Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Phishing Malware Issue? (Stolen personal information) [Closed]

Started by Steric , Aug 21 2013 07:42 AM

  • This topic is locked This topic is locked

#1
Steric
Posted 21 August 2013 - 07:42 AM

Steric

    Member

  • Member
  • PipPip
  • 47 posts
I was contacted by my bank about fraudulent activity on my account and told that I should have my PC checked out (since I utilize online banking tools) for potential virus/malware/spyware/phishing tools etc.

Here's my OTL scan logs (2)




OTL logfile created on: 21/08/2013 9:14:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nat and pat\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 62.10% Memory free
7.49 Gb Paging File | 5.93 Gb Available in Paging File | 79.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 4.96 Gb Free Space | 1.67% Space Free | Partition Type: NTFS

Computer Name: STONEPC | User Name: nat and pat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/08/21 09:14:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nat and pat\Downloads\OTL.exe
PRC - [2013/08/17 20:14:40 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/07/20 08:59:42 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/23 04:25:06 | 002,744,960 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/17 20:14:40 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/07/20 08:59:42 | 016,166,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2010/01/21 04:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 23:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/26 10:25:51 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/03/21 16:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Disabled | Stopped] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV:64bit: - [2010/09/27 09:37:32 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2009/06/25 23:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013/08/17 20:14:40 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/31 09:20:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/11 21:49:40 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/05 12:22:08 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/19 13:55:37 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/04 00:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/06/05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012/03/27 16:48:00 | 000,398,112 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 01:26:10 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2011/12/21 00:32:42 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/03/21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)
DRV:64bit: - [2011/03/21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)
DRV:64bit: - [2011/03/21 16:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/27 14:26:04 | 000,131,072 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2010/07/27 10:36:22 | 000,075,648 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/26 00:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/26 00:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2000/01/01 03:00:00 | 000,442,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2652911

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 73 CF F4 AA 35 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\URLSearchHook: {da81b294-ed20-46ec-946b-565d182f3be1} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....sa&d=2012-07-26 12:48:17&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{B8FD7E37-F1BA-44F0-B336-7874CE764208}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: %7Bef79f67a-6ad7-4715-a0f8-932fca442023%7D:3.19.0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\nat and pat\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nat and pat\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nat and pat\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/27 12:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nat and pat\AppData\Roaming\mozilla\Extensions
[2013/07/17 09:13:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nat and pat\AppData\Roaming\mozilla\Firefox\Profiles\hyszd5vv.default\extensions
[2013/07/17 09:13:57 | 000,000,000 | ---D | M] (BittorrentBar_FR Community Toolbar) -- C:\Users\nat and pat\AppData\Roaming\mozilla\Firefox\Profiles\hyszd5vv.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}
[2013/08/17 20:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/17 20:14:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/17 20:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/17 20:14:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/17 20:14:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/03 14:33:38 | 000,003,771 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: https://isearch.avg....sa&d=2012-07-26 12:48:17&v=12.1.0.21&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\nat and pat\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\nat and pat\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\nat and pat\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\nat and pat\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\nat and pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\nat and pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\nat and pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DA81B294-ED20-46EC-946B-565D182F3BE1} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CCBBA98-69AA-4522-8B07-79EE9A8091A4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ee887f69-30f1-11e1-ace1-001fe2fb4074}\Shell - "" = AutoRun
O33 - MountPoints2\{ee887f69-30f1-11e1-ace1-001fe2fb4074}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/17 21:55:43 | 000,000,000 | R--D | C] -- C:\Users\nat and pat\Dropbox
[2013/08/17 21:52:45 | 000,000,000 | ---D | C] -- C:\Users\nat and pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2013/08/17 21:50:48 | 000,000,000 | ---D | C] -- C:\Users\nat and pat\AppData\Roaming\Dropbox
[2013/08/17 20:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/14 07:28:12 | 000,000,000 | ---D | C] -- C:\b7d6cffc66e54261f7f3b0b346703bf1
[2013/08/14 07:26:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/30 19:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/21 08:45:35 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/21 08:45:35 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/21 08:37:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/21 08:37:44 | 3217,219,584 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/20 23:37:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1586680591-300540452-3325560610-1000UA.job
[2013/08/20 23:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/17 15:58:36 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/17 15:58:36 | 000,660,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/17 15:58:36 | 000,121,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/16 18:10:47 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1586680591-300540452-3325560610-1000Core.job
[2013/08/16 15:08:23 | 000,000,035 | ---- | M] () -- C:\Users\nat and pat\Documents\std.out
[2013/08/06 16:28:16 | 000,315,272 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/08/03 00:32:35 | 000,773,522 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/02 14:28:12 | 000,000,000 | -H-- | M] () -- C:\Users\nat and pat\Documents\Default.rdp
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/02 14:28:12 | 000,000,000 | -H-- | C] () -- C:\Users\nat and pat\Documents\Default.rdp
[2013/06/21 13:30:06 | 000,001,456 | ---- | C] () -- C:\Users\nat and pat\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/01/24 01:04:59 | 000,000,036 | ---- | C] () -- C:\Users\nat and pat\AppData\Local\housecall.guid.cache
[2012/11/13 16:22:27 | 000,000,072 | ---- | C] () -- C:\Windows\JascCmdStandard.INI
[2012/07/27 14:17:44 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 14:17:43 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/07/27 14:17:34 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/07/26 12:32:07 | 000,773,522 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/27 13:34:54 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2012/02/17 12:54:00 | 000,000,160 | ---- | C] () -- C:\Windows\{505AFDC0-5E72-4928-8368-5DEA385E3647}.ini
[2012/02/17 12:54:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\{505AFDC0-5E72-4928-8368-5DEA385E3647}.ini
[2011/11/25 20:29:27 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011/10/26 21:15:55 | 000,315,272 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/10/26 21:11:30 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/15 19:48:39 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\Audacity
[2012/09/26 14:37:01 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\Autodesk
[2013/08/21 08:39:12 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\BitTorrent
[2012/10/08 18:48:05 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\CADopia Standard 12
[2011/10/07 11:32:20 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/09/29 21:47:12 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\CMS
[2011/10/26 23:16:20 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/26 11:37:31 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/10/07 10:51:15 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/11/19 14:05:58 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\DAEMON Tools Pro
[2011/09/26 20:38:26 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\Dev-Cpp
[2013/08/19 15:59:06 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\Dropbox
[2012/03/27 13:35:34 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\Final Draft
[2011/11/09 14:10:16 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\GetRightToGo
[2013/02/09 21:15:35 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\MAGIX
[2012/04/04 18:08:08 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\ManyCam
[2012/12/02 00:08:29 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\Maple
[2012/06/18 14:42:27 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\ooVoo Details
[2011/10/26 21:11:30 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\PACE Anti-Piracy
[2013/06/21 11:46:49 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\PDAppFlex
[2012/10/16 00:30:16 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\PTC
[2011/06/13 21:02:23 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\Sayglo
[2011/10/26 21:12:46 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/02/24 00:50:25 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\TuneUp Software
[2011/10/26 12:23:02 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1129 bytes -> C:\Users\nat and pat\AppData\Local\UO9jSuZxyhQ1:kS1Dkc6CRmieUpO0J8dkY5TR
@Alternate Data Stream - 1113 bytes -> C:\ProgramData\Microsoft:NQjZVg3qRdDhDrlzJou2CxnFiQ
@Alternate Data Stream - 1094 bytes -> C:\Program Files\Common Files\Microsoft Shared:LuyCvpldrpqJId4ekpk
@Alternate Data Stream - 1052 bytes -> C:\ProgramData\Microsoft:jqBCtDYRbhva17miwlsfbru7M

< End of report >




OTL Extras logfile created on: 21/08/2013 9:14:53 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nat and pat\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 62.10% Memory free
7.49 Gb Paging File | 5.93 Gb Available in Paging File | 79.12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 4.96 Gb Free Space | 1.67% Space Free | Partition Type: NTFS

Computer Name: STONEPC | User Name: nat and pat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.scr [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C11D59-4819-47BC-A003-80D3A248A099}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0C59038F-C6BE-4286-A53C-36C25FB14D30}" = lport=137 | protocol=17 | dir=in | app=system |
"{1CDED9E2-AFD1-493E-975F-237073606F96}" = lport=138 | protocol=17 | dir=in | app=system |
"{30915D9E-0ACF-4EB9-AEBF-45B0D5C70CD8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{37764DCD-FBD9-415C-ACB1-94D88AD3C9FC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{37EC1141-D89C-4EAD-BB41-CE65B75931F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{555E3E4B-E20E-4EF0-BA47-6FEA8BEB378E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59CD1DBE-3642-4DC5-8B8F-F14C61BC8A67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5A76B5E1-A73B-4D35-91BA-730EC0AE5178}" = rport=137 | protocol=17 | dir=out | app=system |
"{61D3F7DE-19CC-4D93-94F2-8E43175D96B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{66A84A9F-5DB0-43A8-8D62-291DEEADA36E}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{67E6246A-7026-4FC3-9799-6694BE6C2D05}" = lport=2832 | protocol=6 | dir=in | name=tcp 2832 |
"{8CBC5E0A-0846-44AA-88EA-6DFF10F45CEF}" = lport=139 | protocol=6 | dir=in | app=system |
"{90F7D4E1-C19E-4587-B678-1CFF2F28DCB9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92F4D1EC-9D36-4B61-BB81-4C930724F244}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{947358D5-BC67-499A-9AB2-1A1C02CA3F28}" = rport=10243 | protocol=6 | dir=out | app=system |
"{97949F27-E6B4-42DE-B02B-B340084C07CE}" = rport=138 | protocol=17 | dir=out | app=system |
"{9D1D98B8-A8D8-454D-AC7A-DB8E4FAE64BC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9D8B7442-B52D-4CEE-86B0-86E245992755}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A056E1DD-0F86-40CC-9975-0F97BD5C53AC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A471AF48-B00D-40B2-8F5E-813C76AF582A}" = lport=445 | protocol=6 | dir=in | app=system |
"{A566241C-A8C0-4287-A73E-99D993AA3F5A}" = rport=139 | protocol=6 | dir=out | app=system |
"{A7F51FA9-8C63-4E12-AF42-7E7D5C400702}" = rport=445 | protocol=6 | dir=out | app=system |
"{DDB328EB-C92D-43F1-9463-4C1A5B28C0F8}" = lport=1472 | protocol=6 | dir=in | name=tcp 1472 |
"{E29AFAB1-6BB5-4CDE-AF58-D3EB33972501}" = lport=2996 | protocol=17 | dir=in | name=udp 2996 |
"{E85350EC-FF42-4178-ADF4-89B7196A5588}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EDB5C882-996E-4702-962F-C3C89D859D8E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEC2CEDE-6EA9-4E0E-9197-52EDEEE35A08}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F3EDE6B5-7308-426C-8710-F06473AD84EA}" = lport=5367 | protocol=17 | dir=in | name=udp 5367 |
"{FEF1A11C-CE4F-4C3B-9A2C-EAA69CBF2071}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F5317F-2F7D-4FEE-990C-D327D6398C12}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{059BE16C-E06D-4481-9E79-E46B750EF0AD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{082D00A6-7ED4-44BB-8C40-2B7EAA01CC4F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{0C50C03A-8A82-4610-8A10-A4E7C27196BB}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{0E6D74CC-AA9C-4BC8-91BA-89DF11FEFAB6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{1242713D-9A99-4391-93E0-9CAC261001DF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{13350E6C-6CE4-435F-8C9F-9F89B5D74150}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1A688C8E-C597-4A78-8B6B-9E2164635067}" = dir=in | app=rosettastoneversion3.exe |
"{1ABE6DDE-12DA-44B7-9F71-6A1B14574A22}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1DFED128-6025-4A25-A252-1DF8A8406450}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{1E7D01C2-8445-4BCB-A4CE-A54C162CBE0F}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{2500422E-9E96-491D-85D1-5F9743ADF4CA}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{25CFFAFF-B4A0-4676-9435-18DF0D023056}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2658BD56-48CC-4C18-99E7-086268CC399B}" = dir=in | app=support inrosettastoneltdservices.exe |
"{294E52A3-EDCD-49DF-B59F-7411E87DCF0F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{296971DE-51EA-4EAF-8AF5-FBBF7A4CFFB9}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{33C59E93-8A2B-48A7-9BAC-AA69218137CD}" = dir=in | app=c:\program files (x86)\ptc\pvx\i486_nt\obj\productview.exe |
"{34C578EA-BBED-4A02-AD96-E1A89505D121}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{3572BBBA-877F-4D2D-8022-F43C67AD235A}" = protocol=6 | dir=in | app=c:\users\nat and pat\appdata\roaming\spotify\spotify.exe |
"{359F82AE-7D24-4B7F-A525-08E0C679B0D5}" = dir=in | app=c:\users\nat and pat\appdata\local\microsoft\skydrive\skydrive.exe |
"{3B08C205-1481-404E-9F50-33BDED1E7D3D}" = protocol=17 | dir=in | app=c:\users\nat and pat\appdata\roaming\spotify\spotify.exe |
"{3B461349-FDBA-41EC-9857-CD6B84E34895}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3BB52765-BCB1-4299-9A70-EE1880428493}" = protocol=6 | dir=in | app=c:\windows\system32\hasplms.exe |
"{42B29A94-6767-458B-95D7-0DD76E675CC6}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{4475F492-0DE3-4EA9-A193-037C7CF01DAF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{46B08746-ABEE-48AA-821A-0EAC16AC1F99}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{4B2023CA-C669-48FC-9DD3-3C715862325E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{542BA827-11E1-4FEC-AA10-C0D3B8D81FA1}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{555BED48-D65E-4B10-A0A4-4B3E486CF5E8}" = protocol=6 | dir=out | app=support inrosettastoneltdservices.exe |
"{560BCC08-7318-42C0-930F-D8565CDE661F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{569321AC-8964-4E6C-B998-2EB996426A60}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{593D15E1-743A-4B32-867A-724EF05F8AAE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64DD2737-5130-4171-A590-BB4525C8BA9C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6A09471A-9A60-41A2-843A-EFEC107349E4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6BD6741D-8ABB-4236-9D71-0EF73D838961}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{705FDF56-0338-4A6B-A946-4B283B622472}" = protocol=17 | dir=in | app=c:\program files (x86)\cms\intellicad 7.1 standard\icad.exe |
"{712266B7-546E-486E-9850-1AD36201E0B1}" = protocol=6 | dir=in | app=c:\program files (x86)\cms\intellicad 7.1 standard\icad.exe |
"{71F552F6-6AB3-4538-BEB6-0E4B9184FE70}" = protocol=6 | dir=in | app=c:\users\nat and pat\appdata\local\microsoft\windows\temporary internet files\content.ie5\kjldadn1\cnet_installspeedfan444_exe.exe |
"{77D10EEE-AA56-483B-81D6-D3DEA86734D0}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-x.x.x.x-4.0.0.12911-downloader.exe |
"{7CB36240-6595-4E26-B313-39B74E7B2750}" = protocol=17 | dir=in | app=c:\users\nat and pat\appdata\local\microsoft\windows\temporary internet files\content.ie5\kjldadn1\cnet_installspeedfan444_exe.exe |
"{8090389E-CE25-4E4C-8E84-65F3F287CB52}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{83187208-0137-49F4-9F85-3F9FB4EBEBB4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{8578CD2F-E7C2-4FEE-8CF0-07AD6C9799F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8A8B4C8E-ECD7-4B07-9CC9-6EE3174260FD}" = protocol=17 | dir=in | app=c:\windows\system32\hasplms.exe |
"{8CBE6500-23EB-417C-AE6A-6B090D299085}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8F26A058-2B03-48BE-B1BC-5E0E3E03A8CF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F7AF6D1-497C-4558-944A-A4D0B743E2D2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9179970D-8210-4157-A35F-1EC3A02118EC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{9299FC9A-EDB5-4411-A85D-66F5434D82DE}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{935A71D7-5739-445D-BCB2-A416B6457A55}" = protocol=6 | dir=in | app=c:\users\nat and pat\appdata\roaming\dropbox\bin\dropbox.exe |
"{9452428C-9829-4B79-B0D0-F11ADEAE6C93}" = protocol=1 | dir=in | [email protected],-28543 |
"{984E3E03-E585-4357-A3D1-F80E18D33CB2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{9AB97810-6076-4178-8497-88794DD33B0B}" = protocol=17 | dir=in | app=c:\users\nat and pat\appdata\roaming\dropbox\bin\dropbox.exe |
"{9D607C94-E923-424A-9D7C-AB92F53C38DA}" = protocol=6 | dir=out | app=system |
"{A41F0C07-6AF5-4F36-AB38-B484AF03425A}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{AA4DD297-071E-452F-9E97-711CC5D3DA45}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{ACEBE567-E28B-4F02-8767-54D15E29294B}" = protocol=6 | dir=in | app=c:\program files (x86)\cms\intellicad 7.1 standard\icad.exe |
"{AD94356C-6540-46D9-970D-879970FE37E8}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{AFBDB21D-4B90-4A1D-B8DA-04FB41BB6BDD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B04B7059-E9C9-4E74-9165-C75EEE63F581}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B1187B70-05AF-4185-B984-3919B11259EC}" = protocol=17 | dir=in | app=c:\program files (x86)\cms\intellicad 7.1 standard\icad.exe |
"{B18170E9-DDBB-45F1-8782-CBAF967BE247}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{B583E2FE-EED2-4E52-8591-8A818E95E260}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{BA4A6978-EB4B-4B7C-A4CF-9767E7718EAE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BDB7F14C-211A-4529-8CC5-6B1E39A6E63D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{C689B9C5-8FE8-44F4-A652-81E321641BB8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C726AB95-67CE-407F-8A15-2C851A0B8402}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CB1B9891-18CB-439F-935B-8B1E80794567}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
"{D0789B33-09DB-46A1-855F-3FC9CBD87357}" = protocol=58 | dir=out | [email protected],-28546 |
"{D7181995-91AF-4F70-88CD-CF47D6790C02}" = protocol=6 | dir=out | app=rosettastoneversion3.exe |
"{D74CC593-B0AD-468C-8398-BE1B2B8D7C44}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DF94ACE5-CE2C-4F07-87D1-F49DACB35343}" = protocol=1 | dir=out | [email protected],-28544 |
"{E11E1D7E-57F0-4BB8-A3B4-E765CEDFA13B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E6316FFB-C11D-4917-99CF-FAB097AC9ACE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
"{E6B3C25D-3C4C-4058-94C4-48A75CEC91C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E930FC56-C95C-4736-B638-5A34584457FA}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{EF14F474-1348-46BC-AB4F-8C6BFAE98376}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{F305650B-B26D-406A-A326-6D6992FAB7A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F4674C2D-9C05-408A-B39A-F35EC732868E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{FC2FAB29-F812-495B-B465-18DD87B124A1}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{FE7855B8-AC1B-4315-8B8A-001C47632E33}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FEC04B95-EA29-432F-A3DF-3E0168489D84}" = protocol=58 | dir=in | [email protected],-28545 |
"TCP Query User{3D5F6A95-A093-444D-A313-D32C4E0CB7E5}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe |
"TCP Query User{620C4207-6F88-42DE-9C4F-AFFD37BD25C2}C:\program files\maple 16\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files\maple 16\jre\bin\maple.exe |
"TCP Query User{7365E44A-FB56-4060-85CF-EC6983F8405F}C:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe |
"TCP Query User{771C9FAF-BBDE-414D-AEFC-D07F10742C5A}C:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe |
"TCP Query User{88E3AAE9-3381-4A07-B17F-86EEABA7FFA6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BE0F6894-9B57-4B44-95E0-403CCF135FE9}C:\program files (x86)\maple 14\jre\bin\maple.exe" = protocol=6 | dir=in | app=c:\program files (x86)\maple 14\jre\bin\maple.exe |
"TCP Query User{BFEBA976-9903-4EEA-96A0-2ABD503FEED7}C:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe |
"TCP Query User{CBC30E26-5402-4943-AFB0-81DBDD744175}C:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=c:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe |
"TCP Query User{CFC5E160-F786-4419-94D1-0F9E4C69264D}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{E7A8F9BC-2E2D-41B5-80C6-1C05315108FE}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{E7B42295-013D-4038-89A5-872D3D8D27DC}C:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=c:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe |
"TCP Query User{EB40DE8E-2EDC-4CD1-8C50-90BD48045C38}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"TCP Query User{FBC56A25-958C-4986-8F24-5BE27CF64178}C:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=c:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe |
"UDP Query User{154D853C-868C-48E1-88CD-B960C78ECEB0}C:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe |
"UDP Query User{221038CE-525A-4720-8402-B6C7F9384758}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5614C9FB-A04C-40BE-BFB5-0320AA5DA444}C:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=c:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe |
"UDP Query User{66096BBB-3476-4B3B-823E-0E5FEE11A07B}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe |
"UDP Query User{6B73651D-8F3F-4310-BF56-FAC772055884}C:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe |
"UDP Query User{6F99DED1-1796-41ED-90A2-72068734509A}C:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=c:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe |
"UDP Query User{83F59E73-5AD4-4CB1-89CC-65FD332A6B06}C:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe |
"UDP Query User{96B92772-562F-40B9-9792-D021BDF84CFD}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{990A15FC-C091-43C0-920F-A8851C425677}C:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=c:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe |
"UDP Query User{AC91E73F-98CA-4B91-BE7B-22CACCEB3533}C:\program files (x86)\maple 14\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files (x86)\maple 14\jre\bin\maple.exe |
"UDP Query User{BA0B2412-CDD6-40C8-8F68-4215BB634984}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{C2A30F38-7F13-4509-AE02-7C4DF7D8670F}C:\program files\maple 16\jre\bin\maple.exe" = protocol=17 | dir=in | app=c:\program files\maple 16\jre\bin\maple.exe |
"UDP Query User{EEE85F9D-7017-464F-8419-B8E32E0A26A9}C:\program files (x86)\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-B001-0000-0102-0060B0CE6BBA}" = AutoCAD 2013 - English
"{5783F2D7-B001-0409-1102-0060B0CE6BBA}" = AutoCAD 2013 Language Pack - English
"{5783F2D7-B001-0409-2102-0060B0CE6BBA}" = AutoCAD 2013 - English
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A8F30C52-D992-4077-8A77-30ED12B6244C}" = Creo Thumbnail Viewer 1.0
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"{F9232528-EA5C-4DA0-B8BE-637A70E9E673}" = ProductView Express 9.1
"{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013
"{FFF5619F-2013-0064-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2013
"AutoCAD 2013 - English" = AutoCAD 2013 - English
"Autodesk Inventor Fusion 2013" = Autodesk Inventor Fusion 2013
"Autodesk Inventor Fusion plug-in for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013
"Creo Elements/Pro Schools Edition Release 5.0 Datecode M080" = Creo Elements/Pro Schools Edition Release 5.0 Datecode M080
"EPSON Artisan 700 Series" = EPSON Artisan 700 Series Printer Uninstall
"Maple 16" = Maple 16
"MatlabR2011a" = MATLAB R2011a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013
"{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEE4185F-3504-4ADB-91F5-521E08232045}" = RAPTOR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Autodesk Content Service" = Autodesk Content Service
"Autodesk Design Review 2013" = Autodesk Design Review 2013
"BitTorrent" = BitTorrent
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"DAEMON Tools Pro" = DAEMON Tools Pro
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DMX5_is1" = DriverMax 6
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"InterActual Player" = InterActual Player
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Maple 16" = Maple 16
"Maple Toolbox" = Maple Toolbox
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PokerStars.net" = PokerStars.net
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/11/2012 11:12:04 AM | Computer Name = StonePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1701

Error - 23/11/2012 11:12:05 AM | Computer Name = StonePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 23/11/2012 11:12:05 AM | Computer Name = StonePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2886

Error - 23/11/2012 11:12:05 AM | Computer Name = StonePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2886

Error - 23/11/2012 11:12:06 AM | Computer Name = StonePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 23/11/2012 11:12:06 AM | Computer Name = StonePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4165

Error - 23/11/2012 11:12:06 AM | Computer Name = StonePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4165

Error - 23/11/2012 5:03:44 PM | Computer Name = StonePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 23/11/2012 5:03:44 PM | Computer Name = StonePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2418

Error - 23/11/2012 5:03:44 PM | Computer Name = StonePC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2418

[ Media Center Events ]
Error - 03/12/2012 8:42:39 PM | Computer Name = StonePC | Source = MCUpdate | ID = 0
Description = 7:42:39 PM - Error connecting to the internet. 7:42:39 PM - Unable
to contact server..

Error - 03/12/2012 8:42:47 PM | Computer Name = StonePC | Source = MCUpdate | ID = 0
Description = 7:42:45 PM - Error connecting to the internet. 7:42:45 PM - Unable
to contact server..

Error - 10/12/2012 7:32:49 PM | Computer Name = StonePC | Source = MCUpdate | ID = 0
Description = 6:32:27 PM - Error connecting to the internet. 6:32:28 PM - Unable
to contact server..

Error - 10/12/2012 8:33:03 PM | Computer Name = StonePC | Source = MCUpdate | ID = 0
Description = 7:32:59 PM - Error connecting to the internet. 7:32:59 PM - Unable
to contact server..

Error - 16/12/2012 9:11:11 PM | Computer Name = StonePC | Source = MCUpdate | ID = 0
Description = 8:10:48 PM - Failed to retrieve Broadband (Error: The operation has
timed out)

Error - 17/12/2012 7:46:13 PM | Computer Name = StonePC | Source = MCUpdate | ID = 0
Description = 6:46:13 PM - Error connecting to the internet. 6:46:13 PM - Unable
to contact server..

Error - 17/12/2012 7:46:36 PM | Computer Name = StonePC | Source = MCUpdate | ID = 0
Description = 6:46:19 PM - Error connecting to the internet. 6:46:19 PM - Unable
to contact server..

Error - 17/12/2012 8:46:46 PM | Computer Name = StonePC | Source = MCUpdate | ID = 0
Description = 7:46:46 PM - Error connecting to the internet. 7:46:46 PM - Unable
to contact server..

Error - 17/12/2012 8:46:53 PM | Computer Name = StonePC | Source = MCUpdate | ID = 0
Description = 7:46:51 PM - Error connecting to the internet. 7:46:51 PM - Unable
to contact server..

Error - 01/01/2013 1:34:16 AM | Computer Name = StonePC | Source = MCUpdate | ID = 0
Description = 12:33:28 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

[ NetLimiter 3 Events ]
Error - 29/07/2013 9:45:30 AM | Computer Name = StonePC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 30/07/2013 8:38:02 AM | Computer Name = StonePC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 31/07/2013 9:14:24 AM | Computer Name = StonePC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 31/07/2013 6:53:33 PM | Computer Name = StonePC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 31/07/2013 8:30:17 PM | Computer Name = StonePC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 01/08/2013 8:38:55 AM | Computer Name = StonePC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 02/08/2013 9:17:47 AM | Computer Name = StonePC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 03/08/2013 9:03:10 AM | Computer Name = StonePC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 04/08/2013 8:05:37 AM | Computer Name = StonePC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

Error - 05/08/2013 8:31:27 AM | Computer Name = StonePC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired

[ System Events ]
Error - 17/08/2013 3:00:41 PM | Computer Name = StonePC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:53:50 PM on ?8/?16/?2013 was unexpected.

Error - 17/08/2013 3:54:16 PM | Computer Name = StonePC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 17/08/2013 3:54:18 PM | Computer Name = StonePC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 17/08/2013 3:54:20 PM | Computer Name = StonePC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 17/08/2013 3:54:21 PM | Computer Name = StonePC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 17/08/2013 3:54:21 PM | Computer Name = StonePC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 17/08/2013 8:33:32 PM | Computer Name = StonePC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 18/08/2013 7:29:50 PM | Computer Name = StonePC | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 18/08/2013 9:11:18 PM | Computer Name = StonePC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 19/08/2013 11:19:37 PM | Computer Name = StonePC | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

Advertisements

#2
godawgs
Posted 21 August 2013 - 12:35 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Steric, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

Can you tell me why you don't have an antivirus program running on the computer? I see that AVG was on it at one time and it looks McAfee was used at one time but nothing now.
Did you turn the User Account Control off on purpose?

I see browser hijackers, adware and some malicious files. I am analyzing the logs now. In the mean time you need to free up some space on the hard drive. This is from the OTL log:

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 4.96 Gb Free Space | 1.67% Space Free | Partition Type: NTFS

Hard-Drive Free Space Advice:

1.67%

This is considered dangerously low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my humble opinion. Our tools may not function properly.

I advise you to uninstall some software you do not need and / or move any documents/files/pictures etc to a form of removable media. The lack of current Hard-Drive space will be impacting on overall system performance. Plus eventually any type of system maintenance will prove to be problematic.

Once you have freed up the needed space on the hard drive, please run the following scan and when you post the results we will start killing things.


Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my questions above.
2. The aswMBR log
  • 0

#3
Steric
Posted 22 August 2013 - 04:58 PM

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I freed up space as suggested. A little over 100 Gigs unused now, instead of just 4.

As to why there is no antivirus program running. No good answer for that one. A carry over bad habit that comes from a mixture of things. I used to play games that I remember hearing had compatibility issues when running while antivirus programs were running, and I also went under the (stupid I know) assumption that if I was "surfing smart" I "wasn't at risk". Anyways...I got used to not having one and never coming across any obvious problems. But yeah...I've come to the realization that I should be using something.

I do not know what the User Account Control is, so I can't say for sure if it is something that I turned off or not.


When I ran the aswMBR scan there were options for scan type that I didn't see in your instructional diagram. I chose quick scan because it was the default selection (the other options being C:\ and [....]) Here's the log:


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-22 16:12:19
-----------------------------
16:12:19.963 OS Version: Windows x64 6.1.7601 Service Pack 1
16:12:19.963 Number of processors: 2 586 0x1706
16:12:19.963 ComputerName: STONEPC UserName:
16:12:20.837 Initialize success
16:21:48.931 AVAST engine defs: 13082201
16:27:15.049 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:27:15.049 Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 00000009 Size: 305245MB BusType: 11
16:27:15.205 Disk 0 MBR read successfully
16:27:15.205 Disk 0 MBR scan
16:27:15.205 Disk 0 Windows 7 default MBR code
16:27:15.221 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:27:15.236 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
16:27:15.252 Disk 0 scanning C:\Windows\system32\drivers
16:27:26.141 Service scanning
16:28:00.899 Modules scanning
16:28:00.899 Disk 0 trace - called modules:
16:28:00.930 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:28:00.945 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c2d4e0]
16:28:01.445 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80046bd680]
16:28:02.349 AVAST engine scan C:\Windows
16:28:04.596 AVAST engine scan C:\Windows\system32
16:33:06.987 AVAST engine scan C:\Windows\system32\drivers
16:33:28.889 AVAST engine scan C:\Users\nat and pat
17:40:54.841 AVAST engine scan C:\ProgramData
18:14:44.699 Scan finished successfully
18:46:47.180 Disk 0 MBR has been saved successfully to "C:\Users\nat and pat\Desktop\MBR.dat"
18:46:47.180 The log file has been saved successfully to "C:\Users\nat and pat\Desktop\aswMBR.txt"
  • 0

#4
Steric
Posted 22 August 2013 - 09:22 PM

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Just a further note, I will be out of town (without internet access) for the weekend, so there will be a delay in my next response.
  • 0

#5
godawgs
Posted 23 August 2013 - 10:11 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

I freed up space as suggested. A little over 100 Gigs unused now, instead of just 4.

Acknowledged.

Just a further note, I will be out of town (without internet access) for the weekend, so there will be a delay in my next response.

No problem. Just complete the following instructions when you return.

I understand what you are saying about the antivirus programs but without one you are just begging to be infected. They won't stop all of them but they certainly offer more protection that no antivirus program. You have 4GB of RAM so the system should run games and an AV program without much interference, if any. There are free AV programs that don't use a lot of RAM. But you could always install more RAM if the computer isn't fast enough after installing the AV program. We will address this issue during the cleaning of the machine.

I do not know what the User Account Control is, so I can't say for sure if it is something that I turned off or not.

Click here to go to the Microsoft page with a detailed description of what the UAC is. I will be turning the UAC control back on and I recommend that you keep this extra layer of protection activated. But if you want it off again there is a link at the bottom of that page that will explain how to turn it off.

The QuickScan was what I wanted on the aswMBR scan and it is clean :)

NOTE: I recommend that you print these instructions or save them to a text file so you will have them handy when completing the steps.
It might also be easier to download all tools first and then close the browser and all open windows before running them.

You have the Conduit Engine program installed that needs to be uninstalled. The Event logs show that the trial period for NetLimiter 3 has expired. If you aren't going to register the program you should uninstall it. I will list it as an optional uninstall and the decision will be yours. The Event log also shows a possible problem with the hard disk.

Error - 17/08/2013 3:54:16 PM | Computer Name = StonePC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

We will address this in due course.

You have the following Peer-to-Peer program(s) installed:

BitTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs listed below in this color are optional removals. All programs in black are malware or viruses and must be uninstalled.


Step-1.

Malicious program uninstalls and Optional Removals

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program

2. In the list of programs installed, locate the following program(s):

Conduit Engine
BitTorrent
NetLimiter 3

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2652911
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\URLSearchHook: {da81b294-ed20-46ec-946b-565d182f3be1} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ef79f67a-6ad7-4715-a0f8-932fca442023} - No CLSID value found
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
FF - prefs.js..extensions.enabledAddons: %7Bef79f67a-6ad7-4715-a0f8-932fca442023%7D:3.19.0.3
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DA81B294-ED20-46EC-946B-565D182F3BE1} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O33 - MountPoints2\{ee887f69-30f1-11e1-ace1-001fe2fb4074}\Shell - "" = AutoRun
O33 - MountPoints2\{ee887f69-30f1-11e1-ace1-001fe2fb4074}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
@Alternate Data Stream - 1129 bytes -> C:\Users\nat and pat\AppData\Local\UO9jSuZxyhQ1:kS1Dkc6CRmieUpO0J8dkY5TR
@Alternate Data Stream - 1113 bytes -> C:\ProgramData\Microsoft:NQjZVg3qRdDhDrlzJou2CxnFiQ
@Alternate Data Stream - 1094 bytes -> C:\Program Files\Common Files\Microsoft Shared:LuyCvpldrpqJId4ekpk
@Alternate Data Stream - 1052 bytes -> C:\ProgramData\Microsoft:jqBCtDYRbhva17miwlsfbru7M

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = DWORD:1

:FILES
C:\Program Files (x86)\ConduitEngine
ipconfig /flushdns /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • Once done it may ask to reboot, allow this. Do Not delete anything at this time.
  • On reboot a log will be produced. Please copy/paste that in your next reply. To do that:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved to C:\AdwCleaner[R0].txt. NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-4.

Run RogueKiller

NOTE: If using IE8 or better the Smartscreen Filter will need to be disabled. Directions for disabling the SmartScreen Filter in IE 8, 9 and 10 can be found: here

  • Click here to go to the RogueKiller download page.
  • Click the 64 bits (x64): download button and save the RogueKillerX64.exe file to the desktop.
  • Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
    NOTE: If this is the first time you have used the program you will need to accept the User Agreement.
  • Wait until Prescan has finished ...This may take a few minutes, especially if it is the first time you have used the program.
  • Click on Scan

    Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-5.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:\Windows\{505AFDC0-5E72-4928-8368-5DEA385E3647}.ini
    C:\Windows\SysWow64\{505AFDC0-5E72-4928-8368-5DEA385E3647}.ini    .
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please copy and paste the Virustotal URL link(s) in your next reply
  • Repeat 1 thru 6 for each file listed.

Step-6.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
services.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console.<---Very Important
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-7.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me knwo which programs you uninstalled.
2. The OTL fixes log
3. The AdwCleaner[R0].txt log
4. The RKreport.txt log
5. The VirusTotal links
6. The new OTL.txt log
7. Let me know how the computer is running now.
  • 0

#6
Steric
Posted 27 August 2013 - 09:58 PM

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
1. Let me know which programs you uninstalled.
Conduit engine and net limiter I had uninstalled during the space making phase. Bitorrent I haven't removed (at this time) but I won't be using it during this cleaning process and I fully intend to heed your warning and read the reports you linked and go from there.

2. The OTL fixes log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{da81b294-ed20-46ec-946b-565d182f3be1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da81b294-ed20-46ec-946b-565d182f3be1}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ef79f67a-6ad7-4715-a0f8-932fca442023} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef79f67a-6ad7-4715-a0f8-932fca442023}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Prefs.js: %7Bef79f67a-6ad7-4715-a0f8-932fca442023%7D:3.19.0.3 removed from extensions.enabledAddons
Prefs.js: "http://search.condui...rchSource=2&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DA81B294-ED20-46EC-946B-565D182F3BE1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA81B294-ED20-46EC-946B-565D182F3BE1}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee887f69-30f1-11e1-ace1-001fe2fb4074}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee887f69-30f1-11e1-ace1-001fe2fb4074}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ee887f69-30f1-11e1-ace1-001fe2fb4074}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee887f69-30f1-11e1-ace1-001fe2fb4074}\ not found.
File "G:\WD SmartWare.exe" autoplay=true not found.
ADS C:\Users\nat and pat\AppData\Local\UO9jSuZxyhQ1:kS1Dkc6CRmieUpO0J8dkY5TR deleted successfully.
ADS C:\ProgramData\Microsoft:NQjZVg3qRdDhDrlzJou2CxnFiQ deleted successfully.
ADS C:\Program Files\Common Files\Microsoft Shared:LuyCvpldrpqJId4ekpk deleted successfully.
ADS C:\ProgramData\Microsoft:jqBCtDYRbhva17miwlsfbru7M deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\\"EnableFirewall" | DWORD:1 /E : value set successfully!
========== FILES ==========
File\Folder C:\Program Files (x86)\ConduitEngine not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\nat and pat\Desktop\cmd.bat deleted successfully.
C:\Users\nat and pat\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MelPC
->Temp folder emptied: 44738 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: nat and pat
->Temp folder emptied: 136246867 bytes
->Temporary Internet Files folder emptied: 127097623 bytes
->Java cache emptied: 70007834 bytes
->FireFox cache emptied: 459447065 bytes
->Google Chrome cache emptied: 186370708 bytes
->Flash cache emptied: 58117 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1167663854 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42303946 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,088.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08272013_225124

Files\Folders moved on Reboot...
File\Folder C:\Users\nat and pat\AppData\Local\Temp\OICE_1DB1B1F5-531C-4954-9A10-36EE5BE17070.0\3149F8D6. not found!
C:\Users\nat and pat\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\nat and pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6C814B63-06A3-4679-8916-B6F36F6590F3}.tmp moved successfully.
C:\Users\nat and pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C35D4C72-C8BE-4726-A4FF-352A8EF2A2DF}.tmp moved successfully.
C:\Users\nat and pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


3. The AdwCleaner[R0].txt log

# AdwCleaner v3.001 - Report created 27/08/2013 at 23:02:12
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : nat and pat - STONEPC
# Running from : C:\Users\nat and pat\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Users\nat and pat\AppData\Roaming\Mozilla\Firefox\Profiles\hyszd5vv.default\\invalidprefs.js
File Found : C:\Users\nat and pat\AppData\Roaming\Mozilla\Firefox\Profiles\hyszd5vv.default\user.js
Folder Found : C:\Users\nat and pat\AppData\Roaming\Mozilla\Firefox\Profiles\hyszd5vv.default\Extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}
Folder Found C:\ProgramData\Ask
Folder Found C:\Users\nat and pat\AppData\Local\Conduit
Folder Found C:\Users\nat and pat\AppData\Local\cre
Folder Found C:\Users\nat and pat\AppData\Local\Ilivid Player
Folder Found C:\Users\nat and pat\AppData\Local\PackageAware
Folder Found C:\Users\nat and pat\AppData\LocalLow\Conduit
Folder Found C:\Users\nat and pat\AppData\LocalLow\searchquband
Folder Found C:\Users\nat and pat\AppData\Roaming\Mozilla\Firefox\Profiles\hyszd5vv.default\ConduitCommon
Folder Found C:\Users\nat and pat\AppData\Roaming\Mozilla\Firefox\Profiles\hyszd5vv.default\CT2849852

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\Bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\nat and pat\AppData\Roaming\Mozilla\Firefox\Profiles\hyszd5vv.default\prefs.js ]

Line Found : user_pref("CT2849852..clientLogIsEnabled", false);
Line Found : user_pref("CT2849852..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2849852..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2849852.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT2849852.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2849852.BrowserCompStateIsOpen_129642290922900978", true);
Line Found : user_pref("CT2849852.BrowserCompStateIsOpen_130055917983162090", true);
Line Found : user_pref("CT2849852.CTID", "CT2849852");
Line Found : user_pref("CT2849852.CurrentServerDate", "28-8-2013");
Line Found : user_pref("CT2849852.DSInstall", false);
Line Found : user_pref("CT2849852.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2849852.DialogsGetterLastCheckTime", "Mon Aug 26 2013 16:00:26 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT2849852.DownloadReferralCookieData", "");
Line Found : user_pref("CT2849852.EMailNotifierPollDate", "Wed May 23 2012 22:14:39 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.FeedLastCount129349795937781608", 212);
Line Found : user_pref("CT2849852.FeedPollDate129313974171006416", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.FeedPollDate129313975698350231", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.FeedPollDate129313976370850190", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.FeedPollDate129313976648818968", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.FeedPollDate129313977444757117", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.FeedPollDate129313980389131455", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.FeedPollDate129313980655381977", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.FeedPollDate129313980886163259", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.FeedPollDate129313981234756535", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.FeedPollDate129313983226631720", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.FeedPollDate129313983607725691", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.FeedTTL129313974171006416", 10);
Line Found : user_pref("CT2849852.FeedTTL129313977444757117", 15);
Line Found : user_pref("CT2849852.FeedTTL129313980655381977", 5);
Line Found : user_pref("CT2849852.FeedTTL129313981234756535", 5);
Line Found : user_pref("CT2849852.FirstServerDate", "23-5-2012");
Line Found : user_pref("CT2849852.FirstTime", true);
Line Found : user_pref("CT2849852.FirstTimeFF3", true);
Line Found : user_pref("CT2849852.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2849852.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2849852.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2849852.HPInstall", false);
Line Found : user_pref("CT2849852.HasUserGlobalKeys", true);
Line Found : user_pref("CT2849852.Initialize", true);
Line Found : user_pref("CT2849852.InitializeCommonPrefs", true);
Line Found : user_pref("CT2849852.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2849852.InstallationId", "fft983E.tmp.exe");
Line Found : user_pref("CT2849852.InstallationType", "XPE");
Line Found : user_pref("CT2849852.InstalledDate", "Wed May 23 2012 22:14:39 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.IsGrouping", false);
Line Found : user_pref("CT2849852.IsInitSetupIni", true);
Line Found : user_pref("CT2849852.IsMulticommunity", false);
Line Found : user_pref("CT2849852.IsOpenThankYouPage", true);
Line Found : user_pref("CT2849852.IsOpenUninstallPage", false);
Line Found : user_pref("CT2849852.LanguagePackLastCheckTime", "Tue Aug 27 2013 16:29:59 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT2849852.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2849852.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2849852.LastLogin_3.12.0.8", "Thu May 24 2012 06:54:21 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.LastLogin_3.12.2.3", "Wed May 30 2012 14:09:49 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2849852.LastLogin_3.13.0.6", "Mon Jul 16 2012 18:27:56 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2849852.LastLogin_3.14.1.0", "Tue Aug 28 2012 07:05:34 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT2849852.LastLogin_3.15.1.0", "Tue Nov 06 2012 22:31:32 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2849852.LastLogin_3.16.0.3", "Fri Feb 08 2013 00:36:17 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2849852.LastLogin_3.18.0.7", "Wed Jul 17 2013 00:31:44 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT2849852.LastLogin_3.19.0.3", "Tue Aug 27 2013 20:17:42 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT2849852.LatestVersion", "3.19.0.3");
Line Found : user_pref("CT2849852.Locale", "fr");
Line Found : user_pref("CT2849852.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2849852.MCDetectTooltipShow", false);
Line Found : user_pref("CT2849852.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2849852.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2849852.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT2849852.OriginalFirstVersion", "3.12.0.8");
Line Found : user_pref("CT2849852.SearchCaption", "BittorrentBar_FR Customized Web Search");
Line Found : user_pref("CT2849852.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2849852.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=2&q=");
Line Found : user_pref("CT2849852.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2849852.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2849852.SearchInNewTabLastCheckTime", "Tue Aug 27 2013 16:29:55 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT2849852.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Found : user_pref("CT2849852.SendProtectorDataViaLogin", true);
Line Found : user_pref("CT2849852.ServiceMapLastCheckTime", "Tue Aug 27 2013 16:29:58 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT2849852.SettingsLastCheckTime", "Tue Aug 27 2013 20:17:40 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT2849852.SettingsLastUpdate", "1377612931");
Line Found : user_pref("CT2849852.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13");
Line Found : user_pref("CT2849852.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2849852.ThirdPartyComponentsLastCheck", "Wed May 23 2012 22:14:33 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.ThirdPartyComponentsLastUpdate", "1331805999");
Line Found : user_pref("CT2849852.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT2849852.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849852");
Line Found : user_pref("CT2849852.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT2849852.UserID", "UN67890391229224710");
Line Found : user_pref("CT2849852.WeatherNetwork", "");
Line Found : user_pref("CT2849852.WeatherPollDate", "Wed May 23 2012 22:14:41 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.WeatherUnit", "C");
Line Found : user_pref("CT2849852.alertChannelId", "1241893");
Line Found : user_pref("CT2849852.approveUntrustedApps", false);
Line Found : user_pref("CT2849852.autoDisableScopes", -1);
Line Found : user_pref("CT2849852.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Line Found : user_pref("CT2849852.backendstorage.cbcountry_000", "4553");
Line Found : user_pref("CT2849852.backendstorage.cbfirsttime", "576564204D617920323320323031322032323A31343A343920474D542B303230302028526F6D616E6365204461796C696768742054696D6529");
Line Found : user_pref("CT2849852.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E64756974617070732E636F6D2F4D414D2F763[...]
Line Found : user_pref("CT2849852.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Line Found : user_pref("CT2849852.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Line Found : user_pref("CT2849852.backendstorage.mam_gk_appstate_easytobook", "6F6E");
Line Found : user_pref("CT2849852.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
Line Found : user_pref("CT2849852.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Line Found : user_pref("CT2849852.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
Line Found : user_pref("CT2849852.backendstorage.mam_gk_appstatereporttime", "31333730313230393233363439");
Line Found : user_pref("CT2849852.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A225072696365476F6E67222C22637269746572696173223A5B7B2263726974657269614964223A22633630363438[...]
Line Found : user_pref("CT2849852.backendstorage.mam_gk_currentversion", "312E362E302E31");
Line Found : user_pref("CT2849852.backendstorage.mam_gk_first_time", "31");
Line Found : user_pref("CT2849852.backendstorage.mam_gk_lastlogintime", "31333730313230393231353432");
Line Found : user_pref("CT2849852.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E7420506F6C696379227D2C226761646765744465736372697074696F6E5072696[...]
Line Found : user_pref("CT2849852.backendstorage.mam_gk_settings1.6.0.1", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A223231355F2D31222C22697354657374[...]
Line Found : user_pref("CT2849852.backendstorage.mam_gk_showclosebutton", "74727565");
Line Found : user_pref("CT2849852.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Line Found : user_pref("CT2849852.backendstorage.mam_gk_userid", "32343664313139632D396235652D343166642D613736642D383237333938653630343437");
Line Found : user_pref("CT2849852.backendstorage.pg_enable", "74727565");
Line Found : user_pref("CT2849852.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
Line Found : user_pref("CT2849852.components.1000034", false);
Line Found : user_pref("CT2849852.components.1000234", false);
Line Found : user_pref("CT2849852.components.129349795936375318", false);
Line Found : user_pref("CT2849852.components.129349795937781608", false);
Line Found : user_pref("CT2849852.components.129349795937937859", false);
Line Found : user_pref("CT2849852.components.129349795937937860", false);
Line Found : user_pref("CT2849852.components.129431554657187564", false);
Line Found : user_pref("CT2849852.components.129642290922900978", false);
Line Found : user_pref("CT2849852.components.129791445891434790", false);
Line Found : user_pref("CT2849852.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT2849852.globalFirstTimeInfoLastCheckTime", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT2849852.initDone", true);
Line Found : user_pref("CT2849852.isAppTrackingManagerOn", true);
Line Found : user_pref("CT2849852.myStuffEnabled", true);
Line Found : user_pref("CT2849852.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2849852.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2849852.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2849852.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2849852.navigateToUrlOnSearch", false);
Line Found : user_pref("CT2849852.revertSettingsEnabled", true);
Line Found : user_pref("CT2849852.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT2849852.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT2849852.testingCtid", "");
Line Found : user_pref("CT2849852.toolbarAppMetaDataLastCheckTime", "Tue Aug 27 2013 16:29:59 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT2849852.toolbarContextMenuLastCheckTime", "Wed May 23 2012 22:14:42 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CT2849852.usagesFlag", 2);
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849852/CT2849852", "\"6ff9d97c878575475cbcaf069111e5673\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849852", "\"1361118198\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=fr", "y/LORlR12DbewW+JdTTXOw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=fr", "Jhg1cqt6SMZ2zk/Sj9mdqg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=fr", "Piuk0Y+XrAdQh3bNgUm5ig==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=fr", "36O4HhdlE7RKWjfvnlLR2g==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.8", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:14f1\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:151d\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:1694\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"23c5489aa686ce1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849852", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=fr", "\"4b204a57959c9afd4e5c16dad1db29d7\"");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\nat and pat\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hyszd5vv.default\\conduitCommon\\modules\\3.12.0.8");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&q=");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2849852");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2849852");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2849852");
Line Found : user_pref("CommunityToolbar.globalUserId", "0e2a576e-cce8-42c7-b414-336dac934274");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849852");
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed May 23 2012 22:14:43 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed May 23 2012 22:14:37 GMT+0200 (Romance Daylight Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "c09ce1e4-2722-4b48-acbf-67051db9f562");
Line Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.ca/");
Line Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=2&q=");

-\\ Google Chrome v

[ File : C:\Users\nat and pat\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage

*************************

AdwCleaner[R0].txt - [27454 octets] - [27/08/2013 23:02:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [27515 octets] ##########

4. The RKreport.txt log

RogueKiller V8.6.6 _x64_ [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : nat and pat [Admin rights]
Mode : Scan -- Date : 08/27/2013 23:07:35
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1586680591-300540452-3325560610-1000UA.job : C:\Users\nat and pat\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1586680591-300540452-3325560610-1000Core.job : C:\Users\nat and pat\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1586680591-300540452-3325560610-1000Core : C:\Users\nat and pat\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1586680591-300540452-3325560610-1000UA : C:\Users\nat and pat\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2320BH G2 ATA Device +++++
--- User ---
[MBR] aa32836bf251d84707551557d47e0df7
[BSP] b39bcc4db1c726b878d8bd5451978c7d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08272013_230735.txt >>

5. The VirusTotal links

https://www.virustot...sis/1377659402/

https://www.virustot...sis/1377659607/

6. The new OTL.txt log

OTL logfile created on: 27/08/2013 11:16:24 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nat and pat\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.91 Gb Available Physical Memory | 72.74% Memory free
7.99 Gb Paging File | 6.88 Gb Available in Paging File | 86.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297.99 Gb Total Space | 109.82 Gb Free Space | 36.85% Space Free | Partition Type: NTFS
Drive D: | 7.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: STONEPC | User Name: nat and pat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/08/21 09:14:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nat and pat\Desktop\OTL.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/26 10:25:51 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/09/27 09:37:32 | 004,180,576 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2009/06/25 23:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013/08/17 20:14:40 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/31 09:20:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/11 21:49:40 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/31 10:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/05 12:22:08 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/04 00:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/06/05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012/03/27 16:48:00 | 000,398,112 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 01:26:10 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2011/12/21 00:32:42 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/27 14:26:04 | 000,131,072 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2010/07/27 10:36:22 | 000,075,648 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/26 00:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/26 00:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/13 11:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2000/01/01 03:00:00 | 000,442,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 73 CF F4 AA 35 CC 01 [binary data]
IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....sa&d=2012-07-26 12:48:17&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\..\SearchScopes\{B8FD7E37-F1BA-44F0-B336-7874CE764208}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\nat and pat\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nat and pat\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nat and pat\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/27 12:40:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nat and pat\AppData\Roaming\mozilla\Extensions
[2013/07/17 09:13:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nat and pat\AppData\Roaming\mozilla\Firefox\Profiles\hyszd5vv.default\extensions
[2013/07/17 09:13:57 | 000,000,000 | ---D | M] (BittorrentBar_FR Community Toolbar) -- C:\Users\nat and pat\AppData\Roaming\mozilla\Firefox\Profiles\hyszd5vv.default\extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}
[2013/08/17 20:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/17 20:14:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/17 20:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/17 20:14:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/17 20:14:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/03 14:33:38 | 000,003,771 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: https://isearch.avg....sa&d=2012-07-26 12:48:17&v=12.1.0.21&sap=hp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\nat and pat\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\nat and pat\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\nat and pat\AppData\Local\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\nat and pat\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\nat and pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\nat and pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\nat and pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1586680591-300540452-3325560610-1000..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CCBBA98-69AA-4522-8B07-79EE9A8091A4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


========== Files/Folders - Created Within 30 Days ==========

[2013/08/27 23:06:01 | 000,000,000 | ---D | C] -- C:\Users\nat and pat\Desktop\RK_Quarantine
[2013/08/27 23:01:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/27 22:51:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/25 16:49:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/08/25 16:49:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/08/25 16:49:02 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/08/25 16:49:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/08/25 16:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/08/22 20:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/08/22 20:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/08/22 20:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/08/22 20:42:57 | 013,078,152 | ---- | C] (Microsoft Corporation) -- C:\Users\nat and pat\Desktop\Silverlight_x64.exe
[2013/08/22 12:43:00 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\nat and pat\Desktop\aswMBR.exe
[2013/08/21 09:14:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\nat and pat\Desktop\OTL.exe
[2013/08/17 21:55:43 | 000,000,000 | R--D | C] -- C:\Users\nat and pat\Dropbox
[2013/08/17 21:50:48 | 000,000,000 | ---D | C] -- C:\Users\nat and pat\AppData\Roaming\Dropbox
[2013/08/17 20:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/15 01:14:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/15 01:14:18 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/15 01:14:15 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/15 01:14:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/15 01:14:15 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/15 01:14:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/15 01:14:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/15 01:14:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/15 01:14:15 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/15 01:14:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/15 01:14:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/15 01:14:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/15 01:14:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/15 01:14:10 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/15 01:14:08 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/14 07:28:12 | 000,000,000 | ---D | C] -- C:\b7d6cffc66e54261f7f3b0b346703bf1
[2013/08/14 07:26:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/14 06:38:16 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 06:38:15 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 06:38:15 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 06:37:58 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/14 06:37:57 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/14 06:37:57 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/14 06:37:56 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/14 06:37:56 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/14 06:37:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/14 06:37:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/14 06:37:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/14 06:37:55 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/14 06:37:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/14 06:37:53 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/14 06:37:52 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 06:37:52 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/30 19:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2013/08/27 23:04:52 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/27 23:04:52 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/27 22:56:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/27 22:56:48 | 3217,219,584 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/27 22:45:44 | 003,814,400 | ---- | M] () -- C:\Users\nat and pat\Desktop\RogueKillerX64.exe
[2013/08/27 22:43:04 | 000,994,642 | ---- | M] () -- C:\Users\nat and pat\Desktop\AdwCleaner.exe
[2013/08/27 22:37:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1586680591-300540452-3325560610-1000UA.job
[2013/08/27 22:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/27 15:37:16 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1586680591-300540452-3325560610-1000Core.job
[2013/08/25 16:49:29 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/08/22 20:43:24 | 013,078,152 | ---- | M] (Microsoft Corporation) -- C:\Users\nat and pat\Desktop\Silverlight_x64.exe
[2013/08/22 18:46:47 | 000,000,512 | ---- | M] () -- C:\Users\nat and pat\Desktop\MBR.dat
[2013/08/22 15:55:13 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/22 15:55:13 | 000,660,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/22 15:55:13 | 000,121,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/22 13:37:38 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\nat and pat\Desktop\aswMBR.exe
[2013/08/21 09:14:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nat and pat\Desktop\OTL.exe
[2013/08/16 15:08:23 | 000,000,035 | ---- | M] () -- C:\Users\nat and pat\Documents\std.out
[2013/08/06 16:28:16 | 000,315,272 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/08/03 00:32:35 | 000,773,522 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/02 14:28:12 | 000,000,000 | -H-- | M] () -- C:\Users\nat and pat\Documents\Default.rdp
[2013/07/31 09:20:17 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/31 09:20:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/08/27 22:45:40 | 003,814,400 | ---- | C] () -- C:\Users\nat and pat\Desktop\RogueKillerX64.exe
[2013/08/27 22:42:41 | 000,994,642 | ---- | C] () -- C:\Users\nat and pat\Desktop\AdwCleaner.exe
[2013/08/25 16:49:29 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/08/22 18:46:47 | 000,000,512 | ---- | C] () -- C:\Users\nat and pat\Desktop\MBR.dat
[2013/08/02 14:28:12 | 000,000,000 | -H-- | C] () -- C:\Users\nat and pat\Documents\Default.rdp
[2013/06/21 13:30:06 | 000,001,456 | ---- | C] () -- C:\Users\nat and pat\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/01/24 01:04:59 | 000,000,036 | ---- | C] () -- C:\Users\nat and pat\AppData\Local\housecall.guid.cache
[2012/11/13 16:22:27 | 000,000,072 | ---- | C] () -- C:\Windows\JascCmdStandard.INI
[2012/07/27 14:17:44 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 14:17:43 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/07/27 14:17:34 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/07/26 12:32:07 | 000,773,522 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/27 13:34:54 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2012/02/17 12:54:00 | 000,000,160 | ---- | C] () -- C:\Windows\{505AFDC0-5E72-4928-8368-5DEA385E3647}.ini
[2012/02/17 12:54:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\{505AFDC0-5E72-4928-8368-5DEA385E3647}.ini
[2011/11/25 20:29:27 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011/10/26 21:15:55 | 000,315,272 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/10/26 21:11:30 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/09 13:56:27 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/03/09 13:56:27 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/08/27 11:49:02 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\Audacity
[2012/09/26 14:37:01 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\Autodesk
[2013/08/27 22:58:09 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\BitTorrent
[2012/10/08 18:48:05 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\CADopia Standard 12
[2011/10/07 11:32:20 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/09/29 21:47:12 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\CMS
[2011/10/26 23:16:20 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/10/26 11:37:31 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/10/07 10:51:15 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/11/19 14:05:58 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\DAEMON Tools Pro
[2013/08/21 18:48:19 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\Dev-Cpp
[2013/08/26 16:03:34 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\Dropbox
[2012/03/27 13:35:34 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\Final Draft
[2011/11/09 14:10:16 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\GetRightToGo
[2013/02/09 21:15:35 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\MAGIX
[2012/04/04 18:08:08 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\ManyCam
[2012/12/02 00:08:29 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\Maple
[2012/06/18 14:42:27 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\ooVoo Details
[2011/10/26 21:11:30 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\PACE Anti-Piracy
[2013/06/21 11:46:49 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\PDAppFlex
[2012/10/16 00:30:16 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\PTC
[2011/06/13 21:02:23 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\Sayglo
[2011/10/26 21:12:46 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/02/24 00:50:25 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\TuneUp Software
[2011/10/26 12:23:02 | 000,000,000 | ---D | M] -- C:\Users\nat and pat\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 01:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 09:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 01:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 00:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 09:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 09:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 09:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 09:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 09:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 09:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 09:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 09:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 09:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 09:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 09:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 09:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 09:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 09:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/05/11 06:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.JAR >
[2011/02/18 14:45:48 | 000,142,343 | ---- | M] () MD5=ADCFB617234DA35622F7DB0BD61ADAE7 -- C:\Program Files\MATLAB\R2011a\java\jar\services.jar

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PMMSG >
[2011/02/02 15:27:28 | 000,001,020 | ---- | M] () MD5=2999F9A278617962494A7BABF81DC519 -- C:\Program Files\MATLAB\R2011a\toolbox\physmod\foundation\foundation\services.pmmsg

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is F0CB-6D18
Directory of C:\
14/07/2009 01:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 01:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 01:08 AM <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 01:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 01:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 01:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 01:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 01:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 01:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 01:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 01:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 01:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 01:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 01:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 01:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 01:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 01:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 01:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 01:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 01:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 01:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\MelPC
24/10/2011 05:28 PM <JUNCTION> Application Data [C:\Users\MelPC\AppData\Roaming]
24/10/2011 05:28 PM <JUNCTION> Cookies [C:\Users\MelPC\AppData\Roaming\Microsoft\Windows\Cookies]
24/10/2011 05:28 PM <JUNCTION> Local Settings [C:\Users\MelPC\AppData\Local]
24/10/2011 05:28 PM <JUNCTION> My Documents [C:\Users\MelPC\Documents]
24/10/2011 05:28 PM <JUNCTION> NetHood [C:\Users\MelPC\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
24/10/2011 05:28 PM <JUNCTION> PrintHood [C:\Users\MelPC\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
24/10/2011 05:28 PM <JUNCTION> Recent [C:\Users\MelPC\AppData\Roaming\Microsoft\Windows\Recent]
24/10/2011 05:28 PM <JUNCTION> SendTo [C:\Users\MelPC\AppData\Roaming\Microsoft\Windows\SendTo]
24/10/2011 05:28 PM <JUNCTION> Start Menu [C:\Users\MelPC\AppData\Roaming\Microsoft\Windows\Start Menu]
24/10/2011 05:28 PM <JUNCTION> Templates [C:\Users\MelPC\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\MelPC\AppData\Local
24/10/2011 05:28 PM <JUNCTION> Application Data [C:\Users\MelPC\AppData\Local]
24/10/2011 05:28 PM <JUNCTION> History [C:\Users\MelPC\AppData\Local\Microsoft\Windows\History]
24/10/2011 05:28 PM <JUNCTION> Temporary Internet Files [C:\Users\MelPC\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\MelPC\Documents
24/10/2011 05:28 PM <JUNCTION> My Music [C:\Users\MelPC\Music]
24/10/2011 05:28 PM <JUNCTION> My Pictures [C:\Users\MelPC\Pictures]
24/10/2011 05:28 PM <JUNCTION> My Videos [C:\Users\MelPC\Videos]
0 File(s) 0 bytes
Directory of C:\Users\nat and pat
07/06/2011 01:28 AM <JUNCTION> Application Data [C:\Users\nat and pat\AppData\Roaming]
07/06/2011 01:28 AM <JUNCTION> Cookies [C:\Users\nat and pat\AppData\Roaming\Microsoft\Windows\Cookies]
07/06/2011 01:28 AM <JUNCTION> Local Settings [C:\Users\nat and pat\AppData\Local]
07/06/2011 01:28 AM <JUNCTION> My Documents [C:\Users\nat and pat\Documents]
07/06/2011 01:28 AM <JUNCTION> NetHood [C:\Users\nat and pat\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/06/2011 01:28 AM <JUNCTION> PrintHood [C:\Users\nat and pat\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/06/2011 01:28 AM <JUNCTION> Recent [C:\Users\nat and pat\AppData\Roaming\Microsoft\Windows\Recent]
07/06/2011 01:28 AM <JUNCTION> SendTo [C:\Users\nat and pat\AppData\Roaming\Microsoft\Windows\SendTo]
07/06/2011 01:28 AM <JUNCTION> Start Menu [C:\Users\nat and pat\AppData\Roaming\Microsoft\Windows\Start Menu]
07/06/2011 01:28 AM <JUNCTION> Templates [C:\Users\nat and pat\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\nat and pat\AppData\Local
07/06/2011 01:28 AM <JUNCTION> Application Data [C:\Users\nat and pat\AppData\Local]
07/06/2011 01:28 AM <JUNCTION> History [C:\Users\nat and pat\AppData\Local\Microsoft\Windows\History]
07/06/2011 01:28 AM <JUNCTION> Temporary Internet Files [C:\Users\nat and pat\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\nat and pat\Documents
07/06/2011 01:28 AM <JUNCTION> My Music [C:\Users\nat and pat\Music]
07/06/2011 01:28 AM <JUNCTION> My Pictures [C:\Users\nat and pat\Pictures]
07/06/2011 01:28 AM <JUNCTION> My Videos [C:\Users\nat and pat\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
66 Dir(s) 117,886,705,664 bytes free

< End of report >

7. Let me know how the computer is running now
It appears to be running alright. I haven't notice anything unusual or different
  • 0

#7
godawgs
Posted 28 August 2013 - 11:59 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

It appears to be running alright. I haven't notice anything unusual or different

:thumbsup: We just need to continue killing what the scans are showing. After this run we will install an AntiVirus program.
There is quite a bit to do here. Just take your time. Read the instructions carefully. And if you have any questions stop and ask.


Step-1.

Download the following files and save them to the desktop but don't run them yet.

1.
Please click here to go to our Free Antivirus and AntiSpyware software page. Look under the Free Antivirus Software section and download only one of the antivirus programs and save it to the desktop. We will install it after this round of fixes. I would recommend Microsoft Security Essentials or Avast. MSSE is easier to use as it doesn't have as many modules to configure. Both are light on system resources.

2.
Click here to download the AVG Removal Tool and save it to the desktop. We will run it shortly.

3.
Click here to download the Junkware Removal Tool and save it to the desktop. We will run it shortly.


Step-2.
Windows Sidebar Advice

Your log shows Windows sidebar running. I recommend that you disable the sidebar.

Microsoft has discovered a security vulnerability in Windows Sidebar and Gadgets. If you are not aware of this, Windows Sidebar(gadgets) has the potential to compromise the security of a machine it is running on as mentioned here. So it would be best to disable this feature.

Download the Disable Windows Sidebar and Gadgets Fix-it on this page to your desktop.

Once downloaded, double-click on MicrosoftFixit50906.msi >> follow the prompts >> reboot your machine if not advised to do so.


Step-3.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKU\S-1-5-21-1586680591-300540452-3325560610-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....sa&d=2012-07-26 12:48:17&v=12.2.5.32&sap=dsp&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059BE16C-E06D-4481-9E79-E46B750EF0AD}" = -
"{082D00A6-7ED4-44BB-8C40-2B7EAA01CC4F}" = -
"{0E6D74CC-AA9C-4BC8-91BA-89DF11FEFAB6}" = -
"{1242713D-9A99-4391-93E0-9CAC261001DF}" = -
"{1DFED128-6025-4A25-A252-1DF8A8406450}" = -
"{4475F492-0DE3-4EA9-A193-037C7CF01DAF}" = -
"{46B08746-ABEE-48AA-821A-0EAC16AC1F99}" = -
"{569321AC-8964-4E6C-B998-2EB996426A60}" = -
"{9179970D-8210-4157-A35F-1EC3A02118EC}" = -
"{984E3E03-E585-4357-A3D1-F80E18D33CB2}" = -
"{B583E2FE-EED2-4E52-8591-8A818E95E260}" = -
"{BDB7F14C-211A-4529-8CC5-6B1E39A6E63D}" = -
"{CB1B9891-18CB-439F-935B-8B1E80794567}" = -
"{E6316FFB-C11D-4917-99CF-FAB097AC9ACE}" = -
"{EF14F474-1348-46BC-AB4F-8C6BFAE98376}" = -
"{F4674C2D-9C05-408A-B39A-F35EC732868E}" = -
"{E930FC56-C95C-4736-B638-5A34584457FA}" = -
"{FC2FAB29-F812-495B-B465-18DD87B124A1}" = -

:FILES
c:\program files (x86)\windows ilivid toolbar
c:\program files (x86)\avg
C:\Users\Default\AppData\Roaming\TuneUp Software
C:\Users\Default User\AppData\Roaming\TuneUp Software
C:\Users\nat and pat\AppData\Roaming\TuneUp Software
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-4.

Re-run AdwCleaner

Close all open windows and browsers.

  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to finish.
  • Now click the Clean button.
  • Everything checked will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-5.

Scan with JRT:

Posted Image

  • Right click the JRT.exe file and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine.


Step-6.

AVG Remover Tool:

  • Save all your work and close all documents! Your computer will be restarted during the procedure.
  • Double click the downloaded AVG_Remover_en.exe file to run the AVG Remover tool and follow the instructions displayed on your screen.
  • Your computer will be restarted automatically. After the restart, allow the tool to remove the remaining AVG files.


Step-7.

Right click the setup file for whichever antivirus program you downloaded to the desktop and click Run as Administrator to launch the installation and follow any on screen instructions.


Step-8.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The AdwCleaner[S0].txt log
3. The JRT.txt log
4. Let me know if the AVG Remover tool ran successfully
5. Let me know which antivirus program you installed.
  • 0

#8
Steric
Posted 28 August 2013 - 10:48 PM

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
1. The OTL fixes log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1586680591-300540452-3325560610-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.condui...rchSource=2&q=" removed from keyword.URL
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{059BE16C-E06D-4481-9E79-E46B750EF0AD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{059BE16C-E06D-4481-9E79-E46B750EF0AD}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{082D00A6-7ED4-44BB-8C40-2B7EAA01CC4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{082D00A6-7ED4-44BB-8C40-2B7EAA01CC4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0E6D74CC-AA9C-4BC8-91BA-89DF11FEFAB6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E6D74CC-AA9C-4BC8-91BA-89DF11FEFAB6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1242713D-9A99-4391-93E0-9CAC261001DF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1242713D-9A99-4391-93E0-9CAC261001DF}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1DFED128-6025-4A25-A252-1DF8A8406450} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DFED128-6025-4A25-A252-1DF8A8406450}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4475F492-0DE3-4EA9-A193-037C7CF01DAF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4475F492-0DE3-4EA9-A193-037C7CF01DAF}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46B08746-ABEE-48AA-821A-0EAC16AC1F99} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46B08746-ABEE-48AA-821A-0EAC16AC1F99}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{569321AC-8964-4E6C-B998-2EB996426A60} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{569321AC-8964-4E6C-B998-2EB996426A60}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9179970D-8210-4157-A35F-1EC3A02118EC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9179970D-8210-4157-A35F-1EC3A02118EC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{984E3E03-E585-4357-A3D1-F80E18D33CB2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{984E3E03-E585-4357-A3D1-F80E18D33CB2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B583E2FE-EED2-4E52-8591-8A818E95E260} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B583E2FE-EED2-4E52-8591-8A818E95E260}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BDB7F14C-211A-4529-8CC5-6B1E39A6E63D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDB7F14C-211A-4529-8CC5-6B1E39A6E63D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CB1B9891-18CB-439F-935B-8B1E80794567} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB1B9891-18CB-439F-935B-8B1E80794567}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6316FFB-C11D-4917-99CF-FAB097AC9ACE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6316FFB-C11D-4917-99CF-FAB097AC9ACE}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EF14F474-1348-46BC-AB4F-8C6BFAE98376} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF14F474-1348-46BC-AB4F-8C6BFAE98376}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F4674C2D-9C05-408A-B39A-F35EC732868E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4674C2D-9C05-408A-B39A-F35EC732868E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E930FC56-C95C-4736-B638-5A34584457FA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E930FC56-C95C-4736-B638-5A34584457FA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC2FAB29-F812-495B-B465-18DD87B124A1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC2FAB29-F812-495B-B465-18DD87B124A1}\ not found.
========== FILES ==========
File\Folder c:\program files (x86)\windows ilivid toolbar not found.
c:\program files (x86)\AVG\AVG2012\Drivers\Win7 folder moved successfully.
c:\program files (x86)\AVG\AVG2012\Drivers\ErHr7x64 folder moved successfully.
c:\program files (x86)\AVG\AVG2012\Drivers folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\techbuddy\component folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\techbuddy folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\speedtest_sp1\component folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\speedtest_sp1 folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\speedtest\component folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\speedtest folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\mobilation_sp1\component folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\mobilation_sp1 folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\mobilation_en_sp1\component folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\mobilation_en_sp1 folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\mobilation_en\component folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\mobilation_en folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\mobilation\component folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\mobilation folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\inclient_trial\banner folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\inclient_trial folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\inclient_free_cnet\upgrade folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\inclient_free_cnet folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\inclient_free\upgrade folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\inclient_free\banner folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs\inclient_free folder moved successfully.
c:\program files (x86)\AVG\AVG2012\awacs folder moved successfully.
c:\program files (x86)\AVG\AVG2012 folder moved successfully.
c:\program files (x86)\AVG folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software folder moved successfully.
File\Folder C:\Users\Default User\AppData\Roaming\TuneUp Software not found.
C:\Users\nat and pat\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\nat and pat\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\nat and pat\AppData\Roaming\TuneUp Software folder moved successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\nat and pat\Desktop\cmd.bat deleted successfully.
C:\Users\nat and pat\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state ON /c >
Ok.
C:\Users\nat and pat\Desktop\cmd.bat deleted successfully.
C:\Users\nat and pat\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MelPC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: nat and pat
->Temp folder emptied: 115448 bytes
->Temporary Internet Files folder emptied: 3377332 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 100959924 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3149 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8406839 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 108.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08282013_231828

Files\Folders moved on Reboot...
File\Folder C:\Users\nat and pat\AppData\Local\Temp\OICE_1DB1B1F5-531C-4954-9A10-36EE5BE17070.0\3149F8D6. not found!
C:\Users\nat and pat\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


2. The AdwCleaner[S0].txt log

# AdwCleaner v3.001 - Report created 28/08/2013 at 23:26:11
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : nat and pat - STONEPC
# Running from : C:\Users\nat and pat\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Users\nat and pat\AppData\Local\Conduit
Folder Deleted : C:\Users\nat and pat\AppData\Local\cre
Folder Deleted : C:\Users\nat and pat\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\nat and pat\AppData\Local\PackageAware
Folder Deleted : C:\Users\nat and pat\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\nat and pat\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\nat and pat\AppData\Roaming\Mozilla\Firefox\Profiles\hyszd5vv.default\ConduitCommon
Folder Deleted : C:\Users\nat and pat\AppData\Roaming\Mozilla\Firefox\Profiles\hyszd5vv.default\CT2849852
Folder Deleted : C:\Users\nat and pat\AppData\Roaming\Mozilla\Firefox\Profiles\hyszd5vv.default\Extensions\{ef79f67a-6ad7-4715-a0f8-932fca442023}
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\nat and pat\AppData\Roaming\Mozilla\Firefox\Profiles\hyszd5vv.default\\invalidprefs.js
File Deleted : C:\Users\nat and pat\AppData\Roaming\Mozilla\Firefox\Profiles\hyszd5vv.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\elhjaoldnkkbifioodjndkijecdeinld
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\Software\Conduit

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\nat and pat\AppData\Roaming\Mozilla\Firefox\Profiles\hyszd5vv.default\prefs.js ]

Line Deleted : user_pref("CT2849852..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2849852..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2849852..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2849852.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2849852.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2849852.BrowserCompStateIsOpen_129642290922900978", true);
Line Deleted : user_pref("CT2849852.BrowserCompStateIsOpen_130055917983162090", true);
Line Deleted : user_pref("CT2849852.CTID", "CT2849852");
Line Deleted : user_pref("CT2849852.CurrentServerDate", "29-8-2013");
Line Deleted : user_pref("CT2849852.DSInstall", false);
Line Deleted : user_pref("CT2849852.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2849852.DialogsGetterLastCheckTime", "Mon Aug 26 2013 16:00:26 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2849852.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2849852.EMailNotifierPollDate", "Wed May 23 2012 22:14:39 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.FeedLastCount129349795937781608", 212);
Line Deleted : user_pref("CT2849852.FeedPollDate129313974171006416", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.FeedPollDate129313975698350231", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.FeedPollDate129313976370850190", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.FeedPollDate129313976648818968", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.FeedPollDate129313977444757117", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.FeedPollDate129313980389131455", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.FeedPollDate129313980655381977", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.FeedPollDate129313980886163259", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.FeedPollDate129313981234756535", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.FeedPollDate129313983226631720", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.FeedPollDate129313983607725691", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.FeedTTL129313974171006416", 10);
Line Deleted : user_pref("CT2849852.FeedTTL129313977444757117", 15);
Line Deleted : user_pref("CT2849852.FeedTTL129313980655381977", 5);
Line Deleted : user_pref("CT2849852.FeedTTL129313981234756535", 5);
Line Deleted : user_pref("CT2849852.FirstServerDate", "23-5-2012");
Line Deleted : user_pref("CT2849852.FirstTime", true);
Line Deleted : user_pref("CT2849852.FirstTimeFF3", true);
Line Deleted : user_pref("CT2849852.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2849852.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2849852.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2849852.HPInstall", false);
Line Deleted : user_pref("CT2849852.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2849852.Initialize", true);
Line Deleted : user_pref("CT2849852.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2849852.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2849852.InstallationId", "fft983E.tmp.exe");
Line Deleted : user_pref("CT2849852.InstallationType", "XPE");
Line Deleted : user_pref("CT2849852.InstalledDate", "Wed May 23 2012 22:14:39 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.IsGrouping", false);
Line Deleted : user_pref("CT2849852.IsInitSetupIni", true);
Line Deleted : user_pref("CT2849852.IsMulticommunity", false);
Line Deleted : user_pref("CT2849852.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2849852.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2849852.LanguagePackLastCheckTime", "Wed Aug 28 2013 16:30:00 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2849852.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2849852.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2849852.LastLogin_3.12.0.8", "Thu May 24 2012 06:54:21 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.LastLogin_3.12.2.3", "Wed May 30 2012 14:09:49 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2849852.LastLogin_3.13.0.6", "Mon Jul 16 2012 18:27:56 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2849852.LastLogin_3.14.1.0", "Tue Aug 28 2012 07:05:34 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2849852.LastLogin_3.15.1.0", "Tue Nov 06 2012 22:31:32 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2849852.LastLogin_3.16.0.3", "Fri Feb 08 2013 00:36:17 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT2849852.LastLogin_3.18.0.7", "Wed Jul 17 2013 00:31:44 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2849852.LastLogin_3.19.0.3", "Wed Aug 28 2013 19:45:05 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2849852.LatestVersion", "3.19.0.3");
Line Deleted : user_pref("CT2849852.Locale", "fr");
Line Deleted : user_pref("CT2849852.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2849852.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT2849852.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2849852.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2849852.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2849852.OriginalFirstVersion", "3.12.0.8");
Line Deleted : user_pref("CT2849852.SearchCaption", "BittorrentBar_FR Customized Web Search");
Line Deleted : user_pref("CT2849852.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2849852.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=2&q=");
Line Deleted : user_pref("CT2849852.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2849852.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2849852.SearchInNewTabLastCheckTime", "Wed Aug 28 2013 16:29:55 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2849852.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT2849852.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT2849852.ServiceMapLastCheckTime", "Wed Aug 28 2013 16:29:58 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2849852.SettingsLastCheckTime", "Wed Aug 28 2013 23:14:48 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2849852.SettingsLastUpdate", "1377708141");
Line Deleted : user_pref("CT2849852.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2849852&SearchSource=13");
Line Deleted : user_pref("CT2849852.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2849852.ThirdPartyComponentsLastCheck", "Wed May 23 2012 22:14:33 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.ThirdPartyComponentsLastUpdate", "1331805999");
Line Deleted : user_pref("CT2849852.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2849852.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2849852");
Line Deleted : user_pref("CT2849852.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2849852.UserID", "UN67890391229224710");
Line Deleted : user_pref("CT2849852.WeatherNetwork", "");
Line Deleted : user_pref("CT2849852.WeatherPollDate", "Wed May 23 2012 22:14:41 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.WeatherUnit", "C");
Line Deleted : user_pref("CT2849852.alertChannelId", "1241893");
Line Deleted : user_pref("CT2849852.approveUntrustedApps", false);
Line Deleted : user_pref("CT2849852.autoDisableScopes", -1);
Line Deleted : user_pref("CT2849852.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Line Deleted : user_pref("CT2849852.backendstorage.cbcountry_000", "4553");
Line Deleted : user_pref("CT2849852.backendstorage.cbfirsttime", "576564204D617920323320323031322032323A31343A343920474D542B303230302028526F6D616E6365204461796C696768742054696D6529");
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E64756974617070732E636F6D2F4D414D2F763[...]
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_appstate_easytobook", "6F6E");
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_appstatereporttime", "31333730313230393233363439");
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A225072696365476F6E67222C22637269746572696173223A5B7B2263726974657269614964223A22633630363438[...]
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_currentversion", "312E362E302E31");
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_first_time", "31");
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_lastlogintime", "31333730313230393231353432");
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E7420506F6C696379227D2C226761646765744465736372697074696F6E5072696[...]
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_settings1.6.0.1", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A223231355F2D31222C22697354657374[...]
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_showclosebutton", "74727565");
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Line Deleted : user_pref("CT2849852.backendstorage.mam_gk_userid", "32343664313139632D396235652D343166642D613736642D383237333938653630343437");
Line Deleted : user_pref("CT2849852.backendstorage.pg_enable", "74727565");
Line Deleted : user_pref("CT2849852.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
Line Deleted : user_pref("CT2849852.components.1000034", false);
Line Deleted : user_pref("CT2849852.components.1000234", false);
Line Deleted : user_pref("CT2849852.components.129349795936375318", false);
Line Deleted : user_pref("CT2849852.components.129349795937781608", false);
Line Deleted : user_pref("CT2849852.components.129349795937937859", false);
Line Deleted : user_pref("CT2849852.components.129349795937937860", false);
Line Deleted : user_pref("CT2849852.components.129431554657187564", false);
Line Deleted : user_pref("CT2849852.components.129642290922900978", false);
Line Deleted : user_pref("CT2849852.components.129791445891434790", false);
Line Deleted : user_pref("CT2849852.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2849852.globalFirstTimeInfoLastCheckTime", "Wed May 23 2012 22:14:40 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2849852.initDone", true);
Line Deleted : user_pref("CT2849852.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT2849852.myStuffEnabled", true);
Line Deleted : user_pref("CT2849852.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2849852.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2849852.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2849852.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2849852.navigateToUrlOnSearch", false);
Line Deleted : user_pref("CT2849852.revertSettingsEnabled", true);
Line Deleted : user_pref("CT2849852.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2849852.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2849852.testingCtid", "");
Line Deleted : user_pref("CT2849852.toolbarAppMetaDataLastCheckTime", "Wed Aug 28 2013 16:30:00 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT2849852.toolbarContextMenuLastCheckTime", "Wed May 23 2012 22:14:42 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CT2849852.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2849852/CT2849852", "\"622a2b448563b72934a331039c28a6213\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849852", "\"1361118198\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=fr", "y/LORlR12DbewW+JdTTXOw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=fr", "Jhg1cqt6SMZ2zk/Sj9mdqg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=fr", "Piuk0Y+XrAdQh3bNgUm5ig==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=fr", "36O4HhdlE7RKWjfvnlLR2g==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.8", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:14f1\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:151d\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:1694\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"23c5489aa686ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2849852", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=fr", "\"a4100839a7d6e78b8021f8d26edce05c\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\nat and pat\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\hyszd5vv.default\\conduitCommon\\modules\\3.12.0.8");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&q=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2849852");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2849852");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2849852");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "0e2a576e-cce8-42c7-b414-336dac934274");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849852");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed May 23 2012 22:14:43 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed May 23 2012 22:14:37 GMT+0200 (Romance Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "c09ce1e4-2722-4b48-acbf-67051db9f562");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.ca/");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2849852&SearchSource=2&q=");

-\\ Google Chrome v

[ File : C:\Users\nat and pat\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [27640 octets] - [27/08/2013 23:02:12]
AdwCleaner[R1].txt - [27399 octets] - [28/08/2013 23:25:11]
AdwCleaner[S0].txt - [27449 octets] - [28/08/2013 23:26:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27510 octets] ##########


3. The JRT.txt log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by nat and pat on 28/08/2013 at 23:30:33.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2652911
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2790392
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2849852



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\nat and pat\appdata\locallow\datamngr"
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{02546628-A622-4407-9CF3-09679EB645C1}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{025ED1B9-1970-44C0-95DB-D9A8074BCBF3}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{02D068F7-CC42-4352-BFC0-CCB16CC9AD99}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{040F44F1-07C2-44C0-BD5E-F921677AF1F8}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{04292677-57E0-4360-B6A8-E861A11F8FEE}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{065C8300-429E-4C02-A673-5413FAB742DA}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{068382CC-2FA6-4E8D-B3BB-803EBB119991}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{071D9308-F717-4287-B12F-A28BBA86ABEE}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{07A0E981-0139-48F6-A250-576ECFF5EB99}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{091EA334-5986-4A4C-91EB-929921200660}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{09825414-F29E-4841-B53C-0E63982612D1}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{0D02ED97-33CE-4823-8D4B-7ECF2E51B788}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{0D201E1A-0C3A-48DC-94F8-18F41800708D}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{0E7AF8B6-8C0A-4403-B5C9-747F70674DA7}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{0FF5DE40-E923-438C-A0D9-84A98407292E}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{1104A287-BE9C-4B70-BE17-BF05D12D9078}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{118CEFF9-6E5E-425E-94EF-253FB9C63ACA}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{1249DEDF-C0F8-47CC-B626-37F021BA5D37}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{12BC4264-0B37-4FC3-8D66-B3EE1B80A1C3}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{133CEFAA-8246-4D04-8C5C-ADD847B34ED7}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{1590485B-FABC-441C-BEF9-185BA4366019}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{18DAA4A3-5B6D-4D34-8C9E-9AE24CC7F6FC}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{19A993DD-452A-48AF-87FD-6D35980B2390}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{1E3A7201-52A7-4630-8E54-98D75EE8ED2F}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{1E91B499-C377-42A4-A891-FBE0E101CDD4}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{21DAAA74-80C9-44BD-923B-DA757B5ECABB}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{22C0D33D-FCC7-4B3D-94A0-BEF162029C44}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{23F5AD49-360C-41DB-90A5-39AB83932067}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{25EA1181-F23D-41A3-BE58-B1CF1FD4880B}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{26679A34-89CD-4FC0-AAC3-653D6C69EEB8}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{29B957A8-C4BB-48D1-BBC1-8AC3E4AD54A8}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{2B9BF585-01E2-417E-91C6-9C4A580C24B4}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{2BF2C48F-D6C9-4BC3-8AFC-D2CEB90FCC8D}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{2D3FB7B5-DB81-442C-A9EA-CDE16E16E092}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{2FA308B6-23E0-43DA-A168-D754D70D7092}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{2FF57DDE-9B79-4EF8-BBD5-5C3CBEA9BD43}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{322B1FAD-E7CA-40AB-A6F6-F942D3D9D21B}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{3380B372-82CA-4CBF-8F09-9F1363FE265F}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{340965AE-D9A6-48E8-A36C-70A2952A79BF}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{34294526-882A-497E-A86B-944684EA8475}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{372E4198-BEC2-417D-9E03-CA190915DDC5}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{3837D585-20B7-4E37-90D1-5C96A34C6FAA}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{3858E389-0D86-47FF-B592-2EA134FB06EE}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{389BA222-1D8D-473A-9D93-B11258B0258C}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{38EBA5FE-F49C-47F0-93F4-27AE42096D62}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{3920EB40-C566-43DB-8CEE-3BE2283D6C29}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{3B4EF5DC-36AD-4A93-843D-3EB529DB6012}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{3B596211-D7A9-4841-B36D-2E06FDF5DA76}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{3CBABFE9-B7D0-4FCE-8681-2A474FC0210B}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{3F5D27DF-E963-438A-BE1D-AF0AF95E29A8}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{41748B2B-94F6-465A-8BA2-C2A160841CFE}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{41C97253-F34A-42E0-8DC7-AEFC2F188174}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{421F9D57-99F9-4FDB-9B8A-B82B15F54695}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{44477250-EF8F-4AF4-AFDA-F27FE61BB157}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{44BF64FE-0C17-4587-B921-20A126DA2CC1}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{45883F56-900C-4FC8-8E3D-270200A023B0}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{4715669B-5D1E-4F1E-90B7-B7FAE7A8E45B}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{471DC7FE-FA5C-4D49-B900-07B4757515B3}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{4AB86642-97E7-4728-8781-202F23D1B49F}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{4C7DB0F2-453E-4B7E-B89A-3947AFBCE0EB}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{4E70490A-6ACB-4059-858F-EA79A7CB7BB7}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{50C5D95F-172E-493E-A55C-3CC8FDED0451}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{518DC2DB-EA5F-4283-8BE5-DECA986DC81A}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{541E2AAE-CC09-491D-81D9-AC242B58CD7A}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{5515F711-A3C9-4674-9F7B-6CDB787BD50A}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{5545771F-1CDD-4827-8EFE-56858CD9E854}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{571A8186-7B85-4C6A-87C7-C2F3544AEA69}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{591696A4-BCFE-4A1D-87F3-2F93ECA940CB}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{5939A415-1164-4070-9892-90F7943A6F80}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{59899CF5-2A48-4E61-B628-DA70D28E6067}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{59CBF066-569C-46F4-B0D6-68C92F6BC4CE}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{5BAC2901-F0AC-47B7-8DBC-53068CFD6FD3}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{5C25AA5E-971A-4F1F-A1FC-81EA445DAC54}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{5CBC927E-F239-44BE-8201-AF8D1C98FE86}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{5DE911FC-7F8C-4B27-A82A-AC58C4B150EF}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{5F8D44AB-9F4B-40A3-B3B7-0AC569941483}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{61864480-6044-4B89-8D07-066A0D87A9D4}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{64B8C80D-1F75-4537-AC12-F08F976BD89A}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{6789F7AD-56FA-4BAA-A4C3-BB096837AFA2}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{6839488E-99B4-4206-82EA-8CFFB0273177}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{691F4E4D-6163-4E4E-A400-E50D1B7AF2E4}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{69E57F54-9CAE-46CE-9DCF-A3A579295E1B}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{6A411CC4-7DDA-4DDD-B3B0-A4669801099E}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{6A4B6BDE-FBC5-4F13-B9E6-D45C0E2F7E19}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{6BB9E985-72E1-48AF-87C3-F0EA113284BD}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{6E1C6E96-1ABF-42E7-BE97-FF60909738BD}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{6E4DA62F-A81B-42D1-B16B-67270B19A6DB}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{709FA8B8-0058-4AA6-A7B6-94C98AC0517D}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{7286F463-89F5-49DB-A556-805BCDA845F3}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{737D7274-7618-43C6-9DF9-4EC9BA573E1E}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{73FF77E5-186A-4D30-A93B-EDF541F441E6}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{748D9C09-47EA-48F8-A139-E9FE72B8A9FB}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{75145985-286F-4E75-911A-8E426BD53B8F}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{7A07B749-3718-42A6-A046-AADFF822B0E5}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{7C164B58-8E98-4377-846F-020A9D7A9E1F}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{7DC000CB-F0E3-4ACE-90C0-7594AEF3C9CB}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{7E95A370-2645-441D-B0A4-4A91EB1E2B36}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{7F86EB61-B37A-4554-8541-3C1F8ECFAD28}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{839C5E50-F07F-40DD-B124-43A1754CEE09}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{83C38BE8-201E-4559-8A78-106495E2CFF0}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{8603E940-3365-45BC-B220-0DAA4F4822DF}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{872E6605-3DE9-446B-A2A0-32483A6B521F}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{87FB8983-59B7-496F-9626-C0EBF0C48950}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{898F8C1E-1B59-4311-9447-305324F85877}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{89DF4EC0-1112-4BD6-B4C0-1380081D7E3A}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{8AA4695F-9AD8-437D-9206-445882446C03}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{8BCD2139-0F4B-479A-934A-24BF747004F0}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{8BD32BB0-D18C-40E7-8335-0FC9A1B1D48B}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{8BFD36B2-4297-4C5B-8A1A-7530E56A7775}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{8D16A049-DBA8-4809-A2B9-31238BE44F66}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{8D2365EA-9FA9-497F-8009-918F3E6CA9C6}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{8E819C9A-F487-4971-AB62-202A2686F8AC}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{9045640F-986A-4635-B010-BCD455AC1590}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{928A6D35-4478-47FF-8FAF-4E5E35CE0F92}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{933D18EF-1A30-47B0-A6EF-987BB935E425}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{94393CB8-E514-4490-BE64-4945B2939377}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{9522365E-BBEE-4A77-9068-A5C0508F8177}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{98989B6D-4A02-475F-920C-EB40B814939D}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{9B60D715-F4C8-4AB1-8FDA-807D797B8E8C}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{9CABE6E2-3BD6-487E-842B-9911F9AD7683}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{9E6A5C2E-8A6F-4D51-9F4C-546C11B3769C}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{9EDD0F22-37EB-47DB-A6BD-0CB20605157D}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{A06A9F57-3A74-4C59-8DB7-772EF9E7BF11}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{A0F785E2-F250-4C99-9A61-E7DDDA479376}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{A14058D8-99DA-4EB1-A5F2-E2AE6BCFECD0}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{A146F7C5-2724-4F0D-90F4-2CE3B92D4535}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{A2B81FAA-9659-48F3-BA35-204245F50A08}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{A4A1ECB4-3706-47E2-AF08-2482823590D7}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{A4D3E40A-24B0-4DFA-A32B-17889725E8AF}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{A579F454-0B78-45CE-843E-DA9F78C09C1C}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{A5B796D0-F85A-436A-9A24-33827D5CCE87}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{A5C86111-CE45-4D2D-986A-E2091929740D}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{A661D831-6AFB-47ED-B45E-1165586CBCE0}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{AC0E00AB-1B62-4DBD-ADC0-5BDD40498402}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{AC536034-D47C-4B34-BF2D-A70FFC9A7A05}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{AD02E0A9-CEC0-449A-88DE-135E6303D6FC}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{B1DD60CA-E4DB-4307-8955-4138626131B8}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{B271A609-1DCC-4BFE-9E99-3A3470B00C0B}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{B27ECAB6-BC6D-481B-9856-C6A4B3C72191}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{B34AEB5A-EE10-4C12-8A0F-95308A22249F}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{B5EB4B7B-5C9F-4ACD-B17E-9269872EA775}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{B7C9503A-F162-416C-BD26-C77514F8D473}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{B890E9DD-BD31-4A69-9F0C-148C32694443}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{B8E2807F-8F5D-4324-8C54-8C77B8BB83D8}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{B9E81058-3342-4C77-B353-AB84ABE0EF48}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{BC26673D-3C3F-46B7-B501-8C6515A05CD1}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{BC3BF9D5-8967-4BAB-9593-B483298E1E61}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{BE95F913-096E-4346-82B3-78886E252D88}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{BF9CF9F7-890E-4295-B46A-8438A10BC016}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{BFFF42FF-7C58-4C6A-8F0D-DA1DB15C5D39}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{C111F58A-DC84-4B50-915D-8F406ADE8C22}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{C12C3CC2-056D-4542-A28B-D2DDC07E038F}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{C40CD4CD-C7E5-4BD6-9ADB-DFE02E61CAC8}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{C4D93E64-E749-433D-AB36-CA640DA07CF2}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{C5E9B250-222E-464C-92B4-B0C6EC0E16CA}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{C6210DDD-1851-434B-92B7-B30191BCF89E}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{C7456E3B-2C49-4094-B260-88313B33136F}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{C86BB79B-E150-4FD3-B46B-1E20DDBB3206}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{C9B3D602-7C69-47F1-929E-A7455B065868}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{CA7C2832-284E-4E89-A90A-41471888F2FC}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{CCA1CBB3-8D29-4EED-B6CE-CD884EF1BE68}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{CE27C6AC-4D75-4F7F-9E82-61202BA510E1}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{CE5048FB-A4CB-4806-91DF-3E61968639F4}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{CEB6B1D4-B5BA-4FA7-839F-9D6F8C8F8B2A}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{D14FDA6C-AFC3-43A5-B7AB-F60F7DD3764B}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{D1F4CECB-1735-46E9-94A1-F0CB9A91CA71}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{D37FBFB2-7622-497D-A3E2-062212F2BAB2}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{D5E46D30-5E1C-4272-B589-FB66F56851D7}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{D780123A-B414-4DF6-88BC-2AF64EB5F626}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{DC668F71-41A0-471B-A85F-DD8CF71876A0}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{DC940DF0-4638-4E8A-92D0-D6B94BBA6CA0}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{DED8BFAE-DC4F-4CE2-9AAA-FC2EE3640D5D}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{DF9BB7EC-0C5F-4624-BF73-A44177DE2434}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{E0B4869E-695B-48B2-8423-899F55F49A3A}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{E23CDF08-3AB8-4770-9577-977CBFA14D3F}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{E39551DA-8087-4AF6-BFE0-14FFAA8BA066}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{E4D5FA29-6AE5-4632-99DB-628AE429E882}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{E519D0A5-3665-4E3E-A55A-00EFA339A725}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{EAFEA2DF-31A6-496A-8513-5060EB1EFA92}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{EBF504BF-6804-4C85-9C3A-FD0F7462935B}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{ECC6FDC2-81F2-4422-8B65-3565E3CA2E38}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{ED8E0376-1FC2-4A8B-B2A1-86F656C2A1D2}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{EE61D87C-9509-4661-AC92-7EDC0F71606B}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{EFE8A1CE-2E9F-4D7D-BDAA-D998B146668E}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{EFF32B66-367A-4F8C-8B40-746D67C6804B}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{F0ABF48B-C219-44D4-969A-544CD60DAC4C}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{F3F6A529-4C00-48FC-9CE4-50AE84D6F422}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{F46301BD-96D6-49D5-9C86-F06F5C79B1D6}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{F469D6F7-D290-492D-9D3A-D56EF98FD109}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{F50C1F82-27D7-461A-9220-BE0068630129}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{F585071E-1789-4871-90AA-53860189AA9C}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{F6F7431E-3777-433A-9772-973137DA6C52}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{F83DB401-D073-4A98-B168-56FBE02B24A9}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{F87468AC-03FD-4670-A730-18B840421952}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{FCCC8E3E-B73D-4215-AA4F-D6F90881549A}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{FD5FD244-CC55-4DD8-90A8-8BC1454782C7}
Successfully deleted: [Empty Folder] C:\Users\nat and pat\appdata\local\{FED40784-3C5F-4D70-99EE-EE27D0A24E33}



~~~ FireFox

Emptied folder: C:\Users\nat and pat\AppData\Roaming\mozilla\firefox\profiles\hyszd5vv.default\minidumps [462 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/08/2013 at 23:44:29.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

4. Let me know if the AVG Remover tool ran successfully

The program ran fine until the reboot. When the computer started up again I had a browser window open but had no desktop, no menus, etc. I CTRL+Alt+Deleted to reboot a second time and after that everything appeared to be in normal working order.

5. Let me know which antivirus program you installed.

I chose MSE...it automatically ran a scan after the install and says no threats were detected.
  • 0

#9
godawgs
Posted 28 August 2013 - 11:02 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Looks like we are doing fine :D Now let's scan for any residual malware files and check for any programs that need updating.


Step-1.

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer and disable any screen saver you might have running.

Right Click the mbam-setup.exe file and click Run As Administrator, then click the Continue button on the UAC window.)
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    Posted Image
    • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
    • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-2.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image
  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-3.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The MalwareBytes log
2. The ESET log IF it found anything. IF it didn't just tell me.
3. The checkup.txt log
  • 0

#10
Steric
Posted 30 August 2013 - 07:23 AM

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.29.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
nat and pat :: STONEPC [administrator]

29/08/2013 11:59:53 AM
mbam-log-2013-08-29 (11-59-53).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 675815
Time elapsed: 3 hour(s), 40 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



ESET found nothing.



Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x64
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG Internet Security 2013
Microsoft Security Essentials
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 29
Java 7 Update 9
Java version out of Date!
Adobe Flash Player 11.8.800.94
Adobe Reader 9
Adobe Reader XI
Mozilla Firefox (23.0.1)
Google Chrome 29.0.1547.57
Google Chrome 29.0.1547.62
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 21% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

Advertisements

#11
godawgs
Posted 30 August 2013 - 10:33 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks fo the logs. They look good. We are coming down the home stretch. The SecurityCheck scan shows that we have a program to update and you hard drive needs de-fragmenting and the Security Center service needs to be checked.


Step-1.

Defragment the Hard Drive

NOTE:If you have a solid-state drive (SSD) in your computer, you do not need to defragment it. Solid-state drives, unlike regular hard drives, don't use a spinning platter to store data, and it doesn't take any extra time to read from different parts of the drive. So, defragmentation won't offer any performance increases.


  • Click the Start button from your desktop and in the Start Search box type defrag.
  • Click Disk Defragmenter under the Programs section to open the program.

    Posted Image
  • Once you open the program, the disks that are able to be defragmented will be shown under Current status (The disks in your computer may be different from the ones shown in the image below). Click the (C:\) disk to highlight it.

    Posted Image
  • Click the Defrgament disk button at the bottom of the screen to start the defragmenter. The defragmenter can take a few minutes, or a few hours, depending on the size of the disk and how much the disk is fragmented.
    Do Not use the computer during the defragmenting process.
  • When the defragmenter has finished click the Close button to close the defragmenter.
I would recommend that you use this program at least once a month to keep the hard driver defragmented.


Step-2.

Posted Image JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:If you still want to update your Java, follow the instructions below:

A.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

  • Download the latest version of the Java Runtime Environment (JRE) Version from Here or Here and save it to your desktop.
  • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 7u25
  • Click the "Download button under the JRE" column.
  • On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
  • To install the version for your system look under the Java SE Runtime Environment 7u25 heading;
    NOTE: There are some 32bit programs, like Firefox, that will not operate properly unless both the 32bit and 64bit versions of Java are installed. If you find that to be the case just go back to the Java download site and download and install the 32bit version.
    • For Windows 64bit systems, look for Windows x64 31.61MB, click the jre-7u25-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.
  • Close any programs you may have running - especially your web browser.

B.
Uninstall all versions of Java

  • Click Start > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Click to (highlight) any Java item. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
    The versions I see on the computer are:
    Java™ 6 Update 29
    Java 7 Update 9
  • Click each program and click the Remove or Change/Remove button and follow the on screen instructions for the Java uninstaller.
  • For Vista/7/8: Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
C.
Install the latest JAVA

  • Back on your desktop:
    • Double-click on the jre-7u25-windows-i586.exe or the jre-7u25-windows-x64.exe file to install the newest version.
    • Right click the jre-7u25-Windows-i586.exe or jre-7u25-windows-x64.exefile and click Run as Administrator and OK the UAC prompt to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.


Step-3.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
  • Double click the FSS.exe file to run it.
  • Right click the FSS.exe file, click Run as Administrator and OK any UAC prompts.

    Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know if the Defrag completed successfully.
2. Let me know how the Java update went if you decided to keep it.
3. The FSS.txt log
  • 0

#12
Steric
Posted 30 August 2013 - 09:05 PM

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Defrag was successful.

Uninstalled Java.

FSS log:

Farbar Service Scanner Version: 28-08-2013
Ran by nat and pat (administrator) on 30-08-2013 at 23:03:27
Running from "C:\Users\nat and pat\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#13
godawgs
Posted 31 August 2013 - 09:13 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Let's get the Security Center running. And then if there are no additional issues we will be ready to clean up our tools and I will give you some suggestions for keeping the computer safe in the future.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:FILES
sc config wscsvc start= auto
sc start wscsvc

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Re-run Farbar Service Scanner using the instructions in Step 3 of post #11


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The FSS.txt log
  • 0

#14
Steric
Posted 31 August 2013 - 05:10 PM

Steric

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder sc config wscsvc start= auto not found.
File\Folder sc start wscsvc not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MelPC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: nat and pat
->Temp folder emptied: 10378319 bytes
->Temporary Internet Files folder emptied: 7950236 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 402702691 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 519 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8481103 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 410.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08312013_180803

Files\Folders moved on Reboot...
File\Folder C:\Users\nat and pat\AppData\Local\Temp\OICE_1DB1B1F5-531C-4954-9A10-36EE5BE17070.0\3149F8D6. not found!
C:\Users\nat and pat\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\nat and pat\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...








Farbar Service Scanner Version: 28-08-2013
Ran by nat and pat (administrator) on 31-08-2013 at 18:27:27
Running from "C:\Users\nat and pat\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#15
godawgs
Posted 01 September 2013 - 11:43 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Well that was a bust, sorry. It would help if I used the proper script. Some times I think I would forget my head if it wasn't sewn on. We need to do that again cause I left a switch off :blush:


Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:FILES
sc config wscsvc start= auto /c
sc start wscsvc /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Now re-run the Farbar Service Scanner and please post the FSS.txt log in your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP