New OTL Log
5. How is your computer running?
  • 0

#8
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
I have a question. On "the things needed in my next post" in #3, you want OTL fix. Is this a different log from #4 OTL log. If it is, you did not post a download link for OTLfix.

Thank You
  • 0

#9
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
The OTL Fix (#3) comes from these instructions in Step 3.

Step 3 - OTL Fix
Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything inside the code box, right click and click Copy.

:Commands
[createrestorepoint]

:OTL
MOD - [2013/07/24 14:18:40 | 000,744,744 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
MOD - [2009/08/12 12:09:14 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\XWidget\Res\Lib\lib.dll
SRV - [2013/07/25 11:57:36 | 000,853,800 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe -- (hshld)
SRV - [2013/07/25 11:57:08 | 000,548,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013/07/23 21:17:10 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
SRV - [2013/04/18 16:58:08 | 000,574,272 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
DRV:64bit: - [2013/07/23 21:12:40 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013/05/22 18:49:32 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2013/04/24 14:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...51-37BEAD97B630
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\..\SearchScopes,DefaultScope = {9AC1829D-7A9A-4919-903D-BDE627217599}
IE - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\..\SearchScopes\{9AC1829D-7A9A-4919-903D-BDE627217599}: "URL" = http://search.condui...4417450229&UM=2
[2013/07/22 22:22:59 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]
[2013/07/30 20:02:36 | 000,000,000 | ---D | M] ("VisualBee") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com
[2013/08/10 16:45:26 | 000,000,000 | ---D | M] ("CouponDropDown Plugin") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]a08d473a7.com
[2013/07/22 22:22:59 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]
[2012/11/01 20:04:38 | 000,000,000 | ---D | M] ("Coupon Companion") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]
[2012/12/22 14:25:16 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]
[2013/07/30 20:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com\chrome\content\extensionCode
[2013/08/10 16:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]a08d473a7.com\chrome\content\extensionCode
[2012/11/01 20:04:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]\chrome\content\extensionCode
[2013/07/30 20:02:39 | 000,000,000 | ---D | M] ("VisualBee") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com
[2013/08/10 16:45:29 | 000,000,000 | ---D | M] ("CouponDropDown Plugin") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]a08d473a7.com
[2013/07/22 22:22:59 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]
[2013/07/30 20:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com\chrome\content\extensionCode
[2013/08/10 16:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]a08d473a7.com\chrome\content\extensionCode
[2013/07/22 22:23:00 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk2y75.test\extensions\[email protected]
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\hligfgny.rigo\extensions\[email protected]
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\[email protected]
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\extensions\[email protected]
[2013/07/30 22:00:11 | 000,000,000 | ---D | M] (VisualBee V.6) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{f0af464e-5167-45cf-9cf0-66b396d1918c}
[2013/08/10 16:45:33 | 000,000,000 | ---D | M] ("CouponDropDown Plugin") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]a08d473a7.com
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/10 16:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]a08d473a7.com\chrome\content\extensionCode
[2013/07/22 22:23:01 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\pj3kgqd2.default\extensions\[email protected]
[2013/05/22 14:50:21 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/05/22 14:50:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/07/23 20:35:17 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]
[2013/07/04 18:00:13 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2013/07/04 18:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/05/28 21:16:45 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files (x86)\mozilla firefox\plugins\NPTURNMED.dll
[2011/12/16 16:14:50 | 000,002,067 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {11111111-1111-1111-1111-110011441193} - No CLSID value found.
O2 - BHO: (no name) - {11111111-1111-1111-1111-110211181104} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No CLSID value found.
O3 - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\S-1-5-21-3026827408-1962054132-2561569089-1000..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
[2013/08/10 16:45:42 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Updater27793
[2013/08/10 16:45:19 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\CouponDropDown Plugin
[2013/08/10 16:45:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CouponDropDown Plugin
[2013/08/05 16:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2013/07/30 20:25:10 | 000,046,792 | ---- | C] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/07/30 20:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/07/30 20:00:59 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Conduit
[2013/07/30 20:00:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/07/30 19:59:38 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\SearchProtect
[2013/07/24 22:20:08 | 000,032,600 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2013/07/04 22:14:21 | 005,401,296 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2013/07/30 20:24:43 | 000,001,010 | ---- | M] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/07/24 22:19:42 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Smart Defrag 2.lnk
[2013/07/23 21:12:40 | 000,046,792 | ---- | M] (AnchorFree Inc.) -- C:\Windows\SysNative\drivers\hssdrv6.sys
[2013/07/22 22:22:52 | 000,001,187 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/07/24 22:19:44 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys
[2013/07/23 20:30:06 | 000,001,010 | ---- | C] () -- C:\Users\Public\Desktop\Hotspot Shield.lnk
[2013/04/12 13:19:38 | 000,000,014 | ---- | C] () -- C:\Windows\SysWow64\sysdvdcp6free.dll
[2013/05/19 11:30:15 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z?????????????????????????????????) -- C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z?????????????????????????????????
[2013/05/19 11:30:15 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z?????????????????????????????????) -- C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z?????????????????????????????????
[2011/03/23 20:01:12 | 000,000,000 | ---D | M](C:\Windows\SysNative\?š) -- C:\Windows\SysNative\?š
[2011/03/23 20:01:12 | 000,000,000 | ---D | C](C:\Windows\SysNative\?š) -- C:\Windows\SysNative\?š
[2013/02/15 23:27:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\B1Toolbar
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\GetRightToGo
[2013/02/07 13:17:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Hotspot Shield
[2013/04/23 23:08:09 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\IObit
[2013/08/10 23:03:55 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SearchProtect
[2012/11/02 13:16:39 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SlimCleaner
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\StreamTorrent
[2013/06/11 21:53:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Systweak
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\TuneUp Software
[2011/05/20 16:54:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Uniblue


:Files
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files (x86)\IObit
C:\Windows\26034991.dat
C:\Windows\463619.dat
C:\Windows\46609058.dat
C:\Windows\445460.dat
C:\Windows\15752481.dat
C:\Windows\27602894.dat
:Commands
[emptytemp]

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


The OTL Log (#4) comes from this quick scan performed after the fix.

10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


  • 0

#10
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok,got it. once the otlfix is done it will give me the log.

as for the other otl log. do I use this setting like the first time I ran otl.

Please check the box next to Scan All Users.
Make sure Use SafeList is selected under Extra Registry.

sorry to ask all these questions. I don't want to make a mess.
oh, and also, sometimes it might take me more than one day to respond and post the logs. I'm disabled and sometimes my body does not want to go along with my daily chores...hehe

thank you
  • 0

Advertisements


#11
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts

ok,got it. once the otlfix is done it will give me the log.

That's correct :)

as for the other otl log. do I use this setting like the first time I ran otl.

Please check the box next to Scan All Users.
Make sure Use SafeList is selected under Extra Registry.

Actually much easier than that, just open OTL and click the Quick Scan button, no need to check any settings.

sorry to ask all these questions. I don't want to make a mess.

Feel free to ask as many questions as you need, that's what I'm here for. ;)

oh, and also, sometimes it might take me more than one day to respond and post the logs. I'm disabled and sometimes my body does not want to go along with my daily chores...hehe

That's fine, I understand completely, and sometimes life in general gets in the way as well. The typical policy is as long as you reply within 4 days the topic will be left open, with multi-step posts if you need to just do one step at a time and post each log as you do it that is fine as well. If you get to four days and are unable to post logs back in that time frame, just reply and let me know you're working on it and I'll make sure the topic doesn't get closed. :)

thank you

You're Welcome! :)
  • 0

#12
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok,one more thing before I start the remmoval programs. I was able to uninstall all the programs except one. When uninstalling optimizerpro I got an error msessagge "error 2 while loadin archive the system cannot find the file specfied"
should I ignore it and go ahead with the removal programs?

thank you
  • 0

#13
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Yes, just skip it and move on to the next steps. :)
  • 0

#14
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
Ok, I did everything as instructed and here are all the logs. I wish I could say that everything went well. After running all the programs and rebooting. I checked and noticed that I lost my internet connection. When I ran windows network diagnostics. It gives me the following results “there might be a problem with the driver for the local area connection area” did one of these programs removed someting that they were not supposed to? I tried all that I coujd think of to fix this problem but nothing fixed it. I hope you have an idea how to fix it.....

thank you


# AdwCleaner v2.306 - Logfile created 08/17/2013 at 20:28:52
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : RIGO - PC
# Boot Mode : Normal
# Running from : C:\Users\RIGO\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\Zynga
File Deleted : C:\END
File Deleted : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\Common Files\Wondershare
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\[email protected]
Folder Deleted : C:\Program Files (x86)\Red Sky
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\BetterSoft
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\Wondershare
Folder Deleted : C:\Users\RIGO\AppData\Local\B1E
Folder Deleted : C:\Users\RIGO\AppData\Local\Conduit
Folder Deleted : C:\Users\RIGO\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\RIGO\AppData\Local\CouponDropDown Plugin
Folder Deleted : C:\Users\RIGO\AppData\Local\DownTango
Folder Deleted : C:\Users\RIGO\AppData\Local\PackageAware
Folder Deleted : C:\Users\RIGO\AppData\Local\Wajam
Folder Deleted : C:\Users\RIGO\AppData\Local\Wondershare
Folder Deleted : C:\Users\RIGO\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\RIGO\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\RIGO\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\RIGO\AppData\Roaming\B1Toolbar
Folder Deleted : C:\Users\RIGO\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]
Folder Deleted : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk2y75.test\extensions\staged
Folder Deleted : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\hligfgny.rigo\extensions\staged
Folder Deleted : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\CT3287805
Folder Deleted : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{f0af464e-5167-45cf-9cf0-66b396d1918c}
Folder Deleted : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\jetpack
Folder Deleted : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\Smartbar
Folder Deleted : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\pj3kgqd2.default\extensions\staged
Folder Deleted : C:\Users\RIGO\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\RIGO\AppData\Roaming\Wondershare
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027793.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0027793.Sandbox.1
Key Deleted : HKLM\Software\Classes\Installer\Features\79CAA1B036589D14EA74856E2A220F1E
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022442293}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=Download2&dpid=Download2&co=US&userid=cc9f4717-3f3f-482d-987e-b1707ee9af28&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=Download2&dpid=Download2&co=US&userid=cc9f4717-3f3f-482d-987e-b1707ee9af28&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=Download2&dpid=Download2&co=US&userid=cc9f4717-3f3f-482d-987e-b1707ee9af28&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=Download2&dpid=Download2&co=US&userid=cc9f4717-3f3f-482d-987e-b1707ee9af28&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\prefs.js

[OK] File is clean.

File : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\prefs.js

C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\user.js ... Deleted !

Deleted : user_pref("extensions.funmoods.aflt", "orgnl");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", true);
Deleted : user_pref("extensions.funmoods.hmpg", false);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y[...]
Deleted : user_pref("extensions.funmoods.id", "00219B263D3E6151");
Deleted : user_pref("extensions.funmoods.instlDay", "15645");
Deleted : user_pref("extensions.funmoods.instlRef", "");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:4:15");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", false);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=orgnl&chnl=&cd=2XzuyE[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:4:15");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", false);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:4:15");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3287805&octid=CT3287805&Sea[...]
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287805&octid=CT3287805[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ff");

File : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\prefs.js

C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\user.js ... Deleted !

Deleted : user_pref("extensions.funmoods.aflt", "orgnl");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", true);
Deleted : user_pref("extensions.funmoods.hmpg", false);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y[...]
Deleted : user_pref("extensions.funmoods.id", "00219B263D3E6151");
Deleted : user_pref("extensions.funmoods.instlDay", "15645");
Deleted : user_pref("extensions.funmoods.instlRef", "");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:4:15");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", false);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=orgnl&chnl=&cd=2XzuyE[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:4:15");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", false);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:4:15");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3287805&octid=CT3287805&Sea[...]
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287805&octid=CT3287805[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ff");

File : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk2y75.test\prefs.js

C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk2y75.test\user.js ... Deleted !

[OK] File is clean.

File : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\hligfgny.rigo\prefs.js

C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\hligfgny.rigo\user.js ... Deleted !

Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1351818266);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.active", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.addressbar", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundver", 10);
Deleted : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1351818266");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.domain", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.group", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "53");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Tue Jan 22[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 13);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "\"CH\"==appAPI.platform&[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 7);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jq[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,21,[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 29);
Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 53);
Deleted : user_pref("extensions.crossriderapp4493.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp4493.apps", "4493");
Deleted : user_pref("extensions.crossriderapp4493.bic", "13c64aac3f921f66b03d920f29495e9e");
Deleted : user_pref("extensions.crossriderapp4493.cid", 4493);
Deleted : user_pref("extensions.crossriderapp4493.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1358898578);
Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22648310);
Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22648310);
Deleted : user_pref("extensions.crossriderapp4493.modetype", "production");
Deleted : user_pref("extensions.crossriderapp4493.reportInstall", true);
Deleted : user_pref("extensions.enabledAddons", "crossriderapp4493%40crossrider.com:0.85.40,plugin%40selection[...]
Deleted : user_pref("extensions.funmoods.aflt", "orgnl");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", true);
Deleted : user_pref("extensions.funmoods.hmpg", false);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y[...]
Deleted : user_pref("extensions.funmoods.id", "00219B263D3E6151");
Deleted : user_pref("extensions.funmoods.instlDay", "15645");
Deleted : user_pref("extensions.funmoods.instlRef", "");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:4:15");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", false);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=orgnl&chnl=&cd=2XzuyE[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:4:15");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", false);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:4:15");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.b1.org/?bsrc=4hfxr&chid=c167991");

File : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\prefs.js

[OK] File is clean.

File : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\prefs.js

[OK] File is clean.

File : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\prefs.js

C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\user.js ... Deleted !

Deleted : user_pref("CT3287805.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3287805.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3287805.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3287805.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3287805.FF19Solved", "true");
Deleted : user_pref("CT3287805.FirstTime", "true");
Deleted : user_pref("CT3287805.FirstTimeFF3", "true");
Deleted : user_pref("CT3287805.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3NTIzMjc1OQ==");
Deleted : user_pref("CT3287805.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3NTIzMjc2NA==");
Deleted : user_pref("CT3287805.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MQ==");
Deleted : user_pref("CT3287805.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.e[...]
Deleted : user_pref("CT3287805.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3287805.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Deleted : user_pref("CT3287805.SF_STATUS.enc", "RU5BQkxFRA==");
Deleted : user_pref("CT3287805.SF_USER_ID.enc", "Y2lkXzMwNzIwMTMyMDU1ODM1NTA5Mw==");
Deleted : user_pref("CT3287805.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
Deleted : user_pref("CT3287805.UserID", "UN33366304452660732");
Deleted : user_pref("CT3287805.acp_personal.appstate.enc", "ZW5hYmxl");
Deleted : user_pref("CT3287805.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3287805.autoDisableScopes", -1);
Deleted : user_pref("CT3287805.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3287805.countryCode", "US");
Deleted : user_pref("CT3287805.defaultSearch", "true");
Deleted : user_pref("CT3287805.embeddedsData", "[{\"appId\":\"130058504672798349\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3287805.enableAlerts", "true");
Deleted : user_pref("CT3287805.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3287805.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3287805.fixPageNotFoundError", "true");
Deleted : user_pref("CT3287805.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3287805.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3287805.fixUrls", true);
Deleted : user_pref("CT3287805.fullUserID", "UN33366304452660732.IN.20130730195937");
Deleted : user_pref("CT3287805.homepageuserchanged", true);
Deleted : user_pref("CT3287805.installDate", "30/07/2013 19:59:36");
Deleted : user_pref("CT3287805.installId", "stub.exe");
Deleted : user_pref("CT3287805.installSessionId", "{47A4461C-2EE6-4CC1-B497-562FC2830F02}");
Deleted : user_pref("CT3287805.installSp", "true");
Deleted : user_pref("CT3287805.installType", "conduitnsisintegration");
Deleted : user_pref("CT3287805.installUsage", "2013-07-31T03:59:52.4293035+03:00");
Deleted : user_pref("CT3287805.installUsageEarly", "2013-07-31T03:59:50.4637665+03:00");
Deleted : user_pref("CT3287805.installerVersion", "1.5.4.4");
Deleted : user_pref("CT3287805.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3287805.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3287805.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3287805.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3287805.keyword", "true");
Deleted : user_pref("CT3287805.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3287805.lastVersion", "10.16.70.505");
Deleted : user_pref("CT3287805.mam_gk_appStateReportTime.enc", "MTM3NTIzMjM5OTUxMA==");
Deleted : user_pref("CT3287805.mam_gk_appState_ACplus.enc", "b24=");
Deleted : user_pref("CT3287805.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3287805.mam_gk_appState_Discover.enc", "b24=");
Deleted : user_pref("CT3287805.mam_gk_appState_Easytobook.enc", "b24=");
Deleted : user_pref("CT3287805.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Deleted : user_pref("CT3287805.mam_gk_appState_Find-a-Pro.enc", "b24=");
Deleted : user_pref("CT3287805.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
Deleted : user_pref("CT3287805.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3287805.mam_gk_appState_WindowShopper.enc", "b24=");
Deleted : user_pref("CT3287805.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3287805.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3287805.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJ[...]
Deleted : user_pref("CT3287805.mam_gk_currentVersion.enc", "MS45LjAuNA==");
Deleted : user_pref("CT3287805.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Deleted : user_pref("CT3287805.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3287805.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3287805.mam_gk_lastLoginTime.enc", "MTM3NTIzMjM5NTgxMA==");
Deleted : user_pref("CT3287805.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3287805.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3287805.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3287805.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3287805.mam_gk_userId.enc", "OGVmYjBjNDQtNzQyMy00YWEwLWJiMWMtNGZhMWJkMzA0ZWZk");
Deleted : user_pref("CT3287805.migrateAppsAndComponents", true);
Deleted : user_pref("CT3287805.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.ebay.com%2Fs[...]
Deleted : user_pref("CT3287805.openThankYouPage", "false");
Deleted : user_pref("CT3287805.openUninstallPage", "true");
Deleted : user_pref("CT3287805.originalHomepage", "hxxp://www.cnn.com/");
Deleted : user_pref("CT3287805.originalSearchAddressUrl", "hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=0[...]
Deleted : user_pref("CT3287805.originalSearchEngine", "Bing ");
Deleted : user_pref("CT3287805.originalSearchEngineName", "Bing ");
Deleted : user_pref("CT3287805.revertSettingsEnabled", "false");
Deleted : user_pref("CT3287805.search.searchAppId", "130058504672798349");
Deleted : user_pref("CT3287805.search.searchCount", "0");
Deleted : user_pref("CT3287805.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3287805.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3287805.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3287805.searchRevert", "false");
Deleted : user_pref("CT3287805.searchSuggestEnabledByUser", "true");
Deleted : user_pref("CT3287805.searchUserMode", "2");
Deleted : user_pref("CT3287805.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3287805.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3287805.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3287805.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3287805.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3287805.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3287805.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3287805.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3287805.serviceLayer_services_Configuration_lastUpdate", "1375491952390");
Deleted : user_pref("CT3287805.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1375232390237");
Deleted : user_pref("CT3287805.serviceLayer_services_appsMetadata_lastUpdate", "1375232390176");
Deleted : user_pref("CT3287805.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1375232390078");
Deleted : user_pref("CT3287805.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1375232388[...]
Deleted : user_pref("CT3287805.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1375232390502")[...]
Deleted : user_pref("CT3287805.serviceLayer_services_login_10.16.70.505_lastUpdate", "1375497546325");
Deleted : user_pref("CT3287805.serviceLayer_services_login_10.16.70.5_lastUpdate", "1375232769286");
Deleted : user_pref("CT3287805.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1375232390134");
Deleted : user_pref("CT3287805.serviceLayer_services_searchAPI_lastUpdate", "1375491952430");
Deleted : user_pref("CT3287805.serviceLayer_services_serviceMap_lastUpdate", "1375491952209");
Deleted : user_pref("CT3287805.serviceLayer_services_toolbarContextMenu_lastUpdate", "1375232390021");
Deleted : user_pref("CT3287805.serviceLayer_services_toolbarSettings_lastUpdate", "1375497606544");
Deleted : user_pref("CT3287805.serviceLayer_services_translation_lastUpdate", "1375491952579");
Deleted : user_pref("CT3287805.settingsINI", true);
Deleted : user_pref("CT3287805.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3287805.showToolbarPermission", "false");
Deleted : user_pref("CT3287805.smartbar.CTID", "CT3287805");
Deleted : user_pref("CT3287805.smartbar.Uninstall", "0");
Deleted : user_pref("CT3287805.smartbar.homepage", "true");
Deleted : user_pref("CT3287805.smartbar.isHidden", true);
Deleted : user_pref("CT3287805.smartbar.toolbarName", "VisualBee V.6 ");
Deleted : user_pref("CT3287805.startPage", "true");
Deleted : user_pref("CT3287805.toolbarBornServerTime", "31-7-2013");
Deleted : user_pref("CT3287805.toolbarCurrentServerTime", "3-8-2013");
Deleted : user_pref("CT3287805.toolbarDisabled", "true");
Deleted : user_pref("CT3287805.toolbarLoginClientTime", "Tue Jul 30 2013 19:59:50 GMT-0500 (Central Standard T[...]
Deleted : user_pref("CT3287805.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Deleted : user_pref("CT3287805.versionFromInstaller", "10.16.70.5");
Deleted : user_pref("CT3287805.xpeMode", "3");
Deleted : user_pref("CT3287805_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287805&octid=CT328780[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "VisualBee V.6 Customized Web Search");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287805[...]
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&d[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3287805");
Deleted : user_pref("browser.search.defaultenginename", "VisualBee V.6 Customized Web Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "VisualBee V.6 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287805&CUI[...]
Deleted : user_pref("browser.search.selectedEngine", "VisualBee V.6 Customized Web Search");
Deleted : user_pref("extensions.smarterwiki.search_surfcanyon", false);
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287805&SearchSource=2&CU[...]
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3287805");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287805&CUI=UN333663044[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3287805");
Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3287805");
Deleted : user_pref("smartbar.machineId", "1A64HUN+VC7Z1BYJTCRHLVF3YM9C9VMOFTUTU22LN3XOQTYUDYZNEGC9JT1L7KUTSD8[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3287805&CUI=UN333663044526[...]

File : C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\pj3kgqd2.default\prefs.js

C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\pj3kgqd2.default\user.js ... Deleted !

Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1351818266);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searchUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.active", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.addressbar", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundver", 10);
Deleted : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1351818266");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.domain", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.group", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "53");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Tue Jan 22[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 13);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "\"CH\"==appAPI.platform&[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 7);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jq[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,15,64,4,1,21,[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 29);
Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 53);
Deleted : user_pref("extensions.crossriderapp4493.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp4493.apps", "4493");
Deleted : user_pref("extensions.crossriderapp4493.bic", "13c64aac3f921f66b03d920f29495e9e");
Deleted : user_pref("extensions.crossriderapp4493.cid", 4493);
Deleted : user_pref("extensions.crossriderapp4493.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1358898578);
Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22648310);
Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22648310);
Deleted : user_pref("extensions.crossriderapp4493.modetype", "production");
Deleted : user_pref("extensions.crossriderapp4493.reportInstall", true);
Deleted : user_pref("extensions.enabledAddons", "crossriderapp4493%40crossrider.com:0.85.40,plugin%40selection[...]
Deleted : user_pref("extensions.funmoods.aflt", "orgnl");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", false);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", true);
Deleted : user_pref("extensions.funmoods.hmpg", false);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y[...]
Deleted : user_pref("extensions.funmoods.id", "00219B263D3E6151");
Deleted : user_pref("extensions.funmoods.instlDay", "15645");
Deleted : user_pref("extensions.funmoods.instlRef", "");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:4:15");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", false);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=orgnl&chnl=&cd=2XzuyE[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:4:15");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", false);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:4:15");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.b1.org/?bsrc=4hfxr&chid=c167991");
Deleted : user_pref("extensions.smarterwiki.search_surfcanyon", false);
Deleted : user_pref("browser.startup.homepage", "hxxp://search.b1.org/?bsrc=4hfxr&chid=c167991");

*************************

AdwCleaner[R2].txt - [57321 octets] - [17/08/2013 20:27:09]
AdwCleaner[S2].txt - [310 octets] - [17/08/2013 20:28:03]
AdwCleaner[S3].txt - [59412 octets] - [17/08/2013 20:28:52]

########## EOF - C:\AdwCleaner[S3].txt - [59473 octets] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.6 (08.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by RIGO on Sat 08/17/2013 at 20:42:52.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3026827408-1962054132-2561569089-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\anchorfree
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\powerpack
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wondershare
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222182204}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222772293}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066046635}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266776693}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077047735}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220222182204}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220222772293}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660066046635}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660266776693}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{77777777-7777-7777-7777-770077047735}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066046635}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266776693}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{77777777-7777-7777-7777-770077047735}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mxtask2_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mxtask2_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskman_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\taskman_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader75803_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader75803_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_tugzip_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_tugzip_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_tvants_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_tvants_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066046635}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660266776693}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{77777777-7777-7777-7777-770077047735}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mxtask2_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mxtask2_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\taskman_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\taskman_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader75803_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader75803_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_tugzip_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_tugzip_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_tvants_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_tvants_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\RIGO\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\RIGO\appdata\local\premiumplay codec-c"
Successfully deleted: [Folder] "C:\Users\RIGO\appdata\local\rivalgaming"
Successfully deleted: [Folder] "C:\Users\RIGO\appdata\locallow\myashampoo"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\premiumplay codec-c"
Successfully deleted: [Folder] "C:\Users\RIGO\AppData\Roaming\microsoft\windows\start menu\programs\rivalgaming"
Successfully deleted: [Folder] "C:\Windows\freecorder"
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{03692BF2-E41B-4FD3-B3D1-50E44F81C863}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{11531A37-4EC4-4AF2-8BCC-68B682B360FC}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{11AA761D-3986-4C6C-B6FA-095D8F5913E0}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{2F41B714-0DC0-4475-8CB4-D1F109775268}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{31199264-CCEE-49F9-AF66-003D098ECB03}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{3BBBDC94-B2E4-4E15-8F6E-65125561D060}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{41A0467E-ED39-45EE-A47E-CEDF758C186E}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{4E52DDB0-AFF4-4462-9BA9-684192B73E98}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{4FC725CA-5178-4567-B6B3-72109A3B7194}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{51792219-F23D-495C-A89C-9C2A59D1C364}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{571E8418-6591-46D0-BFB3-5D7678953906}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{7A29333E-AE5A-44E2-8A33-9F8E4EB0C6D5}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{7E4472D9-DABB-4873-AA1B-953400BE5447}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{A750B57F-41C7-45A9-B0C6-5E733BDC4626}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{CEF13ABD-1AB0-4D19-AB26-F13F7FCBB27E}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{EAE4A9A5-D566-48F7-8203-6EFBE5DD39A1}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{EC4DD9B0-E361-413C-8654-991EDF267DDA}
Successfully deleted: [Empty Folder] C:\Users\RIGO\appdata\local\{FAE0F132-E242-4F60-81F6-B212C8E0F202}



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\blekkotb.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\blekkotb.xml"
Successfully deleted: [File] C:\Users\RIGO\AppData\Roaming\mozilla\firefox\profiles\n5m4u5o9.default-1366334104149\extensions\[email protected] [Tracur]
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]"
Successfully deleted the following from C:\Users\RIGO\AppData\Roaming\mozilla\firefox\profiles\1lre4406.test\prefs.js

user_pref("extensions.crossrider.bic", "13c64aac3f921f66b03d920f29495e9e");
Successfully deleted the following from C:\Users\RIGO\AppData\Roaming\mozilla\firefox\profiles\5aekgxr3.Default User2\prefs.js

user_pref("extensions.crossrider.bic", "13c64aac3f921f66b03d920f29495e9e");
Successfully deleted the following from C:\Users\RIGO\AppData\Roaming\mozilla\firefox\profiles\n5m4u5o9.default-1366334104149\prefs.js

user_pref("extensions.crossrider.bic", "14032428701ea8b79f269c7d1bf1523d");
user_pref("extensions.lastpass.loginpws", "rigosanjr%40gmail.com=zO1Thw%2B0DgrMv9oSVAYQjA%3D%3D");
Emptied folder: C:\Users\RIGO\AppData\Roaming\mozilla\firefox\profiles\n5m4u5o9.default-1366334104149\minidumps [7 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/17/2013 at 20:47:58.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named hshld was found to stop!
Service\Driver key hshld not found.
File C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe not found.
Error: No service named HssWd was found to stop!
Service\Driver key HssWd not found.
File C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe not found.
Error: No service named HssTrayService was found to stop!
Service\Driver key HssTrayService not found.
File C:\Program Files (x86)\Hotspot Shield\bin\HSSTrayService.exe not found.
Error: No service named AdvancedSystemCareService6 was found to stop!
Service\Driver key AdvancedSystemCareService6 not found.
File C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe not found.
Service HssDRV6 stopped successfully!
Service HssDRV6 deleted successfully!
C:\Windows\SysNative\drivers\hssdrv6.sys moved successfully.
Error: No service named SmartDefragDriver was found to stop!
Service\Driver key SmartDefragDriver not found.
File C:\Windows\SysNative\drivers\SmartDefragDriver.sys not found.
Service taphss6 stopped successfully!
Service taphss6 deleted successfully!
C:\Windows\SysNative\drivers\taphss6.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-3026827408-1962054132-2561569089-1000\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-21-3026827408-1962054132-2561569089-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3026827408-1962054132-2561569089-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9AC1829D-7A9A-4919-903D-BDE627217599}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AC1829D-7A9A-4919-903D-BDE627217599}\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\[email protected]\ not found.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com\skin folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com\locale\en-US folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com\locale folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com\defaults\preferences folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com\defaults folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com\chrome\content\extensionCode folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com\chrome\content\core folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com\chrome\content\api folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com\chrome\content folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com\chrome folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]9930111f9.com folder moved successfully.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]a08d473a7.com\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\67314b39-24e6-4f05-99f3-3f88c7c[email protected]\chrome\content\extensionCode\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]a08d473a7.com\chrome\content\extensionCode\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions\[email protected]\chrome\content\extensionCode\ not found.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com\skin folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com\locale\en-US folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com\locale folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com\defaults\preferences folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com\defaults folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com\chrome\content\extensionCode folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com\chrome\content\core folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com\chrome\content\api folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com\chrome\content folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com\chrome folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com folder moved successfully.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]a08d473a7.com\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]9930111f9.com\chrome\content\extensionCode\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]a08d473a7.com\chrome\content\extensionCode\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk2y75.test\extensions\[email protected]\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\hligfgny.rigo\extensions\[email protected]\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\[email protected]\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\extensions\[email protected]\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{f0af464e-5167-45cf-9cf0-66b396d1918c}\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]a08d473a7.com\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]a08d473a7.com\chrome\content\extensionCode\ not found.
Folder C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\pj3kgqd2.default\extensions\[email protected]\ not found.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\ not found.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\ not found.
Folder C:\Program Files (x86)\Mozilla Firefox\browser\extensions\[email protected]\ not found.
C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]\skin folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]\defaults folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected] folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]\defaults folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected] folder moved successfully.
File C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll not found.
File C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll not found.
C:\Program Files (x86)\Mozilla Firefox\plugins\NPTURNMED.dll moved successfully.
File C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441193}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181104}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_USERS\S-1-5-21-3026827408-1962054132-2561569089-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-3026827408-1962054132-2561569089-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 6 not found.
File C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe not found.
Folder C:\Users\RIGO\AppData\Local\Updater27793\ not found.
Folder C:\Users\RIGO\AppData\Local\CouponDropDown Plugin\ not found.
Folder C:\Program Files (x86)\CouponDropDown Plugin\ not found.
Folder C:\ProgramData\Ask\ not found.
File C:\Windows\SysNative\drivers\hssdrv6.sys not found.
Folder C:\Program Files (x86)\Conduit\ not found.
Folder C:\Users\RIGO\AppData\Local\Conduit\ not found.
Folder C:\Program Files (x86)\SearchProtect\ not found.
Folder C:\Users\RIGO\AppData\Roaming\SearchProtect\ not found.
File C:\Windows\SysNative\SmartDefragBootTime.exe not found.
C:\ProgramData\pclunst.exe moved successfully.
File C:\Users\Public\Desktop\Hotspot Shield.lnk not found.
File C:\Users\Public\Desktop\Smart Defrag 2.lnk not found.
File C:\Windows\SysNative\drivers\hssdrv6.sys not found.
File C:\Users\Public\Desktop\Advanced SystemCare 6.lnk not found.
File C:\Windows\SysNative\drivers\SmartDefragDriver.sys not found.
File C:\Users\Public\Desktop\Hotspot Shield.lnk not found.
C:\Windows\SysWOW64\sysdvdcp6free.dll moved successfully.
File C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z????????????????????????????????? not found.
File C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z????????????????????????????????? not found.
Folder C:\Windows\SysNative\?š\ not found.
Folder C:\Windows\SysNative\?š\ not found.
Folder C:\Users\RIGO\AppData\Roaming\B1Toolbar\ not found.
C:\Users\RIGO\AppData\Roaming\GetRightToGo folder moved successfully.
Folder C:\Users\RIGO\AppData\Roaming\Hotspot Shield\ not found.
C:\Users\RIGO\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\IObit Uninstaller\Language folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\InternetBooster folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare V6\Startup Manager folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare V6\SmartRAM folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare V6\Registrycleaner\backup\Registry folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare V6\Registrycleaner\backup folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare V6\Registrycleaner folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare V6\Driver Manager\DriverBackup folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare V6\Driver Manager folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare V6\Downloader folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare V6\DiskCleaner folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare V6\DiskCheck folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare V6\Disk Cleaner folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare\Backup folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit\Advanced SystemCare folder moved successfully.
C:\Users\RIGO\AppData\Roaming\IObit folder moved successfully.
Folder C:\Users\RIGO\AppData\Roaming\SearchProtect\ not found.
C:\Users\RIGO\AppData\Roaming\SlimCleaner folder moved successfully.
C:\Users\RIGO\AppData\Roaming\StreamTorrent\1.0\config folder moved successfully.
C:\Users\RIGO\AppData\Roaming\StreamTorrent\1.0 folder moved successfully.
C:\Users\RIGO\AppData\Roaming\StreamTorrent folder moved successfully.
Folder C:\Users\RIGO\AppData\Roaming\Systweak\ not found.
C:\Users\RIGO\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\Cache folder moved successfully.
C:\Users\RIGO\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens folder moved successfully.
C:\Users\RIGO\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogoAnimations\Cache folder moved successfully.
C:\Users\RIGO\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\LogoAnimations folder moved successfully.
C:\Users\RIGO\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\BootScreens\Cache folder moved successfully.
C:\Users\RIGO\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler\BootScreens folder moved successfully.
C:\Users\RIGO\AppData\Roaming\TuneUp Software\TuneUp Utilities\WinStyler folder moved successfully.
C:\Users\RIGO\AppData\Roaming\TuneUp Software\TuneUp Utilities\TuneUp Registry Editor folder moved successfully.
C:\Users\RIGO\AppData\Roaming\TuneUp Software\TuneUp Utilities\StartUp Manager folder moved successfully.
C:\Users\RIGO\AppData\Roaming\TuneUp Software\TuneUp Utilities\Disk Space Explorer folder moved successfully.
C:\Users\RIGO\AppData\Roaming\TuneUp Software\TuneUp Utilities\Dashboard folder moved successfully.
C:\Users\RIGO\AppData\Roaming\TuneUp Software\TuneUp Utilities\Backups folder moved successfully.
C:\Users\RIGO\AppData\Roaming\TuneUp Software\TuneUp Utilities folder moved successfully.
C:\Users\RIGO\AppData\Roaming\TuneUp Software folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\RIGO\AppData\Roaming\Uniblue folder moved successfully.
========== FILES ==========
File\Folder C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe not found.
C:\Program Files (x86)\IObit\Smart Defrag 2 folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
C:\Windows\26034991.dat moved successfully.
C:\Windows\463619.dat moved successfully.
C:\Windows\46609058.dat moved successfully.
C:\Windows\445460.dat moved successfully.
C:\Windows\15752481.dat moved successfully.
C:\Windows\27602894.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57616 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: RIGO
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 769731 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19407858 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 154784 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42297402 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 29511531 bytes

Total Files Cleaned = 88.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08172013_205457

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



OTL logfile created on: 8/17/2013 10:30:02 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\RIGO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 70.26% Memory free
7.98 Gb Paging File | 6.71 Gb Available in Paging File | 84.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 179.49 Gb Free Space | 63.34% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.15 Gb Free Space | 48.84% Space Free | Partition Type: NTFS
Drive J: | 7.40 Gb Total Space | 7.37 Gb Free Space | 99.60% Space Free | Partition Type: FAT32
Drive K: | 7.39 Gb Total Space | 7.28 Gb Free Space | 98.39% Space Free | Partition Type: FAT32

Computer Name: PC | User Name: RIGO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/11 19:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.exe
PRC - [2013/07/22 10:35:19 | 017,289,640 | ---- | M] (Zemana Ltd.) -- C:\Program Files (x86)\AntiLogger\AntiLogger.exe
PRC - [2013/06/19 16:55:32 | 008,136,504 | ---- | M] (Lamantine Software a.s.) -- C:\Program Files (x86)\Sticky Password\stpass.exe
PRC - [2013/04/16 14:47:42 | 001,799,680 | ---- | M] (xwidget.com) -- C:\Program Files (x86)\XWidget\xwidget.exe
PRC - [2013/02/26 12:22:40 | 000,071,280 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2012/11/29 21:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/11/09 14:44:10 | 000,366,576 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
PRC - [2012/11/09 14:44:10 | 000,264,176 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
PRC - [2012/04/16 19:49:41 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2010/10/29 15:43:54 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/29 21:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/29 21:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/11/09 14:44:14 | 000,108,448 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\PMC.dll
MOD - [2012/11/09 14:44:14 | 000,071,664 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
MOD - [2012/11/09 14:44:12 | 000,268,272 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
MOD - [2012/11/09 14:44:11 | 000,133,104 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
MOD - [2012/11/09 14:44:11 | 000,079,856 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\ImAppRU.dll
MOD - [2012/11/09 14:44:11 | 000,032,680 | ---- | M] () -- C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll
MOD - [2009/08/12 12:09:14 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\XWidget\Res\Lib\lib.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/26 18:13:08 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV:64bit: - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/28 07:37:22 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV - [2013/08/10 13:35:11 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/08 15:12:10 | 000,028,160 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Spotflux\services\SpotfluxUpdateService.exe -- (SpotfluxUpdateService)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/22 14:51:07 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/26 12:22:40 | 000,071,280 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/04/16 19:49:41 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/08 05:50:20 | 000,450,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt) [Auto | Running] -- C:\Windows\SysWOW64\STGRAMDiskHandler64.exe -- (Steganos Volatile Disk)
SRV - [2010/04/16 16:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2009/08/27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/06 22:18:04 | 000,049,240 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2013/05/28 18:12:28 | 000,039,104 | ---- | M] (Spotflux, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapSF0901.sys -- (tapSF0901)
DRV:64bit: - [2013/04/07 12:51:18 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/25 01:59:16 | 000,694,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/03 09:45:08 | 000,028,576 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt.com) [Driver] [Kernel | System | Running] -- C:\Windows\SysNative\drivers\STGMFEngine64.sys -- (STGMFEngine64)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/09 19:05:24 | 000,032,840 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:64bit: - [2009/09/23 19:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 09:06:18 | 000,197,120 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/08/14 08:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 08:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{79381CE2-7FB3-4DA9-A3DC-8EC4450E03CF}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ew...ack/UP97_FRPage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{29CB62DF-BBC4-470B-8CBF-2B9FB07C4EC0}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{F01B81B9-BD9D-4301-938E-5E8B2B354E2A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\3B4DB950577045D68081C69BD7B8D762: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - prefs.js..network.proxy.type:
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\RIGO\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\RIGO\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: File not found
FF - HKCU\Software\MozillaPlugins\@stickypassword.com/Sticky Password: C:\Program Files (x86)\Sticky Password\npspAutofill.dll (Lamantine Software a.s.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\RIGO\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\RIGO\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/13 19:14:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/10 14:39:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/22 14:51:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/08/17 20:55:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Ex\\UnicodeExtensionMap: 0000000E9FD0003BF13CEA4EC7DE7926C3C4D5AE
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\RIGO\AppData\Roaming\Move Networks [2010/01/02 21:25:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/13 19:14:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{54affe52-8223-453b-be1e-2fe2e250045c}: C:\Users\RIGO\AppData\Roaming\Lamantine\Sticky Password\spAutofill [2013/07/23 22:43:11 | 000,000,000 | ---D | M]

[2009/11/14 15:56:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Extensions
[2013/08/16 19:36:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions
[2013/01/22 19:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\0ul22pvt.Default User\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/08/17 20:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\1lre4406.test\extensions
[2013/08/17 20:55:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions
[2013/08/17 20:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\8kyk2y75.test\extensions
[2013/08/17 20:29:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\hligfgny.rigo\extensions
[2013/08/16 19:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions
[2013/08/16 19:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\extensions
[2013/01/22 18:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\hligfgny.rigo\extensions
[2013/01/22 18:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\mvt2qld4.rigo2\hligfgny.rigo\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/08/17 20:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions
[2013/04/20 20:37:12 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2013/05/03 22:20:19 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/07/19 22:24:37 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/08/07 20:01:50 | 000,000,000 | ---D | M] ("ImageHost Grabber") -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}
[2013/07/04 13:23:59 | 000,000,000 | ---D | M] (Theme Font &amp; Size Changer) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}
[2013/07/12 00:13:35 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 20:01:50 | 000,000,000 | ---D | M] (Image Picker) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/13 14:34:13 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/17 20:29:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\pj3kgqd2.default\extensions
[2013/01/22 18:55:02 | 000,066,364 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\[email protected]
[2013/01/22 18:54:39 | 002,284,120 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\5aekgxr3.Default User2\extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
[2013/04/18 20:02:16 | 000,087,601 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\[email protected]
[2013/04/18 20:02:39 | 000,068,740 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\[email protected]
[2013/04/18 20:02:39 | 002,478,880 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\{7b90e860-5d61-11e0-80e3-0800200c9a66}.xpi
[2013/04/18 20:02:16 | 001,414,197 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\kj4ygv8y.default-1358899667407\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
[2013/08/07 20:01:50 | 000,109,379 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/27 22:09:46 | 000,053,803 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 20:01:50 | 000,052,187 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/23 21:43:12 | 000,269,092 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/29 21:43:13 | 000,320,147 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/09 12:39:27 | 000,113,140 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 00:00:10 | 000,088,434 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/04/18 22:15:16 | 000,094,803 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]_Noia4dev.xpi
[2013/07/04 21:45:56 | 000,152,889 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/04 22:01:12 | 000,004,905 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/07/22 22:20:36 | 000,353,425 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/05 16:39:24 | 000,240,755 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/04 22:28:33 | 000,004,539 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/09 13:46:43 | 000,187,236 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/06/13 22:20:31 | 000,017,757 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\[email protected]
[2013/08/07 20:01:50 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/07/25 22:04:40 | 000,023,087 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}.xpi
[2013/08/07 20:01:50 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/07/04 17:38:56 | 000,048,903 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi
[2013/06/11 14:19:15 | 000,125,320 | ---- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
[2013/08/07 00:00:10 | 001,449,063 | R--- | M] () (No name found) -- C:\Users\RIGO\AppData\Roaming\Mozilla\Firefox\Profiles\n5m4u5o9.default-1366334104149\extensions\{faf13420-5e24-11e0-80e3-0800200c9a66}.xpi
[2013/08/17 20:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/15 21:50:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/17 12:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/04 18:08:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/08/17 20:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/07/04 18:00:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/04 18:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\[email protected]
[2013/07/04 17:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013/07/04 17:59:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/07/11 16:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2013/08/12 19:33:09 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O3 - HKLM\..\Toolbar: (Sticky Password Toolbar) - {AC02E217-6E13-4F14-9BAC-D7BA27C1E912} - C:\Program Files (x86)\Sticky Password\spIEBho.dll (Lamantine Software a.s.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files (x86)\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Sticker] C:\Program Files (x86)\Sticker\Sticker.exe (trion)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [StickyPassword] C:\Program Files (x86)\Sticky Password\stpass.exe (Lamantine Software a.s.)
O4 - HKCU..\Run: [xwidget] C:\Program Files (x86)\XWidget\xwidget.exe (xwidget.com)
O4 - Startup: C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{833B7B77-AE2F-429E-AE62-A586F8191956}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C63867C0-F8B9-4190-B9EF-5B499D70B5C1}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\RIGO\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\RIGO\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Program Files (x86)\WinFax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/17 20:54:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/17 20:42:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/17 20:38:52 | 001,159,319 | ---- | C] (Thisisu) -- C:\Users\RIGO\Desktop\JRT.exe
[2013/08/17 20:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013/08/13 22:24:52 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/11 19:24:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.exe
[2013/08/11 14:54:56 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Documents\GomPlayer
[2013/08/11 14:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
[2013/08/11 14:54:17 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\GRETECH
[2013/08/11 13:20:12 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Media Player Classic
[2013/08/10 22:09:15 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Daum
[2013/08/10 20:47:47 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\OpenOffice
[2013/08/10 18:51:06 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Freemake Music Box
[2013/08/10 18:50:49 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Documents\Freemake
[2013/08/10 18:50:10 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/08/10 18:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/08/10 18:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013/08/10 18:49:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013/08/10 18:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/08/10 17:52:49 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0
[2013/08/10 17:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2013/08/10 16:49:05 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Streaming Video Downloader
[2013/08/10 16:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Streaming Video Downloader
[2013/08/10 16:45:11 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Documents\Hanso Recorder
[2013/08/10 16:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hanso Recorder
[2013/08/10 16:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hanso Recorder
[2013/08/09 20:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\spotflux
[2013/08/09 14:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sanwhole
[2013/08/06 22:18:04 | 000,049,240 | ---- | C] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/08/06 22:18:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\{33CC04A6-7C06-4D73-B22D-D63FE2603F84}
[2013/08/06 22:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiLogger
[2013/08/06 22:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AntiLogger
[2013/08/05 16:39:23 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\GetGo Software
[2013/08/05 16:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GetGo Software
[2013/08/01 22:22:44 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\wurst
[2013/07/31 18:10:23 | 000,000,000 | ---D | C] -- C:\Users\RIGO\.swt
[2013/07/31 18:09:26 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotflux
[2013/07/31 18:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spotflux
[2013/07/31 18:03:10 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\.spotflux
[2013/07/30 19:59:01 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\emaze
[2013/07/30 14:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\iQNotes
[2013/07/28 21:54:57 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gmail Notifier
[2013/07/23 13:21:29 | 000,000,000 | ---D | C] -- C:\Users\RIGO\Desktop\utmp
[2013/07/23 13:16:44 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Awesomium
[2013/07/23 13:13:24 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Badosoft
[2013/07/23 13:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Badosoft
[2013/07/19 21:23:25 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\PotPlayer64
[2013/07/19 13:13:00 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\PotPlayerMini64
[2013/07/19 13:11:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Daum
[2013/07/19 13:08:54 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Daum
[2013/07/19 13:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
[2013/07/19 13:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\DAUM
[2013/07/19 13:04:56 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Local\Aurora Software
[2013/07/19 13:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aurora Software
[2013/07/18 22:33:43 | 000,000,000 | ---D | C] -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/04/12 13:18:48 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\RIGO\AppData\Roaming\pcouffin.sys
[2012/12/08 20:16:38 | 014,794,312 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe

========== Files - Modified Within 30 Days ==========

[2013/08/17 22:29:53 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/17 22:29:53 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/17 22:21:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/17 20:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/17 20:29:29 | 000,000,163 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/08/17 13:13:30 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/08/16 13:57:10 | 001,159,319 | ---- | M] (Thisisu) -- C:\Users\RIGO\Desktop\JRT.exe
[2013/08/16 13:56:32 | 000,666,633 | ---- | M] () -- C:\Users\RIGO\Desktop\adwcleaner.exe
[2013/08/13 22:27:18 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/13 22:27:18 | 000,662,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/13 22:27:18 | 000,122,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/13 20:50:24 | 000,012,899 | ---- | M] () -- C:\Users\RIGO\Documents\geeks1.odt
[2013/08/12 22:13:43 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\Hanso Recorder.lnk
[2013/08/12 22:13:03 | 000,002,118 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2013/08/12 19:33:09 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/11 19:23:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RIGO\Desktop\OTL.exe
[2013/08/10 22:13:07 | 000,443,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/10 18:50:09 | 000,001,214 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Music Box.lnk
[2013/08/10 18:43:02 | 000,001,205 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013/08/10 17:52:49 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
[2013/08/10 16:49:05 | 000,001,264 | ---- | M] () -- C:\Users\RIGO\Desktop\Streaming Video Downloader.lnk
[2013/08/10 16:45:11 | 000,001,069 | ---- | M] () -- C:\Users\RIGO\Application Data\Microsoft\Internet Explorer\Quick Launch\Hanso Recorder.lnk
[2013/08/09 20:02:26 | 000,001,851 | ---- | M] () -- C:\Users\RIGO\Desktop\Spotflux.lnk
[2013/08/09 00:25:54 | 000,000,600 | ---- | M] () -- C:\Users\RIGO\PUTTY.RND
[2013/08/08 00:39:49 | 000,034,134 | ---- | M] () -- C:\Windows\CUAppUsage.Dat
[2013/08/07 22:26:00 | 000,001,270 | ---- | M] () -- C:\Users\RIGO\Documents\cc_20130807_222553.reg
[2013/08/06 22:18:04 | 000,049,240 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/08/06 22:18:00 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\AntiLogger.lnk
[2013/08/05 22:09:02 | 000,000,792 | ---- | M] () -- C:\Users\RIGO\Documents\cc_20130805_220855.reg
[2013/08/04 23:00:27 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\Surf Anonymous Free.lnk
[2013/08/03 22:38:47 | 000,014,866 | ---- | M] () -- C:\Users\RIGO\Documents\cc_20130803_223834.reg
[2013/07/30 22:02:22 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/07/25 22:13:47 | 000,000,228 | ---- | M] () -- C:\Users\RIGO\Desktop\u.ini
[2013/07/22 22:40:42 | 000,002,036 | ---- | M] () -- C:\Users\RIGO\Desktop\KCleaner.lnk
[2013/07/22 22:17:38 | 000,008,956 | ---- | M] () -- C:\Users\RIGO\Documents\cc_20130722_221733.reg

========== Files Created - No Company Name ==========

[2013/08/17 20:29:18 | 000,000,163 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/08/17 12:43:04 | 000,666,633 | ---- | C] () -- C:\Users\RIGO\Desktop\adwcleaner.exe
[2013/08/13 20:50:23 | 000,012,899 | ---- | C] () -- C:\Users\RIGO\Documents\geeks1.odt
[2013/08/11 14:54:25 | 000,002,118 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2013/08/10 18:50:09 | 000,001,214 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Music Box.lnk
[2013/08/10 17:52:49 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
[2013/08/10 16:49:05 | 000,001,264 | ---- | C] () -- C:\Users\RIGO\Desktop\Streaming Video Downloader.lnk
[2013/08/10 16:45:11 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\Hanso Recorder.lnk
[2013/08/10 16:45:11 | 000,001,069 | ---- | C] () -- C:\Users\RIGO\Application Data\Microsoft\Internet Explorer\Quick Launch\Hanso Recorder.lnk
[2013/08/07 22:25:55 | 000,001,270 | ---- | C] () -- C:\Users\RIGO\Documents\cc_20130807_222553.reg
[2013/08/06 22:18:00 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\AntiLogger.lnk
[2013/08/05 22:08:58 | 000,000,792 | ---- | C] () -- C:\Users\RIGO\Documents\cc_20130805_220855.reg
[2013/08/03 22:38:45 | 000,014,866 | ---- | C] () -- C:\Users\RIGO\Documents\cc_20130803_223834.reg
[2013/07/31 19:58:36 | 000,001,851 | ---- | C] () -- C:\Users\RIGO\Desktop\Spotflux.lnk
[2013/07/30 19:59:01 | 000,001,220 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk
[2013/07/25 22:04:16 | 000,000,228 | ---- | C] () -- C:\Users\RIGO\Desktop\u.ini
[2013/07/23 13:21:31 | 000,000,600 | ---- | C] () -- C:\Users\RIGO\PUTTY.RND
[2013/07/23 13:21:18 | 002,000,488 | ---- | C] () -- C:\Users\RIGO\Desktop\u1301.exe
[2013/07/22 22:40:42 | 000,002,036 | ---- | C] () -- C:\Users\RIGO\Desktop\KCleaner.lnk
[2013/07/22 22:17:35 | 000,008,956 | ---- | C] () -- C:\Users\RIGO\Documents\cc_20130722_221733.reg
[2013/04/12 13:18:48 | 000,007,859 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\pcouffin.cat
[2013/04/12 13:18:48 | 000,001,167 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\pcouffin.inf
[2013/03/17 20:21:01 | 000,034,134 | ---- | C] () -- C:\Windows\CUAppUsage.Dat
[2013/03/16 22:47:22 | 000,000,000 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\wklnhst.dat
[2012/12/22 14:25:43 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/12/03 20:40:58 | 000,000,322 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\burnaware.ini
[2012/12/01 13:47:07 | 000,000,090 | ---- | C] () -- C:\Windows\SysWow64\91207717.sys
[2012/08/23 19:53:29 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/07/10 19:38:40 | 000,000,106 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/06/22 22:10:12 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/28 16:59:14 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/03/02 20:48:53 | 000,079,872 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/01/28 17:56:54 | 006,664,208 | ---- | C] () -- C:\Windows\SysWow64\dvdripcore.dll
[2012/01/28 17:56:49 | 000,066,048 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll
[2011/08/22 16:21:58 | 000,011,545 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\UserTile.png
[2011/05/02 14:41:46 | 000,051,802 | ---- | C] () -- C:\Users\RIGO\4e920be4_b4f8_fcc6_4e920be4_b4f8_fcc6.pdf
[2009/12/23 21:25:28 | 000,000,436 | ---- | C] () -- C:\Users\RIGO\AppData\Roaming\mainhst.zgh
[2009/11/14 16:22:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 08:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 08:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 08:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/14 12:21:31 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\.dvdcss
[2013/08/09 21:02:46 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\.spotflux
[2013/02/09 23:09:30 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\1-abc
[2011/04/29 14:46:06 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\4Media
[2009/11/14 15:56:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\4Team
[2013/05/03 22:12:26 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\7 Sticky Notes
[2011/11/26 23:16:27 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Abelssoft
[2009/11/14 15:56:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\AbleFaxTifView
[2013/04/17 13:28:24 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Actual Tools
[2012/05/05 15:55:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\AnnVideo
[2011/11/26 23:21:59 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\AnvSoft
[2013/08/05 15:01:00 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Ashampoo
[2011/10/04 18:59:21 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Atari
[2009/04/27 11:14:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Audio Caller ID
[2013/04/13 12:30:39 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Aunsoft
[2012/04/25 18:02:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\AutoHideIP
[2012/03/18 19:38:59 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Avanquest
[2013/07/23 13:16:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Awesomium
[2012/05/03 22:19:31 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Big Angry Dog
[2013/03/01 13:49:16 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\BinaryMark
[2013/03/20 22:50:26 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\BleachBit
[2010/10/07 21:19:47 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Blueberry
[2012/11/15 22:11:57 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\BlueSprig
[2012/09/12 15:23:16 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Byngo
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\com.AccuWeather.air.stratus.6AF67E59E785A9A644FCA43BED05A7731922EF40.1
[2009/04/27 17:17:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Cool Record Edit Deluxe
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Cool Record Edit Pro
[2012/04/02 19:00:50 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Creevity Mp3 Cover Downloader
[2013/06/11 19:51:42 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\CuteReminder
[2012/05/09 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\DAEMON Tools Lite
[2009/09/04 18:15:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\DAEMON Tools Pro
[2012/05/18 22:26:32 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Digiarty
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Diodia
[2013/04/04 12:29:05 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Downloaded Installations
[2011/10/28 23:12:18 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Dream Aquarium
[2013/08/10 18:43:18 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\DVDVideoSoft
[2011/07/10 18:53:05 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\EurekaLog
[2012/11/01 20:10:45 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Expert PDF Reader
[2010/06/27 17:44:04 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Facebook
[2013/02/15 00:10:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\FileOpen
[2012/08/27 14:02:34 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Firetrust
[2013/05/15 15:53:46 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\FN Clock
[2013/05/11 18:22:01 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Focus Mp3 Recorder
[2012/11/01 19:57:21 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Foxit Software
[2010/12/27 22:52:56 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Foxreal
[2013/04/16 18:50:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Free Audio Editor
[2013/05/31 22:43:16 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Free Easy Audio Recorder
[2012/08/13 22:18:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Free Mp3 Wma Ogg Converter
[2009/04/27 11:11:12 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Free Sound Recorder
[2010/10/10 11:16:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\FreeBurner
[2010/09/30 20:14:27 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\FreeFLVConverter
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Gabob.NowBoarding.B1EDF665FD3C3F3F09EA618A6CFE5BBDBDB5E912.1
[2012/04/10 13:16:04 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Gaijin Ent
[2012/06/24 20:36:12 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Get from YouTube
[2013/08/05 16:39:23 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\GetGo Software
[2007/01/01 04:10:02 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\GlarySoft
[2012/12/01 13:51:12 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Glarysoft Giveaway
[2012/04/17 20:29:34 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\HamsterSoft
[2011/05/24 14:00:12 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Image Zone Express
[2012/07/10 19:38:14 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Intermedia Software
[2013/03/10 22:48:50 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\IrfanView
[2013/04/27 13:33:24 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\KC Softwares
[2012/09/20 15:32:51 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\KeePass
[2012/11/22 15:03:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\kingsoft
[2013/04/09 22:41:51 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Kristanix Software
[2013/03/12 22:53:36 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Lamantine
[2009/11/14 15:56:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Leadertech
[2012/11/21 22:00:10 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Light Developer
[2012/03/18 21:15:46 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Littlelan
[2010/09/14 13:40:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\LogSys
[2012/04/08 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\MAGIX
[2011/09/23 19:58:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Marine Aquarium 3
[2013/04/07 12:50:27 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\MediaFilters
[2011/04/03 13:37:51 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\mediAvatar
[2011/08/20 13:38:40 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Modiac
[2012/07/08 20:18:37 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\MP3 Editor for Free
[2012/08/12 22:38:14 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Mp3tag
[2012/03/02 20:51:25 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\mresreg
[2012/08/14 22:15:06 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\MusicBrainz
[2013/07/18 20:19:15 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\NeoDownloader
[2013/02/15 00:10:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Nitro
[2013/06/08 14:22:38 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Nitro PDF
[2012/04/10 14:28:28 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Oberon Media
[2013/03/11 21:00:23 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\onOne Software
[2013/08/10 20:47:47 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\OpenOffice
[2011/04/28 21:16:14 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\OpenOffice.org
[2013/01/15 21:42:28 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Opera
[2013/04/16 21:11:18 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Participatory Culture Foundation
[2012/11/18 19:24:23 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Pavtube
[2010/11/26 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PCHC
[2011/08/05 12:48:36 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PearlMountainSoft
[2011/03/17 19:54:39 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PhotoScape
[2013/05/02 23:08:15 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Pixpedia Publisher
[2009/11/14 15:57:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PlayFirst
[2013/07/19 21:23:25 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PotPlayer64
[2013/07/19 13:13:00 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PotPlayerMini64
[2010/02/17 23:22:47 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\PPStream
[2013/04/18 21:21:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Preme for Windows
[2009/11/14 15:57:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Printer Info Cache
[2012/04/17 21:54:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Privacy Guardian
[2012/04/09 21:59:11 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Product_FR
[2010/10/28 17:23:57 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Publish Providers
[2012/08/15 22:10:34 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Smart Audio Editor
[2009/12/23 21:09:05 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Smart PDF Converter Pro
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Snappy Fax
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Snappy Fax Archives
[2011/10/02 14:13:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Softland
[2012/10/21 22:16:43 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SoftMaker
[2012/11/01 22:56:38 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SomePDF
[2013/05/31 21:28:07 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Sonarca Sound Recorder Free
[2010/10/28 17:25:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Sony
[2012/06/26 15:36:39 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Sound Editor Pro
[2012/10/27 23:02:45 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Spotify
[2013/04/23 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\StarBurn
[2012/07/04 16:49:42 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Steganos
[2013/06/14 00:34:54 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Sticker
[2013/02/15 20:17:47 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SumatraPDF
[2012/04/25 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\SurfAnonymousFree
[2013/08/15 16:50:19 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Swifturn Free Audio Editor
[2009/11/14 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Template
[2013/07/18 22:37:23 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\TheImageCollector
[2010/02/13 22:36:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Thinstall
[2011/11/21 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\URSoft
[2011/04/21 12:26:57 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\visualsearchpony.com
[2013/04/14 18:49:56 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Vso
[2010/12/08 12:31:28 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\VSRevoGroup
[2011/08/15 16:03:40 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\WaveMax Sound Editor
[2009/03/02 23:09:20 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Windows Live Writer
[2012/07/11 20:36:58 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\WindSolutions
[2013/08/01 22:22:44 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\wurst
[2013/07/03 22:07:14 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\XnView
[2012/05/09 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\ZipGenius
[2013/03/01 14:03:55 | 000,000,000 | ---D | M] -- C:\Users\RIGO\AppData\Roaming\Zoner

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/05/19 11:30:15 | 000,000,000 | ---- | M] ()(C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z?????????????????????????????????) -- C:\Windows\SysWow64\☚簐읞耠㌍駕팿萸㽪셴㍌⠊桇઀튅笵哢箼᠘ᐖṆ☚ਃ州઀픳㾙㣓檄琿⡓圦聘ℌ鞿㠤⼅籪㖽೰騐[ঀ౶➌耩팒㉞㈍⵭Ĝ刘룠澦ꥬᒿᓴဎꀒ뜌耘䐉垣࿴풬䝉ሌ栚♢猢㸂ᡚᩘธ儦઀ꄉ⎏⏀쇩᠄Ḟ儌ಀ깂撊䬃ꇼ쀧戄倔ಀ桄ኝ㉸꯾腩숫ሒ᠚ᠬ摬⹒Җ瀐夘ڀ홳촞ொఄ຀鎴ꃀ꘶懼翛羵党₃鎬ᠰ峌긌ⱐႌ聝稉䑮착ই犹ఄ⩸聉騎胎ឿ鳹ꇑ䱏੮౤၌聍帍℠慭䅰㥋㶴냣ఄఢ聑墲ຌ퓒솕喒蹜ێ襖藍ꆲ诽䨄堖ᐘ奌ঀ䕞廒ꒆѲ儶ހ촺௙઀ȓဌ聍昍�≎蟗ź뙆ꃁఄᐺ胑儍因尐︾ᱜ햐ሒ獒ᐂࡶภ⁣獒ယ聹ꨔꕡ荫꛶ꓝ痊אַᆯⲒ೗擟
[2013/05/19 11:30:15 | 000,000,000 | ---- | C] ()(C:\Windows\SysWow64\??????????????????????????????????H???????[????????G????????????????????????????????????????????????????????????????????????3???????????????????????????????????????????????????????????????????????z?????????????????????????????????) -- C:\Windows\SysWow64\☚簐읞耠㌍駕팿萸㽪셴㍌⠊桇઀튅笵哢箼᠘ᐖṆ☚ਃ州઀픳㾙㣓檄琿⡓圦聘ℌ鞿㠤⼅籪㖽೰騐[ঀ౶➌耩팒㉞㈍⵭Ĝ刘룠澦ꥬᒿᓴဎꀒ뜌耘䐉垣࿴풬䝉ሌ栚♢猢㸂ᡚᩘธ儦઀ꄉ⎏⏀쇩᠄Ḟ儌ಀ깂撊䬃ꇼ쀧戄倔ಀ桄ኝ㉸꯾腩숫ሒ᠚ᠬ摬⹒Җ瀐夘ڀ홳촞ொఄ຀鎴ꃀ꘶懼翛羵党₃鎬ᠰ峌긌ⱐႌ聝稉䑮착ই犹ఄ⩸聉騎胎ឿ鳹ꇑ䱏੮౤၌聍帍℠慭䅰㥋㶴냣ఄఢ聑墲ຌ퓒솕喒蹜ێ襖藍ꆲ诽䨄堖ᐘ奌ঀ䕞廒ꒆѲ儶ހ촺௙઀ȓဌ聍昍�≎蟗ź뙆ꃁఄᐺ胑儍因尐︾ᱜ햐ሒ獒ᐂࡶภ⁣獒ယ聹ꨔꕡ荫꛶ꓝ痊אַᆯⲒ೗擟
[2011/03/23 20:01:12 | 000,000,000 | ---D | M](C:\Windows\SysNative\?š) -- C:\Windows\SysNative\买š
[2011/03/23 20:01:12 | 000,000,000 | ---D | C](C:\Windows\SysNative\?š) -- C:\Windows\SysNative\买š

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\RIGO\Documents\bebe1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\RIGO\Documents\bebe.jpg:Roxio EMC Stream

< End of report >
  • 0

#15
Jasmyne

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
All of the entries that were removed were undesirable programs or malicious files. We will get the connection working properly again, sometimes malware removal is a bit tricky.

Step 1 - Run OTL Fix
Warning: This fix was created specifically for the problems on this computer ONLY. If you are not this user, do NOT follow these directions as they could do more damage to your computer.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image


  • Please copy all of the text in the code box below. To do this, highlight everything inside the code box, right click and click Copy.

    :Commands
    [createrestorepoint]
    
    :Files
    netsh winsock reset catalog /c
    netsh int ip reset /c
    
    :Commands
    [emptytemp]
  • Please re-open OTL on your desktop.
  • Place the mouse pointer inside the Custom Scans/Fixes textbox, right click and click Paste. This will put the above script inside the textbox.
  • Click the Run Fix button.

    Posted Image
  • Let the program run unhindered.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A report will open. Copy and Paste that report in your next reply. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

Step 2 - Run aswMBR
Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Step 3 - Run ComboFix

**VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
Download ComboFix from
here
or here.

NOTES TO READ BEFORE RUNNING THE SCAN:
  • *IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
  • If after the reboot you get errors about programs being marked for deletion then reboot, that will cure it.

To begin the scan:
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console

    Posted Image
  • ComboFix will then extract it's files before beginning the scan.

    Posted Image
  • Please be patient as the scan begins. It states typically no more than 10 minutes, but most times on an infected machine it can take much longer.

    Posted Image
  • When finished, it will produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

~~~~~~~~~~~~~~~~~~~~ Things Needed for Your Next Post ~~~~~~~~~~~~~~~~~~~~
1. OTL Fix
2. aswMBR Log
3. ComboFix Log
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP