Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

redirects, pop ups, pc repair site pop ups [Solved]


  • This topic is locked This topic is locked

#1
melint

melint

    Member

  • Member
  • PipPipPip
  • 166 posts
hi my pc is going crazy!! nothing but redirects, pc repair pop ups, it's terrible. I ran super anti spyware which I downloaded from this site. it found a couple of Trojans and other issues but I ran the fix and it supposedly fixed it, but it's still doing this. I ran otl and here is the log
I would appreciate any help thanks so much ;)

OTL logfile created on: 8/13/2013 9:08:45 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads\Software
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 44.83% Memory free
5.93 Gb Paging File | 3.81 Gb Available in Paging File | 64.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.75 Gb Total Space | 67.04 Gb Free Space | 50.88% Space Free | Partition Type: NTFS
Drive E: | 2.00 Gb Total Space | 1.96 Gb Free Space | 98.14% Space Free | Partition Type: NTFS

Computer Name: MELINDA | User Name: gabriella_angelika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/13 08:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\Software\OTL.exe
PRC - [2013/08/06 20:52:54 | 000,046,368 | ---- | M] (Microsoft) -- C:\Users\gabriella_angelika\AppData\Roaming\Web Layers\desktop.exe
PRC - [2013/06/11 19:15:35 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/05/23 15:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/15 20:50:11 | 000,107,520 | ---- | M] () -- C:\Users\gabriella_angelika\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2013/05/14 20:08:19 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/08 01:18:34 | 002,852,640 | ---- | M] (Conduit) -- C:\Users\gabriella_angelika\AppData\Roaming\SearchProtect\bin\cltmng.exe
PRC - [2013/05/08 01:18:34 | 000,097,056 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/04/21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/04/05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/04/05 12:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/04/05 12:58:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2013/03/08 13:46:08 | 000,489,272 | ---- | M] (PC Health Labs) -- C:\Program Files\PC Health Kit\PCHKSmartScan.exe
PRC - [2013/03/08 13:45:52 | 001,083,704 | ---- | M] (PC Health Labs) -- C:\Program Files\PC Health Kit\PCHKReminder.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/07/27 15:08:52 | 000,474,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012/07/27 15:03:40 | 000,724,576 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012/04/09 10:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011/12/28 13:40:48 | 006,148,096 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
PRC - [2011/10/11 12:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/02/24 21:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/02/24 21:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/03/03 07:29:40 | 000,286,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\MyAgtTry.exe
PRC - [2010/01/12 14:27:35 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SAService.exe
PRC - [2009/12/03 19:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/09/09 12:51:22 | 000,221,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2009/08/25 11:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/25 11:57:44 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/30 16:49:34 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/30 16:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/27 18:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/06/18 12:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/06/02 20:03:20 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
PRC - [2009/06/02 20:01:44 | 000,014,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
PRC - [2009/04/03 12:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/15 16:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/08/28 15:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/12 14:55:33 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a7a3ebc76a454af37918211506e81e31\System.Management.ni.dll
MOD - [2013/07/12 08:20:22 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/12 08:20:14 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/12 08:19:50 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/12 08:19:46 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/12 08:19:45 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/12 08:19:35 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/05/16 00:33:37 | 002,052,096 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/05/16 00:33:36 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/10/05 05:53:24 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/12/28 14:13:24 | 003,522,048 | ---- | M] () -- C:\Program Files\Free Download Manager\fdmbtsupp.dll
MOD - [2011/12/28 12:49:20 | 000,187,904 | ---- | M] () -- C:\Program Files\Free Download Manager\iefdmdm.dll
MOD - [2011/12/28 12:49:14 | 000,086,528 | ---- | M] () -- C:\Program Files\Free Download Manager\fdmumsp.dll
MOD - [2011/12/28 12:48:54 | 000,230,400 | ---- | M] () -- C:\Program Files\Free Download Manager\iefdm2.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/24 21:08:36 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/02/24 20:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/02/15 13:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 13:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 13:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 13:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 12:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2009/07/30 16:49:52 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/06/17 14:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 14:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 14:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/08/28 15:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
MOD - [2007/08/28 15:06:54 | 000,910,624 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.dll


========== Services (SafeList) ==========

SRV - [2013/08/06 20:52:56 | 000,050,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Web Layers\updater.exe -- (WebUpdater)
SRV - [2013/06/11 19:51:59 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/23 15:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/15 20:50:11 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\gabriella_angelika\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/08 01:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/07/27 15:08:52 | 000,474,208 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/04/09 10:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/11/10 15:31:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/12 14:27:35 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\6173\SAService.exe -- (SiteAdvisor Service)
SRV - [2009/12/03 19:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/09/09 12:51:22 | 000,221,024 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2009/08/25 11:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/06/18 12:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/13 13:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/02 20:03:20 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)
SRV - [2009/06/02 20:01:44 | 000,014,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/15 16:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - [2012/06/20 09:43:02 | 002,957,312 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/13 17:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 17:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/14 00:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/01/08 05:23:00 | 000,316,416 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/11/13 19:20:28 | 000,114,688 | ---- | M] (Ricoh co.,Ltd.) [2 MP series] [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U876.sys -- (5U876UVC)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 05:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/05/15 21:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/15 21:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/15 21:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/15 21:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/15 21:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/04/29 11:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {E5507F95-54F5-49BD-97CD-6CF1CC9610F7}
IE - HKLM\..\SearchScopes\{026DA1BB-1F63-488F-BAF2-EFA6E0473A77}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...99-DFEAE923EDA6
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.ask.com?o=14196&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {E5507F95-54F5-49BD-97CD-6CF1CC9610F7}
IE - HKCU\..\SearchScopes\{026DA1BB-1F63-488F-BAF2-EFA6E0473A77}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{0711B8F5-C453-4CE2-9556-F354188DFA10}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...66-B257AB733567
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{6D2B8DDC-8BC7-4C40-9FBD-7F31FAE5EAA1}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474}: "URL" = http://www.startnow....ion=6.1-x86-SP0
IE - HKCU\..\SearchScopes\{E5507F95-54F5-49BD-97CD-6CF1CC9610F7}: "URL" = http://search.condui...8421732018&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3289663.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "InternetHelper3.1 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...9-DFEAE923EDA6"
FF - prefs.js..extensions.enabledAddons: lspeaker%40lyricsspeaker.net:1.125
FF - prefs.js..extensions.enabledAddons: firefox%40weblayers.co:1.0.0
FF - prefs.js..extensions.enabledAddons: %7B07cbf788-1359-421b-a4e3-5a8d041b90a3%7D:10.16.9.506
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://search.condui...219617&UM=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\gabriella_angelika\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\gabriella_angelika\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\LyricsSpeaker\125.xpi [2013/07/23 20:23:22 | 000,006,993 | ---- | M] ()

[2013/05/15 21:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Extensions
[2013/08/13 08:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions
[2013/08/11 17:21:28 | 000,000,000 | ---D | M] (InternetHelper3.1) -- C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
[2013/08/06 20:52:52 | 000,015,156 | ---- | M] () (No name found) -- C:\Users\gabriella_angelika\AppData\Roaming\mozilla\firefox\profiles\6u4179qc.default\extensions\[email protected]
[2013/08/11 16:43:45 | 000,001,108 | ---- | M] () -- C:\Users\gabriella_angelika\AppData\Roaming\mozilla\firefox\profiles\6u4179qc.default\searchplugins\internethelper31-customized-web-search.xml
[2013/08/11 16:43:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/03 22:19:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/11 16:43:21 | 000,000,000 | ---D | M] (SySaver) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/08/13 08:11:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/03 22:19:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

========== Chrome ==========

CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainkhhbgcdbenmmbaoacambbhjfgnmmm\2.0.3.8_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apifmdobolibbidmcdlofnnenabonodd\1.0.0.2_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko\10.16.1.21_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekmkdkefndbeciggfanobcemjnppbbb\1.7.1.0_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.10.2_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmbighdoomjmebfbgplfmhcdbomjkoa\1.1.0.3_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkljdkflooidjlkahdnfgodflkelkai\1.2_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiffdaigjahnndmjpkccgiklpmhkfckh\1.6.8.1_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\innimmmamipenpklmoafgkgidfhfemhb\1.3.2_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.16.4.512_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgeophbbmfgkjghdgfgelpipdoclljo\1.125_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.17_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeahddlmhbcabnnojadgimmiaaplfpfo\1.0.2_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlfohjgijhjlpidbbnmcdooegafnnnm\1.0_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.3_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (InternetHelper3.1 Toolbar) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O2 - BHO: (LyricsSpeaker) - {18FD5330-A5FC-43D2-8B96-7EA1C50F526F} - C:\Program Files\LyricsSpeaker\125.dll (LyricsSpeaker LTD)
O2 - BHO: (SySaver) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\gabriella_angelika\AppData\Local\SySaver\temp.dat File not found
O2 - BHO: (LessTabs) - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\gabriella_angelika\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Web Layers) - {976d7863-9e6c-4066-8c67-0993db9de35f} - C:\Program Files\Web Layers\IEClient.dll (Web Layers)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (smartdownloader Class) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files\SockshareDownloader\smarterdownloader.dll (TODO: <Company name>)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (InternetHelper3.1 Toolbar) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (InternetHelper3.1 Toolbar) - {07CBF788-1359-421B-A4E3-5A8D041B90A3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.Exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim] C:\Program Files\Conduit\CT3289663\plugins\TBVerifier.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Driver Pro] C:\Program Files\Driver Pro\DPLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [PC Health Kit] C:\Program Files\PC Health Kit\PCHKLauncher.exe (PC Health Labs)
O4 - HKCU..\Run: [SearchProtect] C:\Users\gabriella_angelika\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [StartNow Search Protect] "C:\Program Files\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Web Desktop] C:\Users\gabriella_angelika\AppData\Roaming\Web Layers\desktop.exe (Microsoft)
O4 - Startup: C:\Users\gabriella_angelika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlipToast.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: netflix.com ([www] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0007EDE4-6FFB-4886-A88F-D56E861F267C}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94031C3B-6F7D-4837-8B68-5944900F9616}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.350.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{624ee89d-15f8-11e1-8ba1-70f3952a656b}\Shell - "" = AutoRun
O33 - MountPoints2\{624ee89d-15f8-11e1-8ba1-70f3952a656b}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O33 - MountPoints2\{6ead9a0f-3e0b-11e0-b44b-70f3952a656b}\Shell - "" = AutoRun
O33 - MountPoints2\{6ead9a0f-3e0b-11e0-b44b-70f3952a656b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/13 08:58:20 | 000,000,000 | ---D | C] -- C:\Downloads
[2013/08/11 16:43:18 | 000,000,000 | ---D | C] -- C:\Users\gabriella_angelika\AppData\Local\SySaver
[2013/08/11 16:43:15 | 000,000,000 | ---D | C] -- C:\Users\gabriella_angelika\AppData\Roaming\Web Layers
[2013/08/11 16:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Web Layers
[2013/08/11 16:42:49 | 000,000,000 | ---D | C] -- C:\Users\gabriella_angelika\AppData\Roaming\PC Health Kit
[2013/08/11 16:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit
[2013/08/11 16:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\PC Health Kit
[2013/08/11 16:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\InternetHelper3.1
[2013/08/11 16:42:03 | 000,000,000 | ---D | C] -- C:\Users\gabriella_angelika\AppData\Roaming\Free Download Manager
[2013/08/11 16:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2013/08/11 16:41:56 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager
[2013/08/09 07:29:34 | 000,289,144 | ---- | C] (S!Ri) -- C:\windows\System32\VCCLSID.exe
[2013/08/09 07:29:34 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\windows\System32\VACFix.exe
[2013/08/09 07:29:34 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\windows\System32\IEDFix.exe
[2013/08/09 07:29:34 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\windows\System32\IEDFix.C.exe
[2013/08/09 07:29:34 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\windows\System32\404Fix.exe
[2013/08/09 07:29:34 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\windows\System32\o4Patch.exe
[2013/08/09 07:29:34 | 000,079,360 | ---- | C] (SteelWerX) -- C:\windows\System32\swxcacls.exe
[2013/08/09 07:29:34 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\windows\System32\Agent.OMZ.Fix.exe
[2013/08/09 07:29:33 | 000,288,417 | ---- | C] (S!Ri) -- C:\windows\System32\SrchSTS.exe
[2013/08/09 07:29:33 | 000,135,168 | ---- | C] (SteelWerX) -- C:\windows\System32\swreg.exe
[2013/08/09 07:27:47 | 000,000,000 | ---D | C] -- C:\Users\gabriella_angelika\AppData\Roaming\SUPERAntiSpyware.com
[2013/08/09 07:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/08/09 07:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/08/09 07:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/08/07 14:38:20 | 000,000,000 | R--D | C] -- C:\Users\gabriella_angelika\Desktop\jenny's pic from iphone
[2013/08/02 12:55:52 | 000,000,000 | R--D | C] -- C:\Users\gabriella_angelika\Desktop\Melin's Iphone pics
[2013/08/02 12:50:59 | 000,000,000 | R--D | C] -- C:\Users\gabriella_angelika\Desktop\Ella's video's
[2013/08/02 12:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/07/23 20:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsSpeaker
[2013/07/14 19:28:25 | 000,000,000 | ---D | C] -- C:\Casino
[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/13 08:54:00 | 000,000,968 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3877071108-993608342-3046881854-1004UA.job
[2013/08/13 08:51:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/08/13 08:49:00 | 000,000,960 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3877071108-993608342-3046881854-1002UA.job
[2013/08/13 08:29:01 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/13 08:29:01 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/13 08:21:35 | 000,000,398 | ---- | M] () -- C:\windows\tasks\LyricsSpeaker Update.job
[2013/08/13 08:20:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/08/13 08:20:34 | 2387,816,448 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/12 22:54:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3877071108-993608342-3046881854-1004Core.job
[2013/08/12 18:58:01 | 000,000,500 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for gabriella_angelika.job
[2013/08/12 14:02:56 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3877071108-993608342-3046881854-1002Core.job
[2013/08/11 17:18:45 | 000,000,372 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForgabriella_angelika.job
[2013/08/11 16:42:47 | 000,000,975 | ---- | M] () -- C:\Users\gabriella_angelika\Desktop\PC Health Kit.lnk
[2013/08/11 16:42:41 | 000,000,009 | ---- | M] () -- C:\END
[2013/08/11 16:42:03 | 000,000,985 | ---- | M] () -- C:\Users\gabriella_angelika\Desktop\Free Download Manager.lnk
[2013/08/10 13:56:55 | 000,458,648 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/08/09 07:27:45 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/02 12:43:30 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/07/23 21:35:47 | 000,660,546 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/07/23 21:35:47 | 000,121,442 | ---- | M] () -- C:\windows\System32\perfc009.dat
[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/11 16:42:47 | 000,000,975 | ---- | C] () -- C:\Users\gabriella_angelika\Desktop\PC Health Kit.lnk
[2013/08/11 16:42:03 | 000,000,985 | ---- | C] () -- C:\Users\gabriella_angelika\Desktop\Free Download Manager.lnk
[2013/08/09 07:29:34 | 000,075,776 | ---- | C] () -- C:\windows\System32\WS2Fix.exe
[2013/08/09 07:29:34 | 000,051,200 | ---- | C] () -- C:\windows\System32\dumphive.exe
[2013/08/09 07:29:33 | 000,040,960 | ---- | C] () -- C:\windows\System32\swsc.exe
[2013/08/09 07:27:45 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/02 12:43:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/08/02 12:43:30 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/05/15 21:11:06 | 000,256,000 | R--- | C] () -- C:\windows\PEV.exe
[2013/05/15 21:11:05 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/05/15 21:11:05 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/05/15 21:11:05 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/05/15 20:50:19 | 000,000,884 | RHS- | C] () -- C:\Users\gabriella_angelika\ntuser.pol
[2011/08/06 11:49:49 | 000,001,849 | ---- | C] () -- C:\Users\gabriella_angelika\AppData\Roaming\GhostObjGAFix.xml
[2010/12/27 20:16:18 | 000,018,432 | ---- | C] () -- C:\Users\gabriella_angelika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/10 20:23:46 | 000,000,902 | ---- | C] () -- C:\Users\gabriella_angelika\AppData\Local\recently-used.xbel
[2010/11/08 20:11:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/12/10 20:12:47 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\com.w3i.FlipToast
[2013/05/15 20:50:11 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\DefaultTab
[2013/05/15 20:50:36 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\Driver Pro
[2013/08/13 09:16:38 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\Free Download Manager
[2012/05/11 17:08:04 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\FrostWire
[2010/12/10 20:23:46 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\gtk-2.0
[2010/11/09 15:58:55 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\ooVoo Details
[2012/05/11 12:31:16 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\OpenCandy
[2013/08/11 16:42:49 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\PC Health Kit
[2013/05/15 15:43:21 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\player
[2013/08/11 16:41:57 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\SearchProtect
[2013/05/15 21:16:08 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\Strongvault
[2013/08/13 08:22:34 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\Web Layers

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,409 posts
Hello Melint, Welcome to Malware Removal section of the forum.

My name is SleepyDude I will be helping you with your Computer problem. I know that having a computer with problems can be very frustrating but I will do my best to help you fixing the issue.

Please note I'm currently in training, all my responses will be revised by my Teacher before I post so expect a slight delay between replies. On the bright side, you have two people to examine your problem!

Sometimes this can be a long process, it's very important that you stay with me and follow all my instructions to the letter until I declare your machine is clean.

I have compiled a list of guidelines you must take in consideration so that the helping process goes smooth for you and for me:

  • Please perform all steps in the order they are listed in each set of instructions
  • Don't install/uninstall any software or run any other cleaning tools besides the ones I ask you to use
    • Running other programs can interfere with the tools we use and have unpredicted results. Also I need to know what is going on with your machine at any time
  • If possible avoid using the computer for other tasks until we finish the cleaning process
    • The reason for this is because it can make the malware infection worst and more difficult to clean. Some malware can download updates from the internet when you use the computer
  • Please don't attach your logs instead Copy & Paste the information to your post unless specifically instructed to do so
  • Please read every post completely before doing anything if you have some doubts or questions please ask before continuing

IMPORTANT: At GeeksToGo we do our best to help you solving the problem but sometimes things don't go as planned. To be safe than sorry you should Backup your important data to a safe place, anywhere except on the computer with problems.

The all fixing process need to be executed from a user account with Administrator privileges also some of the tasks need to be executed in Safe Mode, you should save or print the instructions for use when you don't have access to the forum.

I need some time to revise your log in the meantime can you please post the Extras.txt log OTL created on C:\Downloads\Software?
Also I would like you to move the OTL.exe located on the same folder to the Desktop. Thanks.
  • 0

#3
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
thanks so much for your help. i have since downloaded fire fox. i already had it but had deleted it and was hoping that would fix things. i ran the otl scan and then downloaded fire fox again. i do understand now not to download anything until we fix this issue. here is the extras you requested.

OTL Extras logfile created on: 8/13/2013 9:08:45 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads\Software
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 44.83% Memory free
5.93 Gb Paging File | 3.81 Gb Available in Paging File | 64.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.75 Gb Total Space | 67.04 Gb Free Space | 50.88% Space Free | Partition Type: NTFS
Drive E: | 2.00 Gb Total Space | 1.96 Gb Free Space | 98.14% Space Free | Partition Type: NTFS

Computer Name: MELINDA | User Name: gabriella_angelika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0502D879-42E2-4769-AFCC-1C59781268BC}" = rport=139 | protocol=6 | dir=out | app=system |
"{106A9653-68A1-4F2E-9B57-CC34BA67B2EF}" = lport=138 | protocol=17 | dir=in | app=system |
"{166CAC01-C051-446B-8FB1-B27E10F89807}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{26CD0927-40D5-4994-A514-46725FFB35FD}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F62660C-2BBF-4AEA-BC4F-6F99D43BACCD}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{30BE4B68-CD12-4E65-BA96-7117A31BF9C8}" = lport=137 | protocol=17 | dir=in | app=system |
"{3375D5A8-7976-4EC2-9D94-73CEA5BB7447}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3ACA843E-E769-4D14-B9E9-A3D53D5580C6}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{3E7D216F-75AC-4AB3-A5C4-0803ECC8B7AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3EDDBD79-4257-4574-8C89-FE67CBA8C76E}" = lport=139 | protocol=6 | dir=in | app=system |
"{40F9E4BC-4B16-4913-9BD8-A0BA2D156D93}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{41094C9E-6A53-4210-B76B-EB42A8A8C5B8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{43F3B54B-05FF-4BA0-A063-EAF3A952683D}" = rport=137 | protocol=17 | dir=out | app=system |
"{4701EC8D-A22C-4B01-8316-03C6E1B7920B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59B5877B-DCC0-4FB6-9033-B87B62E1FA3E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{751F003C-8D09-4E7C-A3D0-5F1DFA10BBB4}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{85D6DDCE-B2D9-4B2D-953B-DBA2CDC5E220}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9AEACB54-87E8-4492-9F80-832689F8297C}" = lport=445 | protocol=6 | dir=in | app=system |
"{9B5D0C26-81BF-45A8-89CC-EDF0756D273C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CE4C19E-B97C-42B8-913A-68877FB0C005}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A81267FD-05E2-4B63-833C-F582C8E772F9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{ACE15FCB-311D-4898-8A0A-5991F4009DA6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC245281-E7F0-4BDC-A449-763B1FFE57DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C06A5562-AEB7-481A-BD18-43F1A317BE86}" = rport=138 | protocol=17 | dir=out | app=system |
"{C47A516E-72D8-441F-91B0-538B7F00F338}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C4C828A3-062F-46F2-830C-5718ED56A445}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D783AA78-5D73-4C15-B67F-00C9D47F3E1D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F46C10E8-E0AC-47B0-96B6-41E2DAE3DA6D}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{069E697E-7D51-4676-A64C-1E26AFD361AC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0A3732A4-EC3D-4736-B72C-6A9593445A69}" = dir=in | app=c:\program files\plex\plex media server\plex media server.exe |
"{0E037FD1-14CD-439C-982F-FD095CED1933}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{1440C800-F2DB-4494-97EF-D77C261F2A5B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1A1C58D7-6FB5-4D0B-819D-3C19C9322693}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{229FA626-FE0F-4BCB-9586-9D6C3ABF2BA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2479DEEC-E3AB-4069-A6E7-2FE2BF5AE747}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{267132BD-AF92-4E52-9DAC-A6BA37DC9AC1}" = protocol=58 | dir=out | [email protected],-28546 |
"{271B8662-FF25-4120-AE39-C8284890288C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{293567B8-6EAF-49B0-B0E0-88A0FAA60330}" = dir=in | app=c:\program files\plex\plex media server\plexscripthost.exe |
"{2C04547A-17A4-4A8D-952B-2DACA7C2A621}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2CDDF72B-7414-4730-B694-59EB3DE8D9E7}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{308ACF54-307A-4920-BFB3-25F48FB1876A}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{42E8185B-7619-40DE-A0F8-31175BA31EF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47EF4992-A428-4CE5-9D15-0385C10C2AD4}" = protocol=1 | dir=out | [email protected],-28544 |
"{4C0097F1-96DB-40EE-BAB5-EB6FD1136D46}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{528CDCE9-AE57-465A-99AA-CCAD83C58269}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{53409943-937A-466F-994B-B75BA92C2AFC}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{556C2EAF-AC6B-4684-88C7-C8A2F9846F65}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{5998D099-3144-4F04-859F-AF56FB2CDDB8}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{5A33528E-513B-454A-95C7-B2753927D0EF}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{5A77159B-220F-4EFA-9794-F8149257B61E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6021EFCB-D945-4E63-B247-F336E48B8930}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{62D742FB-2615-4262-9772-EC120A65ACBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{766FCFCA-91F4-4AE0-8116-B4E2FC10898D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7670B435-D0F5-43DC-B1C0-26A666590060}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{76896A11-8866-4FBF-BCCF-DB319FDBAF0A}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{7A1B47E8-78A8-4038-9897-B4A5F65D0BA5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7DE6822C-1E8C-4DAE-86D8-4251F4AF4603}" = protocol=58 | dir=in | [email protected],-28545 |
"{7FFDC18B-9038-46DD-A651-7EE7DFBC1BF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{86240485-EB26-42D5-A137-B18C9AFAC21C}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{8646D00B-2FC5-44EC-A23C-4FD40C22CFA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{88CEF952-D3B7-4A3F-856C-5592A3E5F84B}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{9FA51E86-13D2-4AD4-869A-EB27E0A25335}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{9FC29897-C7CA-4913-B9CC-29212F6213C7}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{A554F546-D650-4DA1-85D0-3D099A79A72C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BB05DA86-342B-4B47-B476-48C36A7D2B2B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB9DA8CF-154A-43C7-A16E-4A6BD1332B9E}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{BEE2C7E9-4637-4C23-893A-A74F1F2A2608}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{C48EC046-B559-4189-A985-657FF379A378}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C883B5F6-BB47-4605-9426-C270E1B3E08C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC20EA97-ED3B-4885-A39C-FD335A6FB572}" = protocol=1 | dir=in | [email protected],-28543 |
"{D1D0949C-AD97-4F06-9812-D20A379BD942}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D60ED2B6-F676-48C7-ADCB-BAACB67345B9}" = protocol=6 | dir=out | app=system |
"{FA7CD5DF-6613-4435-87A4-146E10062BE6}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{FAD94E91-D8C7-4F7B-B580-8AAE70E9EC9D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD49AF5F-7C87-48F9-ADDC-3B3B2BC27B0E}" = dir=in | app=c:\program files\plex\plex media server\plexdlnaserver.exe |
"TCP Query User{0562F70F-46A6-43C0-B60C-4FC149C81D47}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{20508A5E-6351-419C-BA39-9266DDA8726E}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{5CFE2E55-E24C-4A34-9B84-2AE713C7183A}C:\program files\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files\symantec\norton online backup\nobuclient.exe |
"TCP Query User{6154C5FA-1D83-4185-BE2C-F7BB3505895E}C:\program files\symantec\norton online backup\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files\symantec\norton online backup\nobuclient.exe |
"TCP Query User{679C8A5F-883F-4F8A-827C-7D06B6A96DF6}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"TCP Query User{AC0E8DA1-796A-4A2F-8E08-ED91EBD401D1}C:\program files\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"TCP Query User{CC5BAC08-69E1-402E-8899-BDD5FCD064A8}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{CF932977-1CAE-4CBF-92E0-E92F60EEE88A}C:\users\gabriella_angelika\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\gabriella_angelika\appdata\roaming\spotify\spotify.exe |
"TCP Query User{D4F8E53E-7F0F-4880-9977-7E117E4C436C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{1B128360-D49E-44BB-8950-5E843330DF82}C:\program files\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files\symantec\norton online backup\nobuclient.exe |
"UDP Query User{2378501F-8723-46EF-8447-D3D9BE0A8EAB}C:\program files\symantec\norton online backup\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files\symantec\norton online backup\nobuclient.exe |
"UDP Query User{3B1BD328-F658-4F13-9CA8-94F05A307E00}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{4F091571-1737-4E0A-893B-B304D38175F0}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{88977295-0E5C-44EA-99AF-4E0A370325FE}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{897AB4B5-0224-4888-BAB6-1DF93BA1F381}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"UDP Query User{A08BB471-5A27-4D81-8B0F-7F82EF580B3B}C:\program files\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"UDP Query User{CD1DB18C-66C2-4980-8D92-599BE097398F}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{D1B04AFD-0EDB-40B6-99D0-C6C11A12BDBD}C:\users\gabriella_angelika\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\gabriella_angelika\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10DD6128-A810-4A90-9523-475D573FBB37}" = PlayMemories Home
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{299625B9-6C69-462C-9CEA-8E06D878B1C5}" = HP 3D DriveGuard
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}" = HP Software Setup
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7EFEE754-EA7D-A79B-8DDA-65CADCAF1AB4}" = Catalyst Control Center InstallProxy
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8420E346-3A6E-4F6B-B275-5AF7ACE995BD}" = Plex Media Server
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87CA636B-85B8-4611-A81D-F97E71024AFD}" = HP Common Access Service Library
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8F0EDF80-31C2-FA10-DEE8-BD435A5F7D61}" = ATI Catalyst Install Manager
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007
"{90120000-0015-0416-0000-0000000FF1CE}_PROHYBRIDR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
"{90120000-0016-0416-0000-0000000FF1CE}_PROHYBRIDR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
"{90120000-0018-0416-0000-0000000FF1CE}_PROHYBRIDR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
"{90120000-0019-0416-0000-0000000FF1CE}_PROHYBRIDR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
"{90120000-001A-0416-0000-0000000FF1CE}_PROHYBRIDR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007
"{90120000-001B-0416-0000-0000000FF1CE}_PROHYBRIDR_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_PROHYBRIDR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROHYBRIDR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_PROHYBRIDR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_PROHYBRIDR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
"{90120000-006E-0416-0000-0000000FF1CE}_PROHYBRIDR_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0344B38-378B-47E0-BDCC-977785D24768}" = Integrated Camera Driver Installer Package Ver.1.33.110.0
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}" = HP Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E045FAC9-0B70-4796-AD3A-7035E89CE536}" = SCR3xxx Smart Card Reader
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBDEA960-D5D6-4047-91C7-C2064072A409}" = HP User Guides 0136
"{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}" = VAFPlayer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFBDA363-A033-4F32-8DE0-AEF0F105410E}" = HP ESU for Microsoft Windows 7
"1ClickDownload" = SockshareDownloader
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"DefaultTab" = DefaultTab
"Driver Pro_is1" = Driver Pro v3.0
"Free Download Manager_is1" = Free Download Manager 3.8
"FrostWire 5" = FrostWire 5.3.8
"InternetHelper3.1 Toolbar" = InternetHelper3.1 Toolbar
"LessTabs" = LessTabs
"LSI Soft Modem" = LSI HDA Modem
"[email protected]" = LyricsSpeaker
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee SiteAdvisor" = McAfee Browser Protection Service
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MVS" = McAfee Virus and Spyware Protection Service
"NSS" = Norton Security Scan
"PC Health Kit_is1" = PC Health Kit v3.2
"PDF Complete" = PDF Complete Special Edition
"PROHYBRIDR" = 2007 Microsoft Office system
"SearchProtect" = Search Protect by conduit
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Web Layers" = Web Layers 3.0.0
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/23/2013 8:10:51 PM | Computer Name = Melinda | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/23/2013 8:10:51 PM | Computer Name = Melinda | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5429

Error - 5/23/2013 8:10:51 PM | Computer Name = Melinda | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5429

Error - 5/23/2013 8:10:52 PM | Computer Name = Melinda | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/23/2013 8:10:52 PM | Computer Name = Melinda | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6505

Error - 5/23/2013 8:10:52 PM | Computer Name = Melinda | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6505

Error - 5/23/2013 8:10:53 PM | Computer Name = Melinda | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/23/2013 8:10:53 PM | Computer Name = Melinda | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7753

Error - 5/23/2013 8:10:53 PM | Computer Name = Melinda | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7753

Error - 5/23/2013 8:12:52 PM | Computer Name = Melinda | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Hewlett-Packard Events ]
Error - 4/28/2011 8:19:23 PM | Computer Name = gabriellajara | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041128081917.xml
File not created by asset agent

Error - 4/28/2011 8:19:27 PM | Computer Name = gabriellajara | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\041128081923.xml
File not created by asset agent

Error - 8/6/2011 12:49:46 PM | Computer Name = gabriellajara | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\081106124941.xml
File not created by asset agent

Error - 10/31/2011 9:50:48 AM | Computer Name = gabriellajara | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\101131095042.xml
File not created by asset agent

Error - 12/11/2011 3:49:52 PM | Computer Name = gabriellajara | Source = HPSF.exe | ID = 4000
Description =

Error - 12/11/2011 3:50:12 PM | Computer Name = gabriellajara | Source = HPSF.exe | ID = 4000
Description =

Error - 12/11/2011 3:50:12 PM | Computer Name = gabriellajara | Source = HPSF.exe | ID = 4000
Description =

Error - 6/27/2012 3:47:33 PM | Computer Name = gabriellajara | Source = HPSFMsgr.exe | ID = 2000
Description =

Error - 2/19/2013 12:08:23 AM | Computer Name = gabriellajara | Source = HPSFMsgr.exe | ID = 2000
Description =

[ HP Software Framework Events ]
Error - 6/7/2013 7:00:18 PM | Computer Name = Melinda | Source = hpqwmiex | ID = 5
Description = 2013/06/07 18:00:18.365|000013AC|Error |ChpqWmiExModule::Start|The
hpqwmiex service failed to start (1063). A system restart may correct this problem.

Error - 6/17/2013 6:51:23 PM | Computer Name = Melinda | Source = hpqwmiex | ID = 5
Description = 2013/06/17 17:51:23.938|00000F8C|Error |ChpqWmiExModule::Start|The
hpqwmiex service failed to start (1063). A system restart may correct this problem.

[ Media Center Events ]
Error - 5/8/2013 6:31:35 PM | Computer Name = Melinda | Source = MCUpdate | ID = 0
Description = 5:31:28 PM - Error connecting to the internet. 5:31:28 PM - Unable
to contact server..

Error - 5/29/2013 4:08:28 PM | Computer Name = Melinda | Source = MCUpdate | ID = 0
Description = 3:08:28 PM - Error connecting to the internet. 3:08:28 PM - Unable
to contact server..

Error - 5/29/2013 4:08:39 PM | Computer Name = Melinda | Source = MCUpdate | ID = 0
Description = 3:08:34 PM - Error connecting to the internet. 3:08:34 PM - Unable
to contact server..

Error - 6/17/2013 4:49:59 PM | Computer Name = Melinda | Source = MCUpdate | ID = 0
Description = 3:49:54 PM - Error connecting to the internet. 3:49:54 PM - Unable
to contact server..

Error - 6/17/2013 6:18:40 PM | Computer Name = Melinda | Source = MCUpdate | ID = 0
Description = 5:18:39 PM - Error connecting to the internet. 5:18:39 PM - Unable
to contact server..

[ System Events ]
Error - 8/12/2013 2:53:09 PM | Computer Name = Melinda | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 8/12/2013 4:47:16 PM | Computer Name = Melinda | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 8/12/2013 4:55:11 PM | Computer Name = Melinda | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 8/12/2013 8:38:10 PM | Computer Name = Melinda | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 8/13/2013 6:03:39 AM | Computer Name = Melinda | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 8/13/2013 8:52:35 AM | Computer Name = Melinda | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 8/13/2013 9:20:40 AM | Computer Name = Melinda | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 8/13/2013 9:20:40 AM | Computer Name = Melinda | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 8/13/2013 9:21:37 AM | Computer Name = Melinda | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the WebUpdater
service to connect.

Error - 8/13/2013 9:21:37 AM | Computer Name = Melinda | Source = Service Control Manager | ID = 7000
Description = The WebUpdater service failed to start due to the following error:
%%1053


< End of report >
  • 0

#4
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,409 posts
Hello Melint,

I have checked your logs and found a Rogue program, some Adware and Unwanted programs that we need to take care, lets start...


!!! P2P Warning !!!

I notice there are signs of some P2P (Peer-to-Peer) File Sharing Programs on your computer.
The P2P technology can be used for legit downloads but many people use them to download stuff like music, movies, software with cracks/keygens that is illegal and violate the intellectual property rights. This kind of downloads its proven to be a major source of problems because its very common they include Virus, Trojans and all kinds of malware that can damage your computer and should be avoided at all cost if you want to keep your system safe and you safe from lawsuits. Please uninstall the following Peer-to-Peer program(s): Frostwire.

GeeksToGo does not recommend using such programs and I advise you to remove them.


Step 1 - Uninstall Programs

Please open Start > Control Panel > Uninstall a program or Programs and Features if in Classic View, locate these programs on the list and uninstall them:
  • SockshareDownloader
  • DefaultTab
  • InternetHelper3.1 Toolbar
  • LessTabs
  • LyricsSpeaker
  • PC Health Kit v3.2
  • Search Protect by conduit
  • Web Layers 3.0.0
    Optional removal but recommended:
  • FrostWire 5.3.8
  • Norton Security Scan (Not very useful installed bundled with other software)
Note: If you can't uninstall any of the programs on the list don't worry we will remove it latter just move to the next item.


Step 2 - OTL Fix

!!! Warning !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

  • Right click on the icon Posted Image and choose Run as Administrator to execute the tool. Make sure all other windows are closed and to let it run uninterrupted.
    Do not change any other settings unless otherwise told to do so.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :Commands
    [CreateRestorePoint]
    
    :OTL
    SRV - [2013/08/06 20:52:56 | 000,050,464 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Web Layers\updater.exe -- (WebUpdater)
    SRV - [2013/05/15 20:50:11 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\gabriella_angelika\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
    SRV - [2013/05/08 01:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
    IE - HKLM\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {E5507F95-54F5-49BD-97CD-6CF1CC9610F7}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...99-DFEAE923EDA6
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.ask.com?o=14196&l=dis
    IE - HKCU\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes,DefaultScope = {E5507F95-54F5-49BD-97CD-6CF1CC9610F7}
    IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...66-B257AB733567
    IE - HKCU\..\SearchScopes\{6D2B8DDC-8BC7-4C40-9FBD-7F31FAE5EAA1}: "URL" = http://search.condui...q={searchTerms}
    IE - HKCU\..\SearchScopes\{A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474}: "URL" = http://www.startnow....ion=6.1-x86-SP0
    IE - HKCU\..\SearchScopes\{E5507F95-54F5-49BD-97CD-6CF1CC9610F7}: "URL" = http://search.condui...8421732018&UM=2
    FF - prefs.js..browser.search.defaultenginename: "InternetHelper3.1 Customized Web Search"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=61&CUI=UN41162856902219617&UM=2&UP=SP829D3159-B85A-48C3-9299-DFEAE923EDA6"
    FF - prefs.js..extensions.enabledAddons: lspeaker%40lyricsspeaker.net:1.125
    FF - prefs.js..extensions.enabledAddons: firefox%40weblayers.co:1.0.0
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN41162856902219617&UM=2&q="
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\LyricsSpeaker\125.xpi [2013/07/23 20:23:22 | 000,006,993 | ---- | M] ()
    [2013/08/11 17:21:28 | 000,000,000 | ---D | M] (InternetHelper3.1) -- C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}
    [2013/08/06 20:52:52 | 000,015,156 | ---- | M] () (No name found) -- C:\Users\gabriella_angelika\AppData\Roaming\mozilla\firefox\profiles\6u4179qc.default\extensions\[email protected]
    [2013/08/11 16:43:45 | 000,001,108 | ---- | M] () -- C:\Users\gabriella_angelika\AppData\Roaming\mozilla\firefox\profiles\6u4179qc.default\searchplugins\internethelper31-customized-web-search.xml
    [2013/08/11 16:43:21 | 000,000,000 | ---D | M] (SySaver) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O2 - BHO: (InternetHelper3.1 Toolbar) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
    O2 - BHO: (LyricsSpeaker) - {18FD5330-A5FC-43D2-8B96-7EA1C50F526F} - C:\Program Files\LyricsSpeaker\125.dll (LyricsSpeaker LTD)
    O2 - BHO: (SySaver) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\gabriella_angelika\AppData\Local\SySaver\temp.dat File not found
    O2 - BHO: (LessTabs) - {3178A392-8963-471E-B7A2-969CB58D6496} - C:\Program Files\LessTabs\IE32\LessTabsClientIE.dll (LessTabs)
    O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\gabriella_angelika\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
    O2 - BHO: (Web Layers) - {976d7863-9e6c-4066-8c67-0993db9de35f} - C:\Program Files\Web Layers\IEClient.dll (Web Layers)
    O2 - BHO: (smartdownloader Class) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files\SockshareDownloader\smarterdownloader.dll (TODO: <Company name>)
    O3 - HKLM\..\Toolbar: (InternetHelper3.1 Toolbar) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (InternetHelper3.1 Toolbar) - {07CBF788-1359-421B-A4E3-5A8D041B90A3} - C:\Program Files\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
    O4 - HKCU..\Run: [ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim] C:\Program Files\Conduit\CT3289663\plugins\TBVerifier.dll (Conduit Ltd.)
    O4 - HKCU..\Run: [PC Health Kit] C:\Program Files\PC Health Kit\PCHKLauncher.exe (PC Health Labs)
    O4 - HKCU..\Run: [SearchProtect] C:\Users\gabriella_angelika\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
    O4 - HKCU..\Run: [StartNow Search Protect] "C:\Program Files\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT File not found
    O4 - HKCU..\Run: [Web Desktop] C:\Users\gabriella_angelika\AppData\Roaming\Web Layers\desktop.exe (Microsoft)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
    O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
    [2013/08/11 16:43:18 | 000,000,000 | ---D | C] -- C:\Users\gabriella_angelika\AppData\Local\SySaver
    [2013/08/11 16:43:15 | 000,000,000 | ---D | C] -- C:\Users\gabriella_angelika\AppData\Roaming\Web Layers
    [2013/08/11 16:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Web Layers
    [2013/08/11 16:42:49 | 000,000,000 | ---D | C] -- C:\Users\gabriella_angelika\AppData\Roaming\PC Health Kit
    [2013/08/11 16:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit
    [2013/08/11 16:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\PC Health Kit
    [2013/08/11 16:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\InternetHelper3.1
    [2013/08/09 07:29:34 | 000,289,144 | ---- | C] (S!Ri) -- C:\windows\System32\VCCLSID.exe
    [2013/08/09 07:29:34 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\windows\System32\VACFix.exe
    [2013/08/09 07:29:34 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\windows\System32\IEDFix.exe
    [2013/08/09 07:29:34 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\windows\System32\IEDFix.C.exe
    [2013/08/09 07:29:34 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\windows\System32\404Fix.exe
    [2013/08/09 07:29:34 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\windows\System32\o4Patch.exe
    [2013/08/09 07:29:34 | 000,079,360 | ---- | C] (SteelWerX) -- C:\windows\System32\swxcacls.exe
    [2013/08/09 07:29:34 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\windows\System32\Agent.OMZ.Fix.exe
    [2013/08/09 07:29:33 | 000,288,417 | ---- | C] (S!Ri) -- C:\windows\System32\SrchSTS.exe
    [2013/08/09 07:29:33 | 000,135,168 | ---- | C] (SteelWerX) -- C:\windows\System32\swreg.exe
    [2013/07/23 20:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\LyricsSpeaker
    [2013/08/13 08:21:35 | 000,000,398 | ---- | M] () -- C:\windows\tasks\LyricsSpeaker Update.job
    [2013/08/12 18:58:01 | 000,000,500 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for gabriella_angelika.job
    [2013/08/11 16:42:47 | 000,000,975 | ---- | M] () -- C:\Users\gabriella_angelika\Desktop\PC Health Kit.lnk
    [2013/08/11 16:42:41 | 000,000,009 | ---- | M] () -- C:\END
    [2013/08/11 16:42:47 | 000,000,975 | ---- | C] () -- C:\Users\gabriella_angelika\Desktop\PC Health Kit.lnk
    [2013/08/09 07:29:34 | 000,075,776 | ---- | C] () -- C:\windows\System32\WS2Fix.exe
    [2013/08/09 07:29:34 | 000,051,200 | ---- | C] () -- C:\windows\System32\dumphive.exe
    [2013/08/09 07:29:33 | 000,040,960 | ---- | C] () -- C:\windows\System32\swsc.exe
    [2013/05/15 21:11:06 | 000,256,000 | R--- | C] () -- C:\windows\PEV.exe
    [2013/05/15 21:11:05 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2013/05/15 21:11:05 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2013/05/15 21:11:05 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2013/05/15 20:50:11 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\DefaultTab
    [2012/05/11 17:08:04 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\FrostWire
    [2012/05/11 12:31:16 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\OpenCandy
    [2013/08/11 16:41:57 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\SearchProtect
    [2013/05/15 21:16:08 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\Strongvault
    
    :Files
    C:\Program Files\SearchProtect
    C:\Program Files\LessTabs
    C:\Program Files\SockshareDownloader
    C:\Program Files\Conduit
    C:\Program Files\StartNow Toolbar
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{556C2EAF-AC6B-4684-88C7-C8A2F9846F65}"=-
    "{76896A11-8866-4FBF-BCCF-DB319FDBAF0A}"=- 
    "{BB9DA8CF-154A-43C7-A16E-4A6BD1332B9E}"=-
    "{FA7CD5DF-6613-4435-87A4-146E10062BE6}"=-
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EmptyTemp]
    [Reboot]
    
  • click the Run Fix button at the top
  • click OK
Notes:
  • When OTL executes the Fix it can shut down all running processes and you may lose the desktop and icons, but they will return on reboot
  • OTL may ask to reboot the machine. Please accept right away.
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.


Step 3 - Junkware Removal Tool (JRT)

Download JRT to your Desktop
  • Disable your AntiVirus and AntiSpyware applications
    (If you have difficulty properly disabling your security programs, refer to this link.)
  • Right click on the icon Posted Image and choose Run as Administrator. Make sure all other windows are closed & follow the prompts.
    (The tool will start scanning your system please be patient as this can take a while to complete depending on your system's specifications and the program you have installed)
  • On completion Notepad will open showing the log JRT.txt (the log is saved to your desktop). Please copy and paste its contents on your next reply
  • Re-enable your AntiVirus and AntiSpyware applications


Step 4 - Scan with Adwcleaner

Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Right click on the Adwcleaner icon and choose Run as Administrator to execute the program
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • please copy/paste the generated log to your next reply. This report is also saved to C:\AdwCleaner[R1].txt

Things I would like to see in your next reply:
  • Any problem uninstalling the programs?
  • The OTL Fix log
  • The JRT.txt log
  • AdwCleaner log AdwCleaner[R1].txt

  • 0

#5
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
i copied and pasted the otl log, but somehow it got erased before i sent it. if you can tell me where to find it i will send it. here is the junkware log. i will send each one separate as to not have this problem again






Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.5 (08.13.2013:1)
OS: Windows 7 Professional x86
Ran by gabriella_angelika on Wed 08/14/2013 at 12:45:39.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\free download manager
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\installiqupdater
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\defaulttabbho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsspeaker
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\domaiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\funmoods
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowseractivex
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowseractivex.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\funmoodssetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\funmoodssetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289663
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3294791
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\VAFMusic Conduit_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\VAFMusic Conduit_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DropDownDealsSetup-1C08_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\DropDownDealsSetup-1C08_RASMANCS
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Failed to delete: [Folder] "C:\ProgramData\application data\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\gabriella_angelika\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\gabriella_angelika\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\gabriella_angelika\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\gabriella_angelika\appdata\local\opencandy"
Successfully deleted: [Folder] "C:\Users\gabriella_angelika\appdata\local\swvupdater"
Successfully deleted: [Folder] "C:\Users\gabriella_angelika\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files\domaiq uninstaller"
Successfully deleted: [Folder] "C:\Program Files\mypc backup"
Successfully deleted: [Folder] "C:\Program Files\singalong"
Successfully deleted: [Folder] "C:\Program Files\w3i"
Successfully deleted: [Folder] "C:\Program Files\Common Files\software update utility"
Successfully deleted: [Folder] "C:\windows\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{016D0758-2C2C-4F80-9D93-2BC3128DBF8F}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{03A79D4A-E9FD-4DF3-8448-4835CFA7B818}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{04BCE74E-13B6-4E2C-97E9-5FEFA2FDC4FA}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{06169C73-36FA-4A02-B30D-6F36F76786EB}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{086B6287-FA88-4AB7-B6CA-CE6755FE3350}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{0951FC12-2514-4C46-B843-BAD801E6FA30}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{0A202AF8-FB84-47D8-B3D6-BB92E49F9F36}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{0AEADC13-015C-4971-AC96-BEB4F0C45910}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{0CD53AC9-968B-428A-968A-32B804C952B4}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{0D5A1200-57EF-4BAB-A704-EF158F754655}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{0E51E2EB-138E-4A91-A2A1-8CC2470FFF21}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{0E742867-8BD6-4913-B9EE-1032A3510B76}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{0F05A9D2-9C20-4074-B7F1-4CD3585ABB8E}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{13A65D1B-0746-4DC3-AC76-4164AE64C159}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{18067C37-DD3F-4438-85ED-861B0F3856D5}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{190E2715-DE8B-41D9-93A1-7FF70F77014D}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{1A1EC75E-A2CC-4C1C-B181-5350F26938D5}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{1C3ACAA3-D4B9-4100-B9BC-8CBC0C3AC978}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{1C3DD5EB-8C57-48DD-BDE3-8DE211ABEDAA}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{21C80B88-CFA2-4991-9DC9-32E7B3C117E2}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{22BDE81B-B593-449F-BB26-546C2BCBB184}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{2406E3A5-3174-4065-8A38-9D7797766386}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{28D36843-5C0C-4D2D-B863-ED62D813EE88}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{28FE52D9-5FA3-490A-8AD5-FF8B9774AF60}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{2A0AF711-CBAB-4115-A549-15D316FCBC2D}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{2B2A1C7B-7255-4D35-9D98-3C81B02672EA}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{2B64A35D-B3E3-46BE-A62C-46159E1F38DD}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{2B9CFEAF-42A2-4369-9A83-FBA5C1FFFD12}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{2CFAD516-14A3-45EF-B229-292959BAC367}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{2D921F63-2A19-430D-9E48-91CC75B6655D}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{2DBAB172-9754-47C0-A067-40184E91AE3F}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{313FAB05-B734-40AA-B96A-06A2F7BC2B48}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{31DA94B2-8373-48CB-89E0-2A7BF8E9AA16}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{34527C38-61D9-414E-86EA-E323856CE1FC}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{37D3D75C-1D13-408F-9E0C-1D3827B09AA5}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{399100C3-69CF-44BE-A7D8-61043EC46383}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{39FF375D-1130-4062-871D-7032B95ECB31}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{3B17732A-CABC-49C2-A088-932AC9432BCE}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{3F526DAC-6D90-4B10-BA28-27C35B8EC445}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{40C5467C-7BCD-4BF6-9F65-C496E75428CE}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{42BC2CCC-EAA1-4E8E-A197-582A44DB364A}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{4784F10E-4E09-47E5-874C-B7A6B107903D}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{4D3F954B-C80A-42C2-9537-9EF79D3095E8}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{4E04F952-1015-4DFA-BEFF-BFE216B1541E}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{4E5299AF-C068-4906-9C2E-DFAD13E4F0AE}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{503403E8-A8F4-409A-AB9B-CD2D9164FC99}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{557AEE76-0DDA-4215-9419-D63A8E51A304}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{57F0305A-7A32-498A-9A9C-E6F5370B6816}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{5A5F9F12-ADC6-4F5F-A2D0-75BE3B582004}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{5C918F1E-773F-4E84-A598-BB632508944A}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{5D5F6115-54EE-4C8D-BE09-73BB00377261}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{5F9CC07C-DD56-4F1C-8233-21ED7A42A6FE}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{60040BA9-C354-4FA2-8B3E-5DBCF68D11EA}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{6216C958-9220-475C-95F4-15650E002F57}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{65CDEEC1-C4E8-4F39-9C1D-186515FAF828}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{69BB97ED-6CAF-4953-945D-8FCBE430F8D7}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{69F2494B-4F8C-4B6E-810C-5366419CEB51}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{6A38FD7F-D05D-4207-9637-1B3930F6CF29}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{6C7CCDDB-1C21-4169-BAE6-DB09375A464B}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{6E6B4A1E-7F16-4723-9138-06B06514CB47}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{706E4DBF-C77B-4F4C-8CE1-5587CA15D230}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{70D94855-3D1D-4D5F-8B0B-CB8CE160CA1F}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{728936D5-657C-4DA2-90ED-C973295FF9F3}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{7392C292-A12D-4FA3-8A4A-62F08B422CBC}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{79A36D9C-883E-4A92-864B-1983746D31A5}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{7DCF3D38-774B-498D-9ACE-F2FAB52E745B}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{7F05D49A-8580-4B5D-B6E3-230B97047F8B}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{81340CFE-CCA4-4AE0-A3AF-3DA2ADF52D7B}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{82EDCFC7-53DF-41B6-8CD0-E1253186C99F}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{84200264-9A37-4CFB-A517-B3E6CF8304F2}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{8C8B5E7B-5C7B-4D10-9AB0-930522F99E58}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{8C8CCF62-52C6-4750-A645-7B6EBACFFB99}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{8F221BE5-67CB-413A-9E8F-52D7675B0D95}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{9029A642-61D3-4C7F-8DDE-E78B64DC62E1}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{92543212-E5FE-42AF-A658-B94F85D8BACF}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{96E8B824-147A-4019-838D-090FC5301C3E}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{98FDB698-C511-44B5-83C9-EFC9F5D105BF}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{9A8486E4-E4B8-4C5B-9A9D-52D2F0A40329}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{9CB4C0FD-20B6-4B2E-99E0-122BA1667078}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{9CFC0116-D71E-40EC-871F-7F5D0024766D}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{9D6B04AD-623B-4CD7-A224-4E2F32F4A849}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{9E941AB9-4AB2-40B0-A09D-AB7E159D83DB}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{A24C1420-36D9-4C45-9FE5-CB66863191A2}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{A277D66A-B937-4C88-97F6-828434659E2C}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{A66C9C57-58D3-475E-B4E0-E8C95326A6BD}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{A6A2994C-E1C2-44DD-93F2-C309369694FF}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{A80F9AE9-D8B5-43FD-B873-A71199789D09}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{A9C8BE7A-695F-4465-AC0A-65B3115738C6}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{AD49A738-FA92-42C0-B176-C5ECAF346D52}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{B223BB93-E4FA-4782-8B72-EC19EA3AF8D9}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{B2BAF4DA-C0EB-44FB-90EF-815B140A9110}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{B34047C3-A09D-4226-93AA-EED7FF17CF7A}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{B4C61B29-2608-4CEB-AFBD-552CFE9B55CE}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{B7308F7E-47E2-4A17-AF7A-5005727B6187}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{BACC17CD-3CD7-4BFA-BC46-1F59428730F9}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{BFE172CF-4D2D-4AB8-A299-8F97428604DC}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{C47E28BC-7DCD-4AFB-BBF0-0C76FB08B956}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{C5573490-A3E1-4B59-99C6-B8B05CCC0C95}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{C6182FD5-F463-4E42-953A-173BD74AF60A}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{C7EB6F9B-A01A-4595-A3C6-077771BE0D10}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{C89FC7CA-A2FD-4C3B-8F06-75CFCE548124}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{C8DC7E70-430D-46C3-8809-5E179D2C22E7}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{CE44D1EB-DF9E-412E-9E11-E98B06224A58}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{CF8CCD41-8439-4456-8D88-A6BC71798622}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{CFC6B667-F2E1-4C24-A61B-BF6AFC1AE3F8}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{D245F08F-7CC4-4072-B340-972A1FC181BE}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{D2FFE261-3D5E-4D48-8DE3-4582BF7F1E96}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{D5FB9403-A569-4C33-BE94-6B538B62254E}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{D763A612-04B5-4650-B2DC-B12A0CC7B4C4}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{DAA59BC3-699E-4CA0-B004-1DC4B107C2EA}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{DB91C030-F4E9-47AB-B51B-7176A4904F9D}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{DF87A894-E248-435E-B1A7-A91EB713A089}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{E02651C0-653C-4BE8-80D5-C8A44D192740}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{E032AF9A-9FB1-4A16-B63F-9ACA17FA9990}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{E2EF283B-DCFE-4CA3-8A9E-AC2CB6959230}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{E51B23C1-9ACE-4CFF-A58B-CCB10C02FEBC}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{E7A580D1-1691-4E43-90CA-4D63C65B3AFD}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{EA4FCBE5-79B4-4582-9456-FDC9267B5285}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{EAFAF31B-91E5-46AA-AEFB-7E15FA9DED72}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{ED6B4018-C857-4AF8-BC1E-E0DB8738CB3C}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{EED2B6D1-EF96-4179-9FA6-1B30A4453973}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{EF34C23F-5E8D-4F45-9A42-1C20EC9EF7B1}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{EFF0F1C0-4F0E-4971-AD59-12357B0FC1B9}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{F059A0E1-594B-4209-9B97-EE5CCD3E5731}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{F0FD6CBB-8658-4986-BE66-A5D824E1E9CA}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{F16D1619-CABA-4AA9-A077-70AAB0159127}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{F3AD053A-9837-4EA6-9645-FADD1E234B85}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{F576BE7C-F822-49EC-8870-FE5520A251D1}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{F6215943-1F34-45A7-8FF6-94D6B50249FD}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{F7140993-EEA3-4285-992A-E0B21AFC7C3E}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{F8BC1ADD-B1F0-42E8-BB88-E073DAFF0A3B}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{F923C614-F207-4DF5-A83D-50F4B61AEF90}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{FA024342-0CE8-4823-8879-902B71662646}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{FBF8961F-D299-448A-9459-FBFF69D5B078}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{FD251C0E-E713-4752-A1B2-164229051CBF}
Successfully deleted: [Empty Folder] C:\Users\gabriella_angelika\appdata\local\{FD4BDCAC-7D2F-44DF-8D0F-37052F4F939C}



~~~ FireFox

Successfully deleted: [File] C:\Users\gabriella_angelika\AppData\Roaming\mozilla\firefox\profiles\6u4179qc.default\user.js
Successfully deleted: [File] C:\Users\gabriella_angelika\AppData\Roaming\mozilla\firefox\profiles\6u4179qc.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\gabriella_angelika\AppData\Roaming\mozilla\firefox\profiles\6u4179qc.default\smartbar
Successfully deleted the following from C:\Users\gabriella_angelika\AppData\Roaming\mozilla\firefox\profiles\6u4179qc.default\prefs.js

user_pref("CT3289663.1000082.isPlayDisplay", "true");
user_pref("CT3289663.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.
user_pref("CT3289663.1000234.TWC_TMP_city", "PHOENIX");
user_pref("CT3289663.1000234.TWC_TMP_country", "US");
user_pref("CT3289663.1000234.TWC_country", "UNITED STATES");
user_pref("CT3289663.1000234.TWC_locId", "USAZ0166");
user_pref("CT3289663.1000234.TWC_location", "Phoenix, AZ");
user_pref("CT3289663.1000234.TWC_region", "US");
user_pref("CT3289663.1000234.TWC_temp_dis", "f");
user_pref("CT3289663.1000234.TWC_wind_dis", "mph");
user_pref("CT3289663.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3289663.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3289663.Facebook_Mode.enc", "Mg==");
user_pref("CT3289663.Facebook_User_Locale.enc", "ZW4=");
user_pref("CT3289663.Facebook_ctid_Connect_send_new.enc", "c2VuZGVk");
user_pref("CT3289663.FirstTime", "true");
user_pref("CT3289663.FirstTimeFF3", "true");
user_pref("CT3289663.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN41162856902219617&UM=2&q=");
user_pref("CT3289663.UserID", "UN41162856902219617");
user_pref("CT3289663.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT3289663.browser.search.defaultthis.engineName", true);
user_pref("CT3289663.countryCode", "US");
user_pref("CT3289663.defaultSearch", "true");
user_pref("CT3289663.embeddedsData", "[{\"appId\":\"130067724014616498\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3289663.enableAlerts", "true");
user_pref("CT3289663.enableSearchFromAddressBar", "true");
user_pref("CT3289663.firstTimeDialogOpened", "true");
user_pref("CT3289663.fixPageNotFoundError", "true");
user_pref("CT3289663.fixPageNotFoundErrorByUser", "true");
user_pref("CT3289663.fixPageNotFoundErrorInHidden", "true");
user_pref("CT3289663.fixUrls", true);
user_pref("CT3289663.fullUserID", "UN41162856902219617.IN.20130811164156");
user_pref("CT3289663.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPT
user_pref("CT3289663.installId", "stub.exe");
user_pref("CT3289663.installType", "conduitnsisintegration");
user_pref("CT3289663.isCheckedStartAsHidden", true);
user_pref("CT3289663.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3289663.isFirstTimeToolbarLoading", "false");
user_pref("CT3289663.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT3289663.keyword", true);
user_pref("CT3289663.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=15&CUI=UN4116285690221961
user_pref("CT3289663.lastVersion", "10.16.9.506");
user_pref("CT3289663.migrateAppsAndComponents", true);
user_pref("CT3289663.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.geekstogo.com%2Fforum%2Ftopic%2F332520-redirects-pop-ups-pc-rep
user_pref("CT3289663.openThankYouPage", "false");
user_pref("CT3289663.openUninstallPage", "true");
user_pref("CT3289663.originalHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("CT3289663.originalSearchAddressUrl", "");
user_pref("CT3289663.originalSearchEngine", "Google");
user_pref("CT3289663.originalSearchEngineName", "Google");
user_pref("CT3289663.revertSettingsEnabled", "false");
user_pref("CT3289663.search.searchAppId", "130067724014616498");
user_pref("CT3289663.search.searchCount", "0");
user_pref("CT3289663.searchFromAddressBarEnabledByUser", "true");
user_pref("CT3289663.searchInNewTabEnabledByUser", "true");
user_pref("CT3289663.searchInNewTabEnabledInHidden", "true");
user_pref("CT3289663.searchSuggestEnabledByUser", "true");
user_pref("CT3289663.searchUserMode", "2");
user_pref("CT3289663.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3289663.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT3289663.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289663\"}");
user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://InternetHelper31.OurToolbar.com//xpi\"}");
user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"InternetHelper3.1\"}");
user_pref("CT3289663.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT3289663.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT3289663.serviceLayer_services_Configuration_lastUpdate", "1376430999656");
user_pref("CT3289663.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1376257544395");
user_pref("CT3289663.serviceLayer_services_appsMetadata_lastUpdate", "1376500467716");
user_pref("CT3289663.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1376257544342");
user_pref("CT3289663.serviceLayer_services_login_10.16.9.506_lastUpdate", "1376488192497");
user_pref("CT3289663.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1376257544427");
user_pref("CT3289663.serviceLayer_services_searchAPI_lastUpdate", "1376430999402");
user_pref("CT3289663.serviceLayer_services_serviceMap_lastUpdate", "1376430999348");
user_pref("CT3289663.serviceLayer_services_setupAPI_lastUpdate", "1376257543055");
user_pref("CT3289663.serviceLayer_services_toolbarContextMenu_lastUpdate", "1376257544296");
user_pref("CT3289663.serviceLayer_services_toolbarSettings_lastUpdate", "1376500467544");
user_pref("CT3289663.serviceLayer_services_translation_lastUpdate", "1376430999514");
user_pref("CT3289663.settingsINI", true);
user_pref("CT3289663.shouldFirstTimeDialog", "false");
user_pref("CT3289663.showToolbarPermission", "false");
user_pref("CT3289663.smartbar.CTID", "CT3289663");
user_pref("CT3289663.smartbar.Uninstall", "0");
user_pref("CT3289663.smartbar.homepage", true);
user_pref("CT3289663.smartbar.toolbarName", "InternetHelper3.1 ");
user_pref("CT3289663.startPage", "true");
user_pref("CT3289663.toolbarBornServerTime", "12-8-2013");
user_pref("CT3289663.toolbarCurrentServerTime", "14-8-2013");
user_pref("CT3289663.toolbarLoginClientTime", "Sun Aug 11 2013 16:43:44 GMT-0500 (Central Standard Time)");
user_pref("CT3289663_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1376501042760,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3289663&CUI=UN41162856902219617&UM=2&SearchSource=13");
user_pref("Smartbar.ConduitSearchEngineList", "InternetHelper3.1 Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289663&SearchSource=2&CUI=UN41162856902219617&UM=2&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3289663");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289663&CUI=UN41162856902219617&UM=2&SearchSource=13");
Emptied folder: C:\Users\gabriella_angelika\AppData\Roaming\mozilla\firefox\profiles\6u4179qc.default\minidumps [88 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/14/2013 at 12:48:09.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#6
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,409 posts
Hi,

The OTL fix log can be found in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.

Can you also post the log generated by AdwCleaner?
  • 0

#7
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
# AdwCleaner v3.000 - Report created14/08/2013at12:58:54
# Updated 13/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : gabriella_angelika - MELINDA
# Running from : C:\Users\gabriella_angelika\Desktop\adwcleaner.exe

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [ Shortcuts ] *****


***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7BD9A644-9DC6-42be-8872-CBF5524276BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BE89FFB3-7F9C-4A16-B475-98B195A06628}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4b0f-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16635

Setting Deleted : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://www.google.com/ie

-\\ Mozilla Firefox v23.0 (en-US)


[ File : C:\Users\gabriella_angelika\AppData\Roaming\Mozilla\Firefox\Profiles\6u4179qc.default\prefs.js ]

Line Deleted : user_pref("CT3289663.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Line Deleted : user_pref("CT3289663.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Line Deleted : user_pref("CT3289663.embeddedsData", "[{\"appId\":\"130067724014616498\",\"apiPermissions\":{\"cross[...]
Line Deleted : user_pref("CT3289663.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3289663.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Line Deleted : user_pref("CT3289663.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Line Deleted : user_pref("CT3289663.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3289663.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Line Deleted : user_pref("CT3289663.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Line Deleted : user_pref("CT3289663.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Line Deleted : user_pref("CT3289663.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Line Deleted : user_pref("CT3289663_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

-\\ Google Chrome v

Folder Deleted : C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
[!] Folder Deleted : C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbjibcbpmbcabnfnohhgjjmkgkimajko
Folder Deleted : C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
[!] Folder Deleted : C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
File Deleted : C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

[ File : C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Restored : homepage
Restored : icon_url
Restored : search_url
Restored : suggest_url
Restored : keyword

*************************

AdwCleaner[0].txt - [5874 octets] - [14/08/2013 12:58:54]

########## EOF - C:\AdwCleaner\AdwCleaner[0].txt - [5933 octets] ##########




All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named WebUpdater was found to stop!
Service\Driver key WebUpdater not found.
File C:\Program Files\Web Layers\updater.exe not found.
Error: No service named DefaultTabUpdate was found to stop!
Service\Driver key DefaultTabUpdate not found.
File C:\Users\gabriella_angelika\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe not found.
Error: No service named CltMngSvc was found to stop!
Service\Driver key CltMngSvc not found.
File C:\Program Files\SearchProtect\bin\CltMngSvc.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{07cbf788-1359-421b-a4e3-5a8d041b90a3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ not found.
File C:\Program Files\InternetHelper3.1\prxtbInte.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{07cbf788-1359-421b-a4e3-5a8d041b90a3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ not found.
File C:\Program Files\InternetHelper3.1\prxtbInte.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6D2B8DDC-8BC7-4C40-9FBD-7F31FAE5EAA1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6D2B8DDC-8BC7-4C40-9FBD-7F31FAE5EAA1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A86CB93C-AF88-B5FE-F4D9-E79E5C6A4474}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E5507F95-54F5-49BD-97CD-6CF1CC9610F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5507F95-54F5-49BD-97CD-6CF1CC9610F7}\ not found.
Prefs.js: "InternetHelper3.1 Customized Web Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.condui...9-DFEAE923EDA6" removed from browser.startup.homepage
Prefs.js: lspeaker%40lyricsspeaker.net:1.125 removed from extensions.enabledAddons
Prefs.js: firefox%40weblayers.co:1.0.0 removed from extensions.enabledAddons
Prefs.js: "http://search.condui...219617&UM=2&q=" removed from keyword.URL
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected] not found.
File C:\Program Files\LyricsSpeaker\125.xpi [2013/07/23 20:23:22 | 000,006,993 | ---- | M] not found.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\Plugins folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\modules folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\META-INF folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\lib folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\defaults\preferences folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\defaults folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\components folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\sl folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\lib\jquery.alerts folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\lib folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\core folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\wa folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ui\menu folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ui\gf\js folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ui\gf folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ui\dlg folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ui folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\sp\spsd\images folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\sp\spsd folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\sp\spbd\images folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\sp\spbd folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\sp\js folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\sp folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\options\js\resources folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\options\js folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\options\images folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\options\css folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\options folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\msd folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\api folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ac\res folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ac\img folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ac\css folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\ac folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al\aboutBox folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb\al folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\tb folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\logic\uninstall\dialog\js folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\logic\uninstall\dialog\images folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\logic\uninstall\dialog\css folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\logic\uninstall\dialog folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\logic\uninstall folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content\logic folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663\content folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome\CT3289663 folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\chrome folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions\{07cbf788-1359-421b-a4e3-5a8d041b90a3} folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\firefox\profiles\6u4179qc.default\extensions\[email protected] moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\mozilla\firefox\profiles\6u4179qc.default\searchplugins\internethelper31-customized-web-search.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\api-utils folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\addon-kit folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\tests folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\lib folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\data folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\a folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\resources folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\ecyoivyyjro[email protected]\defaults\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\.svn\tmp\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\.svn\tmp\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\.svn\tmp\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\.svn\tmp folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\.svn\text-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\.svn\props folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\.svn\prop-base folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected]\.svn folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ not found.
File C:\Program Files\InternetHelper3.1\prxtbInte.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18FD5330-A5FC-43D2-8B96-7EA1C50F526F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18FD5330-A5FC-43D2-8B96-7EA1C50F526F}\ not found.
File C:\Program Files\LyricsSpeaker\125.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3178A392-8963-471E-B7A2-969CB58D6496}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3178A392-8963-471E-B7A2-969CB58D6496}\ not found.
File C:\Program Files\LessTabs\IE32\LessTabsClientIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
File C:\Users\gabriella_angelika\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{976d7863-9e6c-4066-8c67-0993db9de35f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{976d7863-9e6c-4066-8c67-0993db9de35f}\ not found.
File C:\Program Files\Web Layers\IEClient.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}\ deleted successfully.
C:\Program Files\SockshareDownloader\smarterdownloader.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07cbf788-1359-421b-a4e3-5a8d041b90a3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ not found.
File C:\Program Files\InternetHelper3.1\prxtbInte.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07CBF788-1359-421B-A4E3-5A8D041B90A3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07CBF788-1359-421B-A4E3-5A8D041B90A3}\ not found.
File C:\Program Files\InternetHelper3.1\prxtbInte.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll not found.
File C:\Program Files\SearchProtect\bin\cltmng.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_nemfjadlboooiffmcelkafilagddogim deleted successfully.
C:\Program Files\Conduit\CT3289663\plugins\TBVerifier.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PC Health Kit not found.
File C:\Program Files\PC Health Kit\PCHKLauncher.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
File C:\Users\gabriella_angelika\AppData\Roaming\SearchProtect\bin\cltmng.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\StartNow Search Protect deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Web Desktop not found.
File C:\Users\gabriella_angelika\AppData\Roaming\Web Layers\desktop.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Activities\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
C:\Users\gabriella_angelika\AppData\Local\SySaver folder moved successfully.
Folder C:\Users\gabriella_angelika\AppData\Roaming\Web Layers\ not found.
Folder C:\Program Files\Web Layers\ not found.
Folder C:\Users\gabriella_angelika\AppData\Roaming\PC Health Kit\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\ not found.
Folder C:\Program Files\PC Health Kit\ not found.
Folder C:\Program Files\InternetHelper3.1\ not found.
C:\Windows\System32\VCCLSID.exe moved successfully.
C:\Windows\System32\VACFix.exe moved successfully.
C:\Windows\System32\IEDFix.exe moved successfully.
C:\Windows\System32\IEDFix.C.exe moved successfully.
C:\Windows\System32\404Fix.exe moved successfully.
C:\Windows\System32\o4Patch.exe moved successfully.
C:\Windows\System32\swxcacls.exe moved successfully.
C:\Windows\System32\Agent.OMZ.Fix.exe moved successfully.
C:\Windows\System32\SrchSTS.exe moved successfully.
C:\Windows\System32\swreg.exe moved successfully.
Folder C:\Program Files\LyricsSpeaker\ not found.
File C:\windows\tasks\LyricsSpeaker Update.job not found.
File C:\windows\tasks\Norton Security Scan for gabriella_angelika.job not found.
File C:\Users\gabriella_angelika\Desktop\PC Health Kit.lnk not found.
C:\END moved successfully.
File C:\Users\gabriella_angelika\Desktop\PC Health Kit.lnk not found.
C:\Windows\System32\WS2Fix.exe moved successfully.
C:\Windows\System32\dumphive.exe moved successfully.
C:\Windows\System32\swsc.exe moved successfully.
C:\Windows\PEV.exe moved successfully.
C:\Windows\sed.exe moved successfully.
C:\Windows\grep.exe moved successfully.
C:\Windows\zip.exe moved successfully.
Folder C:\Users\gabriella_angelika\AppData\Roaming\DefaultTab\ not found.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\xml\data folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\xml folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\themes\valentine_theme folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\themes\red_theme folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\themes\pink_theme folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\themes\party_theme folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\themes\brown_and_pink_theme folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\themes folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\overlays folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images\banners folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\image_cache\static.frostwire.com\images folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\image_cache\static.frostwire.com folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\image_cache folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\azureus\torrents folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\azureus\tmp folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\azureus\plugins folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\azureus\net folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\azureus\logs\save folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\azureus\logs folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\azureus\dht folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\azureus\active folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\azureus folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\FrostWire folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\OpenCandy\OpenCandy_69278432DA1E4B61B6613E244D927258 folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\OpenCandy\OpenCandy_3633B7987C084CC39CE6022AE8A2CE9A folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\OpenCandy\69278432DA1E4B61B6613E244D927258 folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\OpenCandy\3633B7987C084CC39CE6022AE8A2CE9A folder moved successfully.
C:\Users\gabriella_angelika\AppData\Roaming\OpenCandy folder moved successfully.
Folder C:\Users\gabriella_angelika\AppData\Roaming\SearchProtect\ not found.
C:\Users\gabriella_angelika\AppData\Roaming\Strongvault folder moved successfully.
========== FILES ==========
File\Folder C:\Program Files\SearchProtect not found.
File\Folder C:\Program Files\LessTabs not found.
C:\Program Files\SockshareDownloader folder moved successfully.
C:\Program Files\Conduit\CT3289663\plugins folder moved successfully.
C:\Program Files\Conduit\CT3289663 folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
File\Folder C:\Program Files\StartNow Toolbar not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{556C2EAF-AC6B-4684-88C7-C8A2F9846F65} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{556C2EAF-AC6B-4684-88C7-C8A2F9846F65}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{76896A11-8866-4FBF-BCCF-DB319FDBAF0A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76896A11-8866-4FBF-BCCF-DB319FDBAF0A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB9DA8CF-154A-43C7-A16E-4A6BD1332B9E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB9DA8CF-154A-43C7-A16E-4A6BD1332B9E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FA7CD5DF-6613-4435-87A4-146E10062BE6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA7CD5DF-6613-4435-87A4-146E10062BE6}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Downloads\Software\cmd.bat deleted successfully.
C:\Downloads\Software\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 163405 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 2870 bytes

User: All Users

User: Christopher Castillo

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: gabriella_angelika
->Temp folder emptied: 726213716 bytes
->Temporary Internet Files folder emptied: 597752739 bytes
->Java cache emptied: 498296 bytes
->FireFox cache emptied: 22546236 bytes
->Google Chrome cache emptied: 387885108 bytes
->Flash cache emptied: 69693462 bytes

User: Guest
->Temp folder emptied: 1444326 bytes
->Temporary Internet Files folder emptied: 20480882 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 57155 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 703056 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 428738922 bytes
RecycleBin emptied: 162032000 bytes

Total Files Cleaned = 2,306.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08142013_123128

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


removed all programs fine and pc seems to be running better
  • 0

#8
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,409 posts
Hi Melint,

Thanks for let me know that the computer is running better, any redirects or pop-ups?

So far the programs used removed allot but we need to make sure everything is gone so I want you to run some more scans:


Step 1 - Custom OTL Scan

  • Execute OTL right click on the icon Posted Image and choose Run as Administrator. Make sure all other windows are closed.
    Posted Image
  • tick the following check box's:
    • Scan All Users
    • LOP Check
    • Purity Check
  • on the Posted Image box paste this:
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
    
  • Click the Run Scan button. Let the program run uninterrupted, the scan won't take long.
    • When the scan completes, it will open notepad with OTL.Txt. The file is saved on the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the file and post in your topic.

Step 2 - Malwarebytes Scan

Download Malwarebytes' Anti-Malware (MBAM)
  • execute mbam-setup and follow the prompts to install the program
  • on the last step of installation, be sure to:
    • check Update Malwarebytes' Anti-Malware
    • check Launch Malwarebytes' Anti-Malware
    • uncheck Enable free trial of Malwarebytes Anti-Malware Pro
  • click Finish
  • let the program update the definitions and then it will load
  • close all the other running programs, specially the Web browser
  • select the option Perform quick scan and click the Scan button
  • when the scan finish and some malware has found click the Show Results button to view the results
  • click the Save Log button, save the log to the Desktop
  • Notepad with open with the log (mbam-log-date (time).txt), please Copy & Paste the contents into your next reply
  • for now click Exit to close the program

Step 3 - Scan with ESET On-line Scanner

Download Eset On-line Scanner, run the tool and follow the prompts to install the program.
Posted Image
  • Make sure the options Remove found threats and Scan Archives are Not ticked.
  • Click on Advanced Settings, an check the options:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Disable your AntiVirus and AntiSpyware applications to speedup the scan
  • Click Start and then wait for the scan to finish (it will take some time).
    The virus signature database will begin to download and the Scan will start automatically. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once the scan is completed, close the program
  • Use Notepad to open the log file located at C:\Program Files/ESET/ESET Online Scanner\log.txt
  • Copy and paste the log contents to your reply
  • Enable your AntiVirus and AntiSpyware applications


Things I would like to see in your next reply:
  • The new OTL log
  • The MBAM log
  • The ESET log
  • Let me know how the computer is performing.

  • 0

#9
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
OTL logfile created on: 8/16/2013 8:47:36 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads\Software
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 66.71% Memory free
5.93 Gb Paging File | 4.74 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.75 Gb Total Space | 67.99 Gb Free Space | 51.60% Space Free | Partition Type: NTFS
Drive E: | 2.00 Gb Total Space | 1.96 Gb Free Space | 98.14% Space Free | Partition Type: NTFS

Computer Name: MELINDA | User Name: gabriella_angelika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/16 06:15:22 | 005,703,920 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2013/08/13 08:58:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Downloads\Software\OTL.exe
PRC - [2013/05/23 15:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/04/05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/04/05 12:58:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/04/05 12:58:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012/12/06 13:14:42 | 000,056,416 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/11/29 21:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/07/27 15:08:52 | 000,474,208 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012/07/27 15:03:40 | 000,724,576 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012/04/09 10:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2011/02/24 21:08:32 | 007,034,272 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2011/02/24 21:08:32 | 001,770,400 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/03/03 07:29:40 | 000,286,944 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\MyAgtTry.exe
PRC - [2010/01/12 14:27:35 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SAService.exe
PRC - [2009/12/03 19:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/09/09 12:51:22 | 000,221,024 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2009/08/25 11:57:52 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/25 11:57:44 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/30 16:49:34 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/30 16:49:34 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/27 18:32:56 | 000,076,344 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009/06/18 12:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2009/06/02 20:03:20 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
PRC - [2009/06/02 20:01:44 | 000,014,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
PRC - [2009/04/03 12:00:00 | 000,525,664 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/15 16:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007/08/28 15:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/12 08:20:10 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8c20095bd7d46cdfa7933eb258a07daa\Accessibility.ni.dll
MOD - [2013/07/12 08:19:35 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2012/12/12 00:32:26 | 005,025,792 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/10/05 05:53:24 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 05:53:24 | 000,630,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/24 21:08:36 | 000,022,944 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2011/02/24 20:39:00 | 000,658,432 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2011/02/15 13:16:44 | 007,187,456 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2011/02/15 13:15:58 | 000,325,632 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2011/02/15 13:15:52 | 001,954,304 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2011/02/15 13:15:52 | 000,847,360 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2011/02/15 12:25:30 | 000,119,808 | ---- | M] () -- C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll
MOD - [2010/11/04 20:58:09 | 000,385,024 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2009/07/30 16:49:52 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/06/17 14:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 14:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 14:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/08/28 15:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
MOD - [2007/08/28 15:06:54 | 000,910,624 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.dll


========== Services (SafeList) ==========

SRV - [2013/07/30 17:47:46 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/11 19:51:59 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/23 15:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/07/27 15:08:52 | 000,474,208 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/04/09 10:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/02/24 21:08:34 | 000,566,688 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/11/10 15:31:10 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/12 14:27:35 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\6173\SAService.exe -- (SiteAdvisor Service)
SRV - [2009/12/03 19:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/09/09 12:51:22 | 000,221,024 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2009/08/25 11:57:52 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/08/18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/30 16:49:34 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/06/18 12:07:06 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/13 13:13:20 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/02 20:03:20 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)
SRV - [2009/06/02 20:01:44 | 000,014,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/15 16:09:52 | 000,090,112 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - [2012/06/20 09:43:02 | 002,957,312 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/13 17:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 17:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/14 00:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/01/08 05:23:00 | 000,316,416 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/11/13 19:20:28 | 000,114,688 | ---- | M] (Ricoh co.,Ltd.) [2 MP series] [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U876.sys -- (5U876UVC)
DRV - [2009/08/18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 05:48:00 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/05/15 21:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/15 21:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/15 21:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/15 21:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/15 21:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/04/29 11:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{026DA1BB-1F63-488F-BAF2-EFA6E0473A77}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3877071108-993608342-3046881854-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
IE - HKU\S-1-5-21-3877071108-993608342-3046881854-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3877071108-993608342-3046881854-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3877071108-993608342-3046881854-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3877071108-993608342-3046881854-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3877071108-993608342-3046881854-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-21-3877071108-993608342-3046881854-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3877071108-993608342-3046881854-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3877071108-993608342-3046881854-1002\..\SearchScopes\{026DA1BB-1F63-488F-BAF2-EFA6E0473A77}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3877071108-993608342-3046881854-1002\..\SearchScopes\{0711B8F5-C453-4CE2-9556-F354188DFA10}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3877071108-993608342-3046881854-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-3877071108-993608342-3046881854-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3877071108-993608342-3046881854-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\gabriella_angelika\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\gabriella_angelika\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/05/15 21:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Extensions
[2013/08/14 12:32:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gabriella_angelika\AppData\Roaming\mozilla\Firefox\Profiles\6u4179qc.default\extensions
[2013/08/14 12:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/03 22:19:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/13 09:29:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/03 22:19:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/13 09:29:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ainkhhbgcdbenmmbaoacambbhjfgnmmm\2.0.3.8_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\apifmdobolibbidmcdlofnnenabonodd\1.0.0.2_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.10.2_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgmbighdoomjmebfbgplfmhcdbomjkoa\1.1.0.3_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggkljdkflooidjlkahdnfgodflkelkai\1.2_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiffdaigjahnndmjpkccgiklpmhkfckh\1.6.8.1_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\innimmmamipenpklmoafgkgidfhfemhb\1.3.2_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgeophbbmfgkjghdgfgelpipdoclljo\1.125_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.17_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeahddlmhbcabnnojadgimmiaaplfpfo\1.0.2_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlfohjgijhjlpidbbnmcdooegafnnnm\1.0_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb\4.3_0\
CHR - Extension: No name found = C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O3 - HKU\S-1-5-21-3877071108-993608342-3046881854-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.Exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe ()
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-3877071108-993608342-3046881854-1002..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3877071108-993608342-3046881854-1002..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3877071108-993608342-3046881854-1002..\Run: [Driver Pro] C:\Program Files\Driver Pro\DPLauncher.exe (PC Utilities Pro)
O4 - HKU\S-1-5-21-3877071108-993608342-3046881854-1002..\Run: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup File not found
O4 - HKU\S-1-5-21-3877071108-993608342-3046881854-1002..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-3877071108-993608342-3046881854-1002..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKU\S-1-5-21-3877071108-993608342-3046881854-1002..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\gabriella_angelika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FlipToast.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3877071108-993608342-3046881854-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3877071108-993608342-3046881854-1002\..Trusted Domains: netflix.com ([www] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0007EDE4-6FFB-4886-A88F-D56E861F267C}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94031C3B-6F7D-4837-8B68-5944900F9616}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.2.350.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{624ee89d-15f8-11e1-8ba1-70f3952a656b}\Shell - "" = AutoRun
O33 - MountPoints2\{624ee89d-15f8-11e1-8ba1-70f3952a656b}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
O33 - MountPoints2\{6ead9a0f-3e0b-11e0-b44b-70f3952a656b}\Shell - "" = AutoRun
O33 - MountPoints2\{6ead9a0f-3e0b-11e0-b44b-70f3952a656b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/15 08:42:46 | 000,000,000 | ---D | C] -- C:\windows\System32\MRT
[2013/08/15 08:36:18 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/08/15 08:36:16 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/08/15 08:36:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/08/15 08:36:14 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/08/15 08:36:13 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/08/15 08:36:11 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/08/15 08:36:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/08/15 08:36:10 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/08/15 08:36:10 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/08/15 08:36:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/08/14 14:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/08/14 14:30:34 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/08/14 12:58:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/14 12:45:36 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/08/14 12:43:03 | 001,158,897 | ---- | C] (Thisisu) -- C:\Users\gabriella_angelika\Desktop\JRT.exe
[2013/08/14 12:31:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/14 12:20:05 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2013/08/14 12:20:04 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2013/08/14 12:19:58 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2013/08/14 12:19:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2013/08/13 09:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/08/13 08:58:20 | 000,000,000 | ---D | C] -- C:\Downloads
[2013/08/11 16:42:03 | 000,000,000 | ---D | C] -- C:\Users\gabriella_angelika\AppData\Roaming\Free Download Manager
[2013/08/11 16:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2013/08/11 16:41:56 | 000,000,000 | ---D | C] -- C:\Program Files\Free Download Manager
[2013/08/09 07:27:47 | 000,000,000 | ---D | C] -- C:\Users\gabriella_angelika\AppData\Roaming\SUPERAntiSpyware.com
[2013/08/09 07:27:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/08/09 07:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/08/09 07:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/08/07 14:38:20 | 000,000,000 | R--D | C] -- C:\Users\gabriella_angelika\Desktop\jenny's pic from iphone
[2013/08/02 12:55:52 | 000,000,000 | R--D | C] -- C:\Users\gabriella_angelika\Desktop\Melin's Iphone pics
[2013/08/02 12:50:59 | 000,000,000 | R--D | C] -- C:\Users\gabriella_angelika\Desktop\Ella's video's
[2013/08/02 12:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

========== Files - Modified Within 30 Days ==========

[2013/08/16 08:51:05 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/08/16 08:49:00 | 000,000,960 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3877071108-993608342-3046881854-1002UA.job
[2013/08/16 08:41:15 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/16 08:41:15 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/16 08:33:10 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/08/16 08:32:23 | 2387,816,448 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/16 06:54:00 | 000,000,968 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3877071108-993608342-3046881854-1004UA.job
[2013/08/15 22:54:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3877071108-993608342-3046881854-1004Core.job
[2013/08/15 16:29:50 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3877071108-993608342-3046881854-1002Core.job
[2013/08/15 08:39:51 | 000,660,546 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/08/15 08:39:51 | 000,121,442 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/08/14 18:07:03 | 000,000,372 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForgabriella_angelika.job
[2013/08/14 12:57:16 | 000,800,594 | ---- | M] () -- C:\Users\gabriella_angelika\Desktop\adwcleaner.exe
[2013/08/14 12:43:09 | 001,158,897 | ---- | M] (Thisisu) -- C:\Users\gabriella_angelika\Desktop\JRT.exe
[2013/08/14 12:38:53 | 000,000,884 | RHS- | M] () -- C:\Users\gabriella_angelika\ntuser.pol
[2013/08/13 10:42:25 | 000,001,048 | ---- | M] () -- C:\Users\gabriella_angelika\Desktop\OTL - Shortcut.lnk
[2013/08/13 09:29:58 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/08/11 16:42:03 | 000,000,985 | ---- | M] () -- C:\Users\gabriella_angelika\Desktop\Free Download Manager.lnk
[2013/08/10 13:56:55 | 000,458,648 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/08/09 07:27:45 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/02 12:43:30 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/07/25 22:13:37 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ie4uinit.exe
[2013/07/25 22:12:22 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/07/25 22:12:05 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/07/25 22:12:04 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/07/25 22:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/07/25 22:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesysprep.dll
[2013/07/25 22:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iesetup.dll
[2013/07/25 22:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iernonce.dll
[2013/07/25 21:49:14 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/07/25 20:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\RegisterIEPKEYs.exe
[2013/07/25 03:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\WMVDECOD.DLL
[2013/07/18 20:41:01 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\tzres.dll

========== Files Created - No Company Name ==========

[2013/08/14 12:57:12 | 000,800,594 | ---- | C] () -- C:\Users\gabriella_angelika\Desktop\adwcleaner.exe
[2013/08/13 10:42:25 | 000,001,048 | ---- | C] () -- C:\Users\gabriella_angelika\Desktop\OTL - Shortcut.lnk
[2013/08/13 09:29:58 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/08/13 09:29:58 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/08/11 16:42:03 | 000,000,985 | ---- | C] () -- C:\Users\gabriella_angelika\Desktop\Free Download Manager.lnk
[2013/08/09 07:27:45 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/08/02 12:43:30 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/08/02 12:43:30 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/05/15 20:50:19 | 000,000,884 | RHS- | C] () -- C:\Users\gabriella_angelika\ntuser.pol
[2011/08/06 11:49:49 | 000,001,849 | ---- | C] () -- C:\Users\gabriella_angelika\AppData\Roaming\GhostObjGAFix.xml
[2010/12/27 20:16:18 | 000,018,432 | ---- | C] () -- C:\Users\gabriella_angelika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/10 20:23:46 | 000,000,902 | ---- | C] () -- C:\Users\gabriella_angelika\AppData\Local\recently-used.xbel
[2010/11/08 20:11:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/12/10 20:12:47 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\com.w3i.FlipToast
[2013/05/15 20:50:36 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\Driver Pro
[2013/08/14 12:45:50 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\Free Download Manager
[2010/12/10 20:23:46 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\gtk-2.0
[2010/11/09 15:58:55 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\ooVoo Details
[2013/05/15 15:43:21 | 000,000,000 | ---D | M] -- C:\Users\gabriella_angelika\AppData\Roaming\player

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/13 20:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/26 23:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/13 20:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 07:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 07:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/17 00:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 16:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 07:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 07:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 00:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/13 20:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/13 20:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 07:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/13 20:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/13 20:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/13 20:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/03 11:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/13 20:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 05:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 00:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 00:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/13 20:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 07:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 07:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/13 20:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/17 00:29:50 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/13 20:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 07:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 07:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 07:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 07:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/04/30 23:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 07:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 07:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 07:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 07:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 07:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 07:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 07:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 07:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/13 20:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 17:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 07:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/13 20:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 07:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/10/06 01:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2009/10/06 00:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 16:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 16:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CFG >
[2013/05/11 05:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DAT >
[2013/08/14 03:02:46 | 000,002,277 | ---- | M] () MD5=CDAADD27C88D90127C060CB59607EE77 -- C:\Users\gabriella_angelika\AppData\Local\Temp\jrt\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/13 20:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 21:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/13 21:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 23:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/09/20 23:47:23 | 000,000,390 | ---- | M] () MD5=463473DA5F0A92BF130DDFD38015069D -- C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\5USE5QAW\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 16:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 16:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/13 21:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2013/06/17 13:14:11 | 000,000,653 | ---- | M] () MD5=F4FFE88C8F84EE82D9EB026D42F449D4 -- C:\Users\gabriella_angelika\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\i\menu\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 15:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 15:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SERVICES.PY >
[2013/01/01 00:18:02 | 000,006,704 | ---- | M] () MD5=0DEC7DB0E7E9F21FF6F499AD1EC8965F -- C:\Program Files\Plex\Plex Media Server\Resources\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\handlers\services.py
[2013/01/01 00:18:00 | 000,031,889 | ---- | M] () MD5=0F9F5A4590CEB9839BDD4AF11556A8EF -- C:\Program Files\Plex\Plex Media Server\Resources\Plug-ins\Framework.bundle\Contents\Resources\Versions\2\Python\Framework\components\services.py

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is F6BF-07A3
Directory of C:\
07/13/2009 11:53 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:53 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Administrator
05/02/2013 05:20 PM <JUNCTION> Application Data [C:\Users\Administrator\AppData\Roaming]
05/02/2013 05:20 PM <JUNCTION> Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
05/02/2013 05:20 PM <JUNCTION> Local Settings [C:\Users\Administrator\AppData\Local]
05/02/2013 05:20 PM <JUNCTION> My Documents [C:\Users\Administrator\Documents]
05/02/2013 05:20 PM <JUNCTION> NetHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/02/2013 05:20 PM <JUNCTION> PrintHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/02/2013 05:20 PM <JUNCTION> Recent [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
05/02/2013 05:20 PM <JUNCTION> SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
05/02/2013 05:20 PM <JUNCTION> Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
05/02/2013 05:20 PM <JUNCTION> Templates [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Administrator\AppData\Local
05/02/2013 05:20 PM <JUNCTION> Application Data [C:\Users\Administrator\AppData\Local]
05/02/2013 05:20 PM <JUNCTION> History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
05/02/2013 05:20 PM <JUNCTION> Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Administrator\Documents
05/02/2013 05:20 PM <JUNCTION> My Music [C:\Users\Administrator\Music]
05/02/2013 05:20 PM <JUNCTION> My Pictures [C:\Users\Administrator\Pictures]
05/02/2013 05:20 PM <JUNCTION> My Videos [C:\Users\Administrator\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:53 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 11:53 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:53 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:53 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:53 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:53 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:53 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:53 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:53 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:53 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\gabriella_angelika
11/08/2010 07:43 PM <JUNCTION> Application Data [C:\Users\gabriella_angelika\AppData\Roaming]
11/08/2010 07:43 PM <JUNCTION> Cookies [C:\Users\gabriella_angelika\AppData\Roaming\Microsoft\Windows\Cookies]
11/08/2010 07:43 PM <JUNCTION> Local Settings [C:\Users\gabriella_angelika\AppData\Local]
11/08/2010 07:43 PM <JUNCTION> My Documents [C:\Users\gabriella_angelika\Documents]
11/08/2010 07:43 PM <JUNCTION> NetHood [C:\Users\gabriella_angelika\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/08/2010 07:43 PM <JUNCTION> PrintHood [C:\Users\gabriella_angelika\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/08/2010 07:43 PM <JUNCTION> Recent [C:\Users\gabriella_angelika\AppData\Roaming\Microsoft\Windows\Recent]
11/08/2010 07:43 PM <JUNCTION> SendTo [C:\Users\gabriella_angelika\AppData\Roaming\Microsoft\Windows\SendTo]
11/08/2010 07:43 PM <JUNCTION> Start Menu [C:\Users\gabriella_angelika\AppData\Roaming\Microsoft\Windows\Start Menu]
11/08/2010 07:43 PM <JUNCTION> Templates [C:\Users\gabriella_angelika\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\gabriella_angelika\AppData\Local
11/08/2010 07:43 PM <JUNCTION> Application Data [C:\Users\gabriella_angelika\AppData\Local]
11/08/2010 07:43 PM <JUNCTION> History [C:\Users\gabriella_angelika\AppData\Local\Microsoft\Windows\History]
11/08/2010 07:43 PM <JUNCTION> Temporary Internet Files [C:\Users\gabriella_angelika\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\gabriella_angelika\AppData\LocalLow
01/11/2012 01:24 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\gabriella_angelika\Documents
11/08/2010 07:43 PM <JUNCTION> My Music [C:\Users\gabriella_angelika\Music]
11/08/2010 07:43 PM <JUNCTION> My Pictures [C:\Users\gabriella_angelika\Pictures]
11/08/2010 07:43 PM <JUNCTION> My Videos [C:\Users\gabriella_angelika\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
03/18/2011 06:36 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
03/18/2011 06:36 PM <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
03/18/2011 06:36 PM <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
03/18/2011 06:36 PM <JUNCTION> My Documents [C:\Users\Guest\Documents]
03/18/2011 06:36 PM <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
03/18/2011 06:36 PM <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
03/18/2011 06:36 PM <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
03/18/2011 06:36 PM <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
03/18/2011 06:36 PM <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
03/18/2011 06:36 PM <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
03/18/2011 06:36 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
03/18/2011 06:36 PM <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
03/18/2011 06:36 PM <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
03/18/2011 06:36 PM <JUNCTION> My Music [C:\Users\Guest\Music]
03/18/2011 06:36 PM <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
03/18/2011 06:36 PM <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:53 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:53 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:53 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
83 Dir(s) 72,808,325,120 bytes free

< End of report >
  • 0

#10
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.16.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
gabriella_angelika :: MELINDA [administrator]

8/16/2013 9:07:47 AM
MBAM-log-2013-08-16 (09-17-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 287859
Time elapsed: 9 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{18FD5330-A5FC-43D2-8B96-7EA1C50F526F} (PUP.OPtional.LyricsAd) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18FD5330-A5FC-43D2-8B96-7EA1C50F526F} (PUP.OPtional.LyricsAd) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\gabriella_angelika\AppData\Roaming\player (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages (PUP.Optional.VPLMedia.A) -> No action taken.

Files Detected: 127
C:\Users\gabriella_angelika\Downloads\Setup(16).exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\playlist.vpl (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\config.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_193.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_199.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_200.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_201.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_204.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_219.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_221.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_224.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_268.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_28.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_34.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_37.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_49.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_57.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_86.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_99.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_103.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_11.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_120.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_121.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_122.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_123.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_124.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_125.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_126.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_127.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_136.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_137.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_140.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_141.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_149.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_150.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_160.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_165.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_181.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_191.png (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\AxInterop.WMPLib.dll (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\ComponentFactory.Krypton.Toolkit.dll (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\FileBrowser.dll (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\Interop.WMPLib.dll (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\libreria.ico (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\Newtonsoft.Json.dll (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\UltraID3Lib.dll (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\Uninstall.exe (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\uninstall.ico (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\VAFPlayer.exe (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\VAFPlayer.exe.config (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\VAFPlayer.InstallState (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\VAFUpdate.exe (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\wmp.dll (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Estonian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Indonesian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Russian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Arabic.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Arabic.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Bulgarian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Bulgarian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Catalan.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Catalan.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Chinese (Simplified).gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Chinese (Simplified).ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Chinese (Traditional).gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Chinese (Traditional).ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Czech.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Czech.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Danish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Danish.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Dutch.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Dutch.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\English.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\English.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Indonesian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Italian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Italian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Japanese.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Japanese.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Korean.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Korean.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Latvian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Latvian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Lithuanian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Lithuanian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Norwegian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Norwegian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Polish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Polish.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Portuguese.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Portuguese.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Romanian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Romanian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Russian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Slovak.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Slovak.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Slovenian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Slovenian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Spanish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Spanish.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Swedish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Swedish.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Thai.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Thai.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Turkish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Turkish.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Ukrainian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Ukrainian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Vietnamese.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Vietnamese.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Estonian.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Finnish.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Finnish.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\French.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\French.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\German.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\German.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Greek.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Greek.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Haitian Creole.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Haitian Creole.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hebrew.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hebrew.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hindi.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hindi.ini (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hungarian.gif (PUP.Optional.VPLMedia.A) -> No action taken.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hungarian.ini (PUP.Optional.VPLMedia.A) -> No action taken.

(end)
  • 0

Advertisements


#11
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
[email protected] as downloader log:
all ok


pc is running good, no pop ups no redirects
  • 0

#12
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,409 posts
Hi Melint,

Thanks for the logs. Malwarebytes found a bad program that need to go and I have one more step for you...

Step 1 - Clean with Malwarebytes
  • close all the other running programs, specially the Web browser
  • execute Malwarebytes Posted Image again
  • lets make sure the program is updated, click on tab Update next click the Check for Updates button
  • return to the Scanner tab and select the option Perform quick scan then click the Scan button
  • when the scan finish click the Show Results button to view the results
  • make sure that everything listed is Checked (right click and choose Select All) then click on the Remove Selected button
  • after the removal process Notepad with open showing the log, please Copy & Paste the contents into your next reply
Notes:
- If MBAM encounters a file that is difficult to remove, you will be presented with some prompts, click OK to accept them and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately;
- after restart you can find the MBAM log executing the program again and accessing the Logs tab, make sure you select the more recent one and click Open then Copy & Paste the log contents into your next reply;

Step 2 - Security Check

Download Security Check by Screen317 from here or here.
  • Save it to the Desktop.
  • Right click on the icon Posted Image and choose Run as Administrator. Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I would like to see in your next reply:
  • The MBAM log
  • The checkup.txt log

  • 0

#13
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.19.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
gabriella_angelika :: MELINDA [administrator]

8/19/2013 10:18:51 AM
mbam-log-2013-08-19 (10-18-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288694
Time elapsed: 9 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{18FD5330-A5FC-43D2-8B96-7EA1C50F526F} (PUP.OPtional.LyricsAd) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{18FD5330-A5FC-43D2-8B96-7EA1C50F526F} (PUP.OPtional.LyricsAd) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{976D7863-9E6C-4066-8C67-0993DB9DE35F} (PUP.Optional.WebLayers) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{976D7863-9E6C-4066-8C67-0993DB9DE35F} (PUP.Optional.WebLayers) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\gabriella_angelika\AppData\Roaming\player (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.

Files Detected: 128
C:\Users\gabriella_angelika\Downloads\FLVPlayerSetup.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\Downloads\Setup(16).exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\playlist.vpl (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\config.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_193.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_199.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_200.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_201.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_204.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_219.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_221.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_224.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_268.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_28.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_34.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_37.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_49.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_57.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_86.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_99.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_103.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_11.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_120.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_121.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_122.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_123.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_124.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_125.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_126.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_127.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_136.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_137.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_140.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_141.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_149.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_150.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_160.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_165.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_181.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Users\gabriella_angelika\AppData\Roaming\player\images\channel_ld_191.png (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\AxInterop.WMPLib.dll (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\ComponentFactory.Krypton.Toolkit.dll (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\FileBrowser.dll (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\Interop.WMPLib.dll (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\libreria.ico (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\Newtonsoft.Json.dll (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\UltraID3Lib.dll (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\Uninstall.exe (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\uninstall.ico (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\VAFPlayer.exe (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\VAFPlayer.exe.config (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\VAFPlayer.InstallState (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\VAFUpdate.exe (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\wmp.dll (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Estonian.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Indonesian.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Russian.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Arabic.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Arabic.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Bulgarian.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Bulgarian.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Catalan.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Catalan.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Chinese (Simplified).gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Chinese (Simplified).ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Chinese (Traditional).gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Chinese (Traditional).ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Czech.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Czech.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Danish.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Danish.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Dutch.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Dutch.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\English.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\English.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Indonesian.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Italian.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Italian.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Japanese.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Japanese.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Korean.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Korean.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Latvian.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Latvian.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Lithuanian.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Lithuanian.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Norwegian.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Norwegian.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Polish.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Polish.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Portuguese.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Portuguese.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Romanian.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Romanian.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Russian.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Slovak.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Slovak.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Slovenian.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Slovenian.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Spanish.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Spanish.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Swedish.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Swedish.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Thai.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Thai.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Turkish.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Turkish.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Ukrainian.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Ukrainian.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Vietnamese.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Vietnamese.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Estonian.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Finnish.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Finnish.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\French.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\French.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\German.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\German.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Greek.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Greek.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Haitian Creole.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Haitian Creole.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hebrew.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hebrew.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hindi.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hindi.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hungarian.gif (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.
C:\Program Files\Tuguu SL\VAFPlayer\languages\Hungarian.ini (PUP.Optional.VPLMedia.A) -> Quarantined and deleted successfully.

(end)
  • 0

#14
melint

melint

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 166 posts
Results of screen317's Security Check version 0.99.72
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee® Total Protection™ for Small Business
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
McAfee Virus and Spyware Protection Service
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Adobe Reader XI
Mozilla Firefox (23.0.1)
Google Chrome 28.0.1500.72
Google Chrome 28.0.1500.95
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
McAfee Managed VirusScan Agent myAgtSvc.Exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#15
SleepyDude

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,409 posts
Hi,

Can you please confirm that your Antivirus McAfee have the Real-time Protection Enabled and is updated? or is your license over?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP