Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

System is running slow [Solved]

Started by Desexx , Sep 03 2013 07:52 PM

  • This topic is locked This topic is locked

#1
Desexx
Posted 03 September 2013 - 07:52 PM

Desexx

    Member

  • Member
  • PipPip
  • 17 posts
I am using Windows 7 and I noticed my computer has been getting slower when it loads webpages and random web pages will start to appear. I have avg antivirus, but nothing is getting picked up for viruses. I have deleted several programs on my system that I don't use, but it is still running slow. Thank you for you help in trying to solve this.
  • 0

Advertisements

#2
Nutloaf
Posted 04 September 2013 - 02:07 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello Desexx :welcome:

My name is Nutloaf, and I will be helping you with Malware Removal.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

Please read all instructions and fixes thoroughly.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
  • Any fixes provided by myself are for this log file only and cannot be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.

Finally before we start:

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean.

I strongly recommend you backup your personal files and folders.


I have a couple of scans for you to do, please follow in the order given. :thumbsup:

1. DOWNLOAD and RUN OTL
  • Using this link Download OTL and save it to your Desktop
  • If saved to another location, right click the OTL icon and Select Cut then right click on Desktop and select Paste
  • Right click the OTL icon and select Run as Administrator.
  • Make sure the following boxes are checked:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C

  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply


2. Run ADWcleaner
  • Using this link Download ADWcleaner and save to Desktop.
  • Right click ADWcleaner and Run as Administrator then select Scan
  • When the scan is complete click Report. Please post this report in your next reply.

3. Security Check
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I want to see in your next post.
  • OTL.txt
  • Extras.txt
  • checkup.txt

  • 0

#3
Desexx
Posted 04 September 2013 - 08:18 PM

Desexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL logfile created on: 9/4/2013 9:55:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Desmond\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 52.66% Memory free
5.21 Gb Paging File | 3.40 Gb Available in Paging File | 65.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.06 Gb Total Space | 247.56 Gb Free Space | 87.15% Space Free | Partition Type: NTFS
Drive D: | 13.73 Gb Total Space | 1.71 Gb Free Space | 12.46% Space Free | Partition Type: NTFS

Computer Name: DESMOND-HP | User Name: Desmond | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/04 21:49:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Desmond\Downloads\OTL.exe
PRC - [2013/09/01 20:34:28 | 002,314,416 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/09/01 20:34:28 | 001,643,184 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
PRC - [2013/09/01 20:34:28 | 000,161,968 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
PRC - [2013/08/31 15:12:05 | 000,107,520 | ---- | M] () -- C:\Users\Desmond\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2013/08/27 19:25:37 | 001,861,512 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
PRC - [2013/08/14 13:55:20 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/05/08 02:18:34 | 002,852,640 | ---- | M] (Conduit) -- C:\Users\Desmond\AppData\Roaming\SearchProtect\bin\cltmng.exe
PRC - [2013/05/08 02:18:34 | 000,097,056 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/04/22 06:01:06 | 000,342,608 | ---- | M] (PCRx.com, LLC) -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe
PRC - [2013/02/05 11:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2011/02/09 20:57:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/04 19:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/12/27 20:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/12/13 15:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/11/18 15:57:28 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/11/09 18:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/01 20:34:28 | 002,314,416 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/09/01 20:34:28 | 000,521,904 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll
MOD - [2013/09/01 20:34:28 | 000,144,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll
MOD - [2013/08/27 19:25:36 | 016,166,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/08/14 13:55:37 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/11/18 16:09:10 | 001,699,384 | ---- | M] () -- C:\Users\Desmond\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/11/18 15:57:42 | 012,284,984 | ---- | M] () -- C:\Users\Desmond\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/03/04 15:50:26 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/04 15:44:40 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 17:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 09:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/09/01 20:34:28 | 001,643,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
SRV - [2013/08/31 15:12:05 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Desmond\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/08/27 19:33:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 13:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/08 02:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/04/22 06:01:06 | 000,342,608 | ---- | M] (PCRx.com, LLC) [Auto | Running] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/02/04 19:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/12/27 20:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/01 20:34:28 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/10 01:32:38 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/05 03:16:20 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/04 18:01:18 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/04 15:16:48 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/01 21:54:36 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/02/15 15:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/02/09 20:58:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/20 20:20:02 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/29 08:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 22:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/11 22:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEBA1484-C34F-426C-8959-43E4C7B24718}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...6C-3AD515BE0F24
IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\URLSearchHook: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\SearchScopes,DefaultScope = {EEBA1484-C34F-426C-8959-43E4C7B24718}
IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\SearchScopes\{7AD1CC1D-E9CF-4D08-AD96-D30F2B5C9F25}: "URL" = http://search.condui...q={searchTerms}
IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....sa&d=2013-08-31 15:12:38&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\SearchScopes\{EEBA1484-C34F-426C-8959-43E4C7B24718}: "URL" = http://search.condui...6301277692&UM=2
IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118

========== FireFox ==========

FF - prefs.js..CT3291325.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...C-3AD515BE0F24"
FF - prefs.js..extensions.enabledAddons: %7B647A4E19-382A-45F2-A893-89D27E06A836%7D:5.0
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.5.0.2
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.11.0.13348
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "http://search.condui...126187&UM=2&q="

FF - user.js..: 0user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);user_pref('network.proxy.type', 5);

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.5.0.2 [2013/09/01 20:35:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/08/27 15:52:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Desmond\AppData\Roaming\Mozilla\Extensions
[2013/09/01 07:04:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\extensions
[2013/08/30 04:33:50 | 000,000,000 | ---D | M] (WebProtect) -- C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\extensions\{647A4E19-382A-45F2-A893-89D27E06A836}
[2013/08/31 15:16:34 | 000,001,096 | ---- | M] () -- C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\searchplugins\keybar-112-customized-web-search.xml
[2013/08/31 15:16:07 | 000,002,036 | ---- | M] () -- C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\searchplugins\search.xml
[2013/09/03 04:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/03 04:52:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/30 04:34:23 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/09/03 04:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/03 04:52:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/27 15:51:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/01 20:35:09 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\PROGRAMDATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\15.5.0.2

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (MixiDJ V30 Toolbar) - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll (Conduit Ltd.)
O2 - BHO: (Web Protect) - {2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} - C:\Program Files (x86)\Web Protect\WebProtect.dll (WebProtect)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Desmond\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Desmond\AppData\Local\DefineExt\temp.dat ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MixiDJ V30 Toolbar) - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\Toolbar\WebBrowser: (MixiDJ V30 Toolbar) - {1122B43D-30EE-403F-9BFA-3CC99B0CADDD} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [24x7HELP] C:\Program Files (x86)\24x7Help\App24x7Help.exe (Crawler, LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Privoxy] C:\Program Files (x86)\privoxy\starthelp.exe ()
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001..\Run: [SearchProtect] C:\Users\Desmond\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{779A4D6A-C7C4-46D5-BD9B-AD9AF33CB35B}: DhcpNameServer = 192.168.96.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D515D735-2E64-4DCD-AF45-DFBA4A926090}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/04 12:11:39 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\{18AE3DB4-1716-4CB0-85BA-179DC0640025}
[2013/09/04 12:11:32 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Windows Live Writer
[2013/09/04 12:11:32 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Windows Live Writer
[2013/09/03 04:52:22 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Skype
[2013/09/03 04:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/09/03 04:51:45 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/09/03 04:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/09/03 04:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/09/01 07:34:12 | 000,000,000 | ---D | C] -- C:\Users\Desmond\Desktop\games
[2013/08/31 15:12:51 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\AVG SafeGuard toolbar
[2013/08/31 15:12:35 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/08/31 15:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/08/31 15:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/08/31 15:12:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/08/31 15:12:05 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\DefaultTab
[2013/08/31 15:11:40 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
[2013/08/31 15:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer
[2013/08/31 15:00:59 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\24x7 Help
[2013/08/31 15:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
[2013/08/31 15:00:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\24x7Help
[2013/08/30 14:38:16 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\CrashDumps
[2013/08/30 04:35:45 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\SkypeTalking
[2013/08/30 04:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypeTalking
[2013/08/30 04:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SkypeTalking
[2013/08/30 04:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2013/08/30 04:34:48 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Programs
[2013/08/30 04:34:32 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
[2013/08/30 04:34:19 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\DefineExt
[2013/08/30 04:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\privoxy
[2013/08/30 04:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Protect
[2013/08/30 04:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/08/30 04:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixiDJ_V30
[2013/08/30 04:32:16 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Conduit
[2013/08/30 04:31:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/08/30 04:31:42 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\SearchProtect
[2013/08/29 04:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/08/28 22:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/08/28 03:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/08/28 03:01:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/08/28 03:01:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/08/27 19:28:28 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Macromedia
[2013/08/27 19:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/08/27 19:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/08/27 19:25:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/08/27 19:24:44 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Adobe
[2013/08/27 18:34:26 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/08/27 17:24:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/27 16:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/08/27 16:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/08/27 16:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/08/27 16:04:41 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\AVG2013
[2013/08/27 16:03:16 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\TuneUp Software
[2013/08/27 16:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/08/27 16:02:58 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/08/27 16:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/08/27 16:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/08/27 15:58:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/08/27 15:58:09 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Avg2013
[2013/08/27 15:58:08 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\MFAData
[2013/08/27 15:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/08/27 15:51:52 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Mozilla
[2013/08/27 15:51:52 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Mozilla
[2013/08/27 15:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/08/27 15:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/08/27 15:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/27 15:50:28 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\AMD
[2013/08/27 15:50:04 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\ATI
[2013/08/27 15:50:04 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\ATI
[2013/08/27 15:49:59 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\PictureMover
[2013/08/27 15:49:45 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Macromedia
[2013/08/27 15:49:43 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Adobe
[2013/08/27 15:48:59 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\hpqLog
[2013/08/27 15:48:58 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Synaptics
[2013/08/27 15:48:39 | 000,000,000 | R--D | C] -- C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/08/27 15:48:39 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Searches
[2013/08/27 15:48:39 | 000,000,000 | R--D | C] -- C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/08/27 15:48:38 | 000,000,000 | -H-D | C] -- C:\Users\Desmond\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/08/27 15:48:30 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Identities
[2013/08/27 15:48:28 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Contacts
[2013/08/27 15:47:46 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\RemEngine
[2013/08/27 15:43:18 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Hewlett-Packard
[2013/08/27 15:42:53 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\hewlett-packard
[2013/08/27 15:42:52 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Hewlett-Packard_Company
[2013/08/27 15:40:32 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\VirtualStore
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\AppData\Local\Temporary Internet Files
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Templates
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Start Menu
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\SendTo
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Recent
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\PrintHood
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\NetHood
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Documents\My Videos
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Documents\My Pictures
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Documents\My Music
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\My Documents
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Local Settings
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\AppData\Local\History
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Cookies
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Application Data
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\AppData\Local\Application Data
[2013/08/27 15:40:13 | 000,000,000 | --SD | C] -- C:\Users\Desmond\AppData\Roaming\Microsoft
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Videos
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Saved Games
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Pictures
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Music
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Links
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Favorites
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Downloads
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Documents
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Desktop
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/08/27 15:40:13 | 000,000,000 | -H-D | C] -- C:\Users\Desmond\AppData
[2013/08/27 15:40:13 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Temp
[2013/08/27 15:40:13 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Microsoft
[2013/08/27 15:40:13 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2013/09/04 21:43:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/04 21:43:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/04 15:55:08 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDESMOND-HP$.job
[2013/09/04 12:12:03 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/04 12:12:03 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/04 12:02:18 | 2097,340,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/03 04:51:46 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/09/02 12:24:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/09/02 10:53:23 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDesmond.job
[2013/09/01 20:35:11 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/09/01 20:34:28 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/09/01 20:34:19 | 000,000,258 | RHS- | M] () -- C:\Users\Desmond\ntuser.pol
[2013/09/01 01:45:19 | 000,740,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/01 01:45:19 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/01 01:45:19 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/31 15:11:40 | 000,001,049 | ---- | M] () -- C:\Users\Desmond\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
[2013/08/31 15:11:39 | 000,001,025 | ---- | M] () -- C:\Users\Desmond\Desktop\FLV Player.lnk
[2013/08/31 15:00:07 | 000,000,009 | ---- | M] () -- C:\END
[2013/08/28 22:35:52 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/08/28 22:35:50 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/08/28 03:07:26 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/08/28 03:07:24 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/08/27 18:51:44 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/08/27 18:50:52 | 000,277,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/27 18:36:52 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/08/27 18:36:52 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/08/27 16:03:16 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/08/27 15:51:44 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/08/27 15:49:33 | 000,001,441 | ---- | M] () -- C:\Users\Desmond\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/09/03 04:51:45 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/09/02 12:24:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/09/02 00:42:21 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDesmond.job
[2013/08/31 15:12:23 | 000,003,725 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/08/31 15:12:17 | 000,000,258 | RHS- | C] () -- C:\Users\Desmond\ntuser.pol
[2013/08/31 15:11:39 | 000,001,049 | ---- | C] () -- C:\Users\Desmond\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
[2013/08/31 15:11:39 | 000,001,025 | ---- | C] () -- C:\Users\Desmond\Desktop\FLV Player.lnk
[2013/08/30 04:31:22 | 000,000,009 | ---- | C] () -- C:\END
[2013/08/28 03:07:26 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/08/28 03:07:24 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/08/27 19:25:42 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/08/27 19:25:42 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/08/27 19:25:38 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/27 18:51:44 | 000,002,489 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/08/27 18:34:20 | 2097,340,416 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/27 17:50:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/08/27 17:06:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/08/27 16:03:16 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/08/27 15:55:21 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDESMOND-HP$.job
[2013/08/27 15:51:44 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/08/27 15:51:43 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/08/27 15:49:33 | 000,001,441 | ---- | C] () -- C:\Users\Desmond\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/27 15:48:40 | 000,001,417 | ---- | C] () -- C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/08/27 15:43:05 | 000,002,196 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk
[2013/08/27 15:43:04 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2013/08/27 15:43:04 | 000,002,272 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
[2013/08/27 15:43:04 | 000,001,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install Rhapsody.lnk
[2013/08/27 15:43:03 | 000,002,272 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/08/27 15:40:13 | 000,000,290 | ---- | C] () -- C:\Users\Desmond\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/08/27 15:40:13 | 000,000,272 | ---- | C] () -- C:\Users\Desmond\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/09/23 18:21:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/23 18:13:40 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/31 15:00:59 | 000,000,000 | ---D | M] -- C:\Users\Desmond\AppData\Roaming\24x7 Help
[2013/08/27 16:04:41 | 000,000,000 | ---D | M] -- C:\Users\Desmond\AppData\Roaming\AVG2013
[2013/08/31 15:12:05 | 000,000,000 | ---D | M] -- C:\Users\Desmond\AppData\Roaming\DefaultTab
[2013/08/27 15:50:06 | 000,000,000 | ---D | M] -- C:\Users\Desmond\AppData\Roaming\PictureMover
[2013/08/31 15:00:44 | 000,000,000 | ---D | M] -- C:\Users\Desmond\AppData\Roaming\SearchProtect
[2013/08/27 15:48:58 | 000,000,000 | ---D | M] -- C:\Users\Desmond\AppData\Roaming\Synaptics
[2013/08/27 16:03:16 | 000,000,000 | ---D | M] -- C:\Users\Desmond\AppData\Roaming\TuneUp Software
[2013/09/04 12:11:32 | 000,000,000 | ---D | M] -- C:\Users\Desmond\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 23:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 23:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 23:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 23:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 23:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 76A5-49D7
Directory of C:\
07/14/2009 01:08 AM <JUNCTION> Documents and Settings [D:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 01:08 AM <JUNCTION> Application Data [D:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Desktop [D:\Users\Public\Desktop]
07/14/2009 01:08 AM <JUNCTION> Documents [D:\Users\Public\Documents]
07/14/2009 01:08 AM <JUNCTION> Favorites [D:\Users\Public\Favorites]
07/14/2009 01:08 AM <JUNCTION> Start Menu [D:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [D:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 01:08 AM <SYMLINKD> All Users [D:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [D:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 01:08 AM <JUNCTION> Application Data [D:\Users\Default\AppData\Roaming]
07/14/2009 01:08 AM <JUNCTION> Cookies [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 01:08 AM <JUNCTION> Local Settings [D:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> My Documents [D:\Users\Default\Documents]
07/14/2009 01:08 AM <JUNCTION> NetHood [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 01:08 AM <JUNCTION> PrintHood [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 01:08 AM <JUNCTION> Recent [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 01:08 AM <JUNCTION> SendTo [D:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 01:08 AM <JUNCTION> Start Menu [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 01:08 AM <JUNCTION> Templates [D:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 01:08 AM <JUNCTION> Application Data [D:\Users\Default\AppData\Local]
07/14/2009 01:08 AM <JUNCTION> History [D:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [D:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [D:\Users\Default\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [D:\Users\Default\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [D:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Desmond
08/27/2013 03:40 PM <JUNCTION> Application Data [C:\Users\Desmond\AppData\Roaming]
08/27/2013 03:40 PM <JUNCTION> Cookies [C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Cookies]
08/27/2013 03:40 PM <JUNCTION> Local Settings [C:\Users\Desmond\AppData\Local]
08/27/2013 03:40 PM <JUNCTION> My Documents [C:\Users\Desmond\Documents]
08/27/2013 03:40 PM <JUNCTION> NetHood [C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/27/2013 03:40 PM <JUNCTION> PrintHood [C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/27/2013 03:40 PM <JUNCTION> Recent [C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Recent]
08/27/2013 03:40 PM <JUNCTION> SendTo [C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\SendTo]
08/27/2013 03:40 PM <JUNCTION> Start Menu [C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu]
08/27/2013 03:40 PM <JUNCTION> Templates [C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Desmond\AppData\Local
08/27/2013 03:40 PM <JUNCTION> Application Data [C:\Users\Desmond\AppData\Local]
08/27/2013 03:40 PM <JUNCTION> History [C:\Users\Desmond\AppData\Local\Microsoft\Windows\History]
08/27/2013 03:40 PM <JUNCTION> Temporary Internet Files [C:\Users\Desmond\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Desmond\Documents
08/27/2013 03:40 PM <JUNCTION> My Music [C:\Users\Desmond\Music]
08/27/2013 03:40 PM <JUNCTION> My Pictures [C:\Users\Desmond\Pictures]
08/27/2013 03:40 PM <JUNCTION> My Videos [C:\Users\Desmond\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 01:08 AM <JUNCTION> My Music [D:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [D:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [D:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
44 Dir(s) 265,807,646,720 bytes free

< End of report >
  • 0

#4
Desexx
Posted 04 September 2013 - 08:19 PM

Desexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL Extras logfile created on: 9/4/2013 9:55:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Desmond\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 52.66% Memory free
5.21 Gb Paging File | 3.40 Gb Available in Paging File | 65.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.06 Gb Total Space | 247.56 Gb Free Space | 87.15% Space Free | Partition Type: NTFS
Drive D: | 13.73 Gb Total Space | 1.71 Gb Free Space | 12.46% Space Free | Partition Type: NTFS

Computer Name: DESMOND-HP | User Name: Desmond | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4028401963-1350536223-1940162752-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C2BC82B-575E-422C-B27D-094DB5EC3749}" = lport=137 | protocol=17 | dir=in | app=system |
"{108FA356-9971-4C57-85C5-DA130C0FEC0F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{161C85B6-D2BF-4B5D-B6D5-F47ABF27EA78}" = lport=139 | protocol=6 | dir=in | app=system |
"{2C186A36-2965-48DA-A038-034EE9700CD5}" = rport=137 | protocol=17 | dir=out | app=system |
"{342D81B9-4937-4258-A80B-99D90ACD6B73}" = lport=445 | protocol=6 | dir=in | app=system |
"{390634AA-C069-4ACD-B8D9-020164A3586B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3DBBA161-046E-4301-8F5C-18EBD600D714}" = rport=139 | protocol=6 | dir=out | app=system |
"{40A54AB7-40E7-49EC-AB2D-9A8E99D768E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4848711D-2B2E-4081-9ED8-879E632B9D17}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{626C83A3-F16E-48E6-B07D-5A19F68DC25E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7983D1A7-7AD8-41BB-97BC-624B2CF5FB79}" = rport=445 | protocol=6 | dir=out | app=system |
"{87014C7B-3AC2-47B8-A2CC-1891B9DF142E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8F410E7F-CC8F-4164-8F15-33D0D6A7A16E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AB8751CE-3265-41EC-B63E-4EC5742CF73F}" = rport=138 | protocol=17 | dir=out | app=system |
"{C1B5235E-97C9-40D8-AD8C-C0367F22BAAD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D1568795-8D4F-4E34-9430-B7A9B9A32010}" = lport=138 | protocol=17 | dir=in | app=system |
"{DB11F98A-5B84-41CB-8A8B-9F503288AEA0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DF5FF8E9-5382-4EE6-8270-3AFE325D1C55}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2533D08-24DC-4B55-B6D7-CB950FFAA197}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E72E65B8-67BA-4B66-8FF7-3F26F338580E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA5A80D7-9414-4CAA-8C29-8E3675C39269}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F12581EF-E301-4311-A25A-4CBCB854F105}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F395052C-63C9-43FB-A88E-738948EFBF91}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B49BFA9-D73F-4A9A-A63F-F3600D0E0691}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{0F9C9E91-BF09-4336-BED2-D67BE0B5EB7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1605D315-3C57-451B-A246-CD2C112E79B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E136185-32FB-4C69-8C13-FF5F4F09FC0B}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{24B39FCC-FF30-4AF2-9937-20BA5948C2C7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2C8FAA16-A1D4-471E-A167-68627EF87581}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3243DD4B-981A-49D7-B9F9-1BCC13C2C881}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{3727073B-2269-4BA0-8124-AC34BDF6AD1E}" = protocol=1 | dir=in | [email protected],-28543 |
"{38C73364-B5A9-4F26-A6CF-F3EE7D53F742}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{3ED2DAAE-5DFC-4059-B668-8AA36F187FA2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{43C9B335-2A53-4FFA-9F26-299F6FD51CCF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{451CAF5A-A004-45C1-8630-C37DE1CB0BC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A2EF48F-311D-4088-8F3E-D443B415B463}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{55C21533-EC29-4406-AC7E-DBC7DD81C967}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{55E03F74-FD61-4F56-A04A-983334333B79}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{628005E5-B97F-4C02-B097-3588575431FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7033E680-0064-4252-A423-27A7D1B8F601}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{705F8038-6B92-4132-9939-E6269CDC7FAF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{79CC3DF4-B08D-4E0C-B97B-CA46F5294175}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7ACCA272-2758-456E-B9F2-9785E53487B4}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{971D72F0-EEE9-4AA4-B4B7-093BFE42F958}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{9E3B031B-AB16-4679-85F2-0F9726416F58}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ABF50B41-6DB0-4DEA-90C7-B89A4A538D37}" = protocol=58 | dir=out | [email protected],-28546 |
"{AED94A86-76DC-4647-9505-4134AF4FC9DB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{BC129D93-6ED9-4A78-B9F1-3350815C7D5D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF99004D-0F89-4B1B-A22B-298A3BB9E3C6}" = protocol=6 | dir=out | app=system |
"{C3456084-3FEA-437D-8F8C-FE7D9B3FDBB8}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{C5CF379E-D787-462E-BE37-25B3B054551E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CA32A252-0BF2-45CC-A46F-52A97DB29F4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CCDC23D5-06BD-4549-BC28-23703E146F64}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D7D1F46F-63FD-479B-9BAE-B6828BA714CB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{DEA77884-E63B-4E29-99B0-5DC2021EB116}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E158EF8D-5A3E-424E-A6A3-19F69075CA71}" = protocol=58 | dir=in | [email protected],-28545 |
"{E4E8F455-7ADE-4391-BAC5-4C5C627CCAD0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{E66255F8-664A-42FF-AF3A-56F9ED58245C}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{E702F9C4-F9EC-4894-B68D-CB3F9E48AC30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F7E766A5-57EB-436F-AC9A-311FECFF0BEF}" = protocol=1 | dir=out | [email protected],-28544 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java™ 6 Update 22 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}" = AVG 2013
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6B02D047-A56D-4994-B1F1-53DA6B9885AB}" = AVG 2013
"{6E6BEFE9-0AFF-C09F-24A8-AA1CB05869BF}" = WMV9/VC-1 Video Playback
"{76A7DF87-2F94-A068-96B1-D5A392B785E1}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1250C3B-8953-8A3F-9FCF-D43BB6AE0051}" = AMD Fuel
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E04A3037-2F82-C518-D6CA-A63497D3872F}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212A6F92-4871-4BD9-8E4F-F876595DE899}" = HP Documentation
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{26C4E5F1-314C-F3DF-2294-3685BF5F9E05}" = CCC Help Czech
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B37422F-1A58-4138-AB02-0DD9035C02C6}" = HP Setup
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.7
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F1042D-1423-81C6-299B-C21FAB216F93}" = CCC Help Italian
"{6137C043-93EA-6769-90EA-01E87B041117}" = CCC Help Norwegian
"{6265A4F4-91FE-FFEC-1ECA-E5639B80ECB3}" = CCC Help French
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{657BD928-2C0B-7EFA-7740-DE8BC937FEF4}" = CCC Help Thai
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E30DB0-A342-F453-D14D-827B454A9E4A}" = CCC Help Swedish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6833708F-D07C-34AA-B195-698FA0C8879C}" = CCC Help Polish
"{687DB473-1A0F-5B1D-D0E0-A73258207AB2}" = ccc-core-static
"{69852A68-B797-4314-91E6-4D550CB4A2F6}" = Blio
"{6C92846D-67BA-5B17-38F4-E1318A0272B7}" = CCC Help Greek
"{6D437C07-418F-9E01-96EB-DC55F780A198}" = CCC Help Turkish
"{710E96D5-98A1-6732-8768-8F4ACCA520C1}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{9299A9E5-4A0F-C936-76BD-62BCBD38CC21}" = CCC Help English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{9B04A7CC-F80E-72C6-8B9E-83A88A5B479B}" = CCC Help Japanese
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6A200F-90D7-F262-9639-16D640298E32}" = CCC Help Finnish
"{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}" = HP Support Assistant
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A37E63B7-29E5-CAF4-A81D-0A67946924E0}" = Catalyst Control Center Graphics Previews Common
"{A5449F23-80E8-04D2-EB41-7BE229CCB37B}" = Catalyst Control Center InstallProxy
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1" = 24x7 Help
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B97E3520-C726-475E-BC0C-7561952633AB}" = HP Power Manager
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C0838AAC-DF3E-5865-88D3-E43864E2B065}" = CCC Help Korean
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C257F891-7975-979B-3EDD-D3E74F1F583B}" = CCC Help Hungarian
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CBD74B80-E1A2-08A1-69D9-DE37BFA265EF}" = CCC Help German
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA26698F-3E4F-FBAE-8219-5C3D3C1ECA92}" = CCC Help Spanish
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E13D5C1F-EA6D-E340-85A9-0EA7221F31E9}" = CCC Help Danish
"{E1D1E335-C6CE-C9A5-12B8-587D561E8B30}" = Catalyst Control Center Localization All
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3FE0FA5-D813-14AB-DE7B-594257E9550B}" = CCC Help Chinese Traditional
"{E774EEC0-18E6-49C8-A271-07654C0A2047}" = Catalyst Control Center - Branding
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0C4AAC9-C7B6-59B3-789D-D2CA4E0CFCD1}" = CCC Help Dutch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5468CFB-F146-12D8-913B-513145180028}" = CCC Help Russian
"{FA2509E9-7197-8FB8-B35E-090A4F81CA6A}" = CCC Help Chinese Standard
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"DefaultTab" = DefaultTab
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"McAfee Security Scan" = McAfee Security Scan Plus
"MixiDJ_V30 Toolbar" = MixiDJ V30 Toolbar
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"SearchProtect" = Search Protect by conduit
"SkypeTalking_is1" = SkypeTalking 0.9.6
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"wp-adk" = Web Protect for Windows
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZumoDrive" = HP CloudDrive

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4028401963-1350536223-1940162752-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Define Ext" = Define Ext
"FLV Player" = FLV Player

========== Last 20 Event Log Errors ==========

[ HP Wireless Assistant Events ]
Error - 8/27/2013 3:44:05 PM | Computer Name = Desmond-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/27/2013 3:45:10 PM | Computer Name = Desmond-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/27/2013 3:46:16 PM | Computer Name = Desmond-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/27/2013 3:47:21 PM | Computer Name = Desmond-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/27/2013 3:48:26 PM | Computer Name = Desmond-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/27/2013 3:49:31 PM | Computer Name = Desmond-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/27/2013 3:50:37 PM | Computer Name = Desmond-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/27/2013 3:51:42 PM | Computer Name = Desmond-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/27/2013 3:52:47 PM | Computer Name = Desmond-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 8/27/2013 6:54:06 PM | Computer Name = Desmond-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ System Events ]
Error - 8/31/2013 3:01:28 PM | Computer Name = Desmond-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 8/31/2013 3:03:25 PM | Computer Name = Desmond-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 8/31/2013 6:37:33 PM | Computer Name = Desmond-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 8/31/2013 6:37:33 PM | Computer Name = Desmond-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 9/1/2013 1:40:19 AM | Computer Name = Desmond-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the AMD FUEL Service service.

Error - 9/1/2013 1:48:56 AM | Computer Name = Desmond-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 9/1/2013 7:38:24 AM | Computer Name = Desmond-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 9/1/2013 8:33:40 PM | Computer Name = Desmond-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 9/1/2013 8:34:23 PM | Computer Name = Desmond-HP | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 9/2/2013 3:01:12 AM | Computer Name = Desmond-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5


< End of report >
  • 0

#5
Desexx
Posted 04 September 2013 - 08:26 PM

Desexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
# AdwCleaner v3.002 - Report created 04/09/2013 at 22:21:50
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Desmond - DESMOND-HP
# Running from : C:\Users\Desmond\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : 24x7HelpSvc
Service Found : CltMngSvc
Service Found : DefaultTabUpdate

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\\invalidprefs.js
File Found : C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\searchplugins\search.xml
File Found : C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\user.js
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\MixiDJ_V30
Folder Found C:\Program Files (x86)\MixiDJ_V30
Folder Found C:\Program Files (x86)\optimizer pro
Folder Found C:\Program Files (x86)\SearchProtect
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 help
Folder Found C:\Users\Desmond\AppData\Local\Conduit
Folder Found C:\Users\Desmond\AppData\Local\DefineExt
Folder Found C:\Users\Desmond\AppData\LocalLow\Conduit
Folder Found C:\Users\Desmond\AppData\LocalLow\MixiDJ_V30
Folder Found C:\Users\Desmond\AppData\LocalLow\MixiDJ_V30
Folder Found C:\Users\Desmond\AppData\LocalLow\PriceGong
Folder Found C:\Users\Desmond\AppData\Roaming\24x7 help
Folder Found C:\Users\Desmond\AppData\Roaming\DefaultTab
Folder Found C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\Smartbar
Folder Found C:\Users\Desmond\AppData\Roaming\SearchProtect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\24x7help
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\AppDataLow\Software\MixiDJ_V30
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\SearchProtect
Key Found : [x64] HKCU\Software\24x7help
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Default Tab
Key Found : [x64] HKCU\Software\DefaultTab
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\SearchProtect
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\24x7help
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DAA6D527-6513-453E-A4E6-DA2BFA6C7A75}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B9EF4E3-2F5A-406F-858A-CFCA5DE75DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B888836E-05C7-4D17-A57D-987FE39BA31F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DAA6D527-6513-453E-A4E6-DA2BFA6C7A75}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V30 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\Software\MixiDJ_V30
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\SearchProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{865D7100-82C7-42F4-9C06-860DEC0871B2}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SearchProtect]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [24x7HELP]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN16079976301277692&UM=2&UP=SP4032221B-37C7-486C-9C6C-3AD515BE0F24

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\prefs.js ]

Line Found : user_pref("CT3291325.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3291325.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Found : user_pref("CT3291325.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3291325.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3291325.FirstTime", "true");
Line Found : user_pref("CT3291325.FirstTimeFF3", "true");
Line Found : user_pref("CT3291325.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&SearchSource=2&CUI=UN45701732927126187&UM=2&q=");
Line Found : user_pref("CT3291325.UserID", "UN45701732927126187");
Line Found : user_pref("CT3291325.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3291325.browser.search.defaultthis.engineName", true);
Line Found : user_pref("CT3291325.countryCode", "US");
Line Found : user_pref("CT3291325.defaultSearch", "true");
Line Found : user_pref("CT3291325.embeddedsData", "[{\"appId\":\"130075605210846225\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3291325.enableAlerts", "true");
Line Found : user_pref("CT3291325.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3291325.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3291325.fixPageNotFoundError", "true");
Line Found : user_pref("CT3291325.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3291325.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3291325.fullUserID", "UN45701732927126187.IN.20130831150024");
Line Found : user_pref("CT3291325.installId", "stub.exe");
Line Found : user_pref("CT3291325.installType", "conduitnsisintegration");
Line Found : user_pref("CT3291325.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3291325.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3291325.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3291325.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3291325.keyword", true);
Line Found : user_pref("CT3291325.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3291325&octid=CT3291325&SearchSource=15&CUI=UN45701732927126187&SSPV=&Lay=1&UM=2\"}");
Line Found : user_pref("CT3291325.lastVersion", "10.19.2.505");
Line Found : user_pref("CT3291325.mam_gk_appStateReportTime.enc", "MTM3Nzk3NjU4MzU1MQ==");
Line Found : user_pref("CT3291325.mam_gk_appState_ACplus.enc", "b24=");
Line Found : user_pref("CT3291325.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3291325.mam_gk_appState_Discover.enc", "b24=");
Line Found : user_pref("CT3291325.mam_gk_appState_Easytobook.enc", "b24=");
Line Found : user_pref("CT3291325.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Found : user_pref("CT3291325.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Found : user_pref("CT3291325.mam_gk_appState_Infolinks_search.enc", "b24=");
Line Found : user_pref("CT3291325.mam_gk_appState_JobsMiner.enc", "b24=");
Line Found : user_pref("CT3291325.mam_gk_appState_Piclickuitest1.enc", "b24=");
Line Found : user_pref("CT3291325.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3291325.mam_gk_appState_WindowShopper.enc", "b24=");
Line Found : user_pref("CT3291325.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
Line Found : user_pref("CT3291325.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3291325.mam_gk_calledSetupService.enc", "MQ==");
Line Found : user_pref("CT3291325.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkpvYnNNaW5lciIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6ImVhOWU4MGI0LTkzNTAtNDE5OC04OTg2LTI4ZTNjMTcxZmYxYiIsImRvbWFpbnMiOls[...]
Line Found : user_pref("CT3291325.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Found : user_pref("CT3291325.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Found : user_pref("CT3291325.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3291325.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Found : user_pref("CT3291325.mam_gk_lastLoginTime.enc", "MTM3Nzk3NjU4Mzc5Ng==");
Line Found : user_pref("CT3291325.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Found : user_pref("CT3291325.mam_gk_new_welcome_experience.enc", "MQ==");
Line Found : user_pref("CT3291325.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3291325.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTYzXzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI6IlVTIiwiaXNXZWxjb21lRXhw[...]
Line Found : user_pref("CT3291325.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3291325.mam_gk_userId.enc", "MTc3ZjQ3NTctYTEyZC00OWU2LWE4OTMtODVkNGYxYmQwYzA3");
Line Found : user_pref("CT3291325.mam_gk_user_approval_interacted.enc", "MQ==");
Line Found : user_pref("CT3291325.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Found : user_pref("CT3291325.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://KeyBar112.OurToolbar.com/[...]
Line Found : user_pref("CT3291325.openThankYouPage", "false");
Line Found : user_pref("CT3291325.openUninstallPage", "true");
Line Found : user_pref("CT3291325.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Line Found : user_pref("CT3291325.originalSearchAddressUrl", false);
Line Found : user_pref("CT3291325.originalSearchEngine", "Google");
Line Found : user_pref("CT3291325.originalSearchEngineName", "Google");
Line Found : user_pref("CT3291325.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3291325.revertSettingsEnabled", "false");
Line Found : user_pref("CT3291325.search.searchAppId", "130075605210846225");
Line Found : user_pref("CT3291325.search.searchCount", "0");
Line Found : user_pref("CT3291325.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3291325.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3291325.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3291325.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3291325.searchUserMode", "2");
Line Found : user_pref("CT3291325.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3291325.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3291325.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3291325.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3291325\"}");
Line Found : user_pref("CT3291325.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://KeyBar112.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3291325.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"KeyBar 1.12 \"}");
Line Found : user_pref("CT3291325.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3291325.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3291325.serviceLayer_services_Configuration_lastUpdate", "1377975867276");
Line Found : user_pref("CT3291325.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1377975876917");
Line Found : user_pref("CT3291325.serviceLayer_services_appsMetadata_lastUpdate", "1377975877368");
Line Found : user_pref("CT3291325.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1377975877043");
Line Found : user_pref("CT3291325.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1377975878081");
Line Found : user_pref("CT3291325.serviceLayer_services_searchAPI_lastUpdate", "1377975869318");
Line Found : user_pref("CT3291325.serviceLayer_services_serviceMap_lastUpdate", "1377975866957");
Line Found : user_pref("CT3291325.serviceLayer_services_setupAPI_lastUpdate", "1377975867699");
Line Found : user_pref("CT3291325.serviceLayer_services_toolbarContextMenu_lastUpdate", "1377975878609");
Line Found : user_pref("CT3291325.serviceLayer_services_toolbarSettings_lastUpdate", "1377975869355");
Line Found : user_pref("CT3291325.serviceLayer_services_translation_lastUpdate", "1377975877332");
Line Found : user_pref("CT3291325.settingsINI", true);
Line Found : user_pref("CT3291325.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3291325.showToolbarPermission", "false");
Line Found : user_pref("CT3291325.smartbar.CTID", "CT3291325");
Line Found : user_pref("CT3291325.smartbar.Uninstall", "0");
Line Found : user_pref("CT3291325.smartbar.homepage", true);
Line Found : user_pref("CT3291325.smartbar.isHidden", false);
Line Found : user_pref("CT3291325.smartbar.toolbarName", "KeyBar 1.12 ");
Line Found : user_pref("CT3291325.startPage", "true");
Line Found : user_pref("CT3291325.toolbarBornServerTime", "31-8-2013");
Line Found : user_pref("CT3291325.toolbarCurrentServerTime", "31-8-2013");
Line Found : user_pref("CT3291325.toolbarLoginClientTime", "Sat Aug 31 2013 15:16:02 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT3291325_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1377976554233,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3291325&octid=CT3291325&SearchSource=61&CUI=UN45701732927126187&UM=2&UP=SP4032221B-37C7-486C-9C6C-3AD515BE0F24");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "KeyBar 1.12 Customized Web Search");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&SearchSource=2&CUI=UN45701732927126187&UM=2&q=");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3291325");
Line Found : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3291325&octid=CT3291325&SearchSource=61&CUI=UN45701732927126187&UM=2&UP=SP4032221B-37C7-486C-9C6C-3AD515BE0F24");
Line Found : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search|Conduit\", \"window_content\": \"<html>[...]
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&SearchSource=2&CUI=UN45701732927126187&UM=2&q=");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3291325");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN31121429757726955&UM=2&UP=SP4032221B-37C7-486C-9C6C-3AD515BE0F24,hxxp://searc[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&SearchSource=2&CUI=UN45701732927126187&UM=2&q=");
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3291325");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3291325");
Line Found : user_pref("smartbar.machineId", "GDBQX5E5OBVUJOMT2V1YSYXNKNS8E7JXTCX6BRCIRY0TUTZBZCWJRBZZU08MDOKIZRKWSJWQ/1K0DQ5MPJCBMG");
Line Found : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3291325&CUI=UN45701732927126187&UM=2&SearchSource=13&UP=SP4032221B-37C7-486C-9C6C-3AD515BE0F24");

*************************

AdwCleaner[R0].txt - [26446 octets] - [04/09/2013 22:21:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [26507 octets] ##########
  • 0

#6
Desexx
Posted 04 September 2013 - 08:35 PM

Desexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Mozilla Firefox (23.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````
  • 0

#7
Nutloaf
Posted 05 September 2013 - 01:39 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Thank's for those logs, good job. Well there is quite a bit to go through so in the meantime I want another Scan from you :)

ASWmbr

  • Using this link download aswMBR.exe to your desktop.
  • Right click aswMBR.exe and Run as Administrator select No for AVAST virus definitions.
  • Click the Scan button to start.
  • When the scan ends click Save Log and save it to your desktop
  • Post this log in your next reply

I will provide my fix post once I get this log :thumbsup:
  • 0

#8
Desexx
Posted 05 September 2013 - 05:25 PM

Desexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-05 19:22:24
-----------------------------
19:22:24.064 OS Version: Windows x64 6.1.7601 Service Pack 1
19:22:24.064 Number of processors: 2 586 0x100
19:22:24.067 ComputerName: DESMOND-HP UserName: Desmond
19:22:26.372 Initialize success
19:22:52.941 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
19:22:52.946 Disk 0 Vendor: TOSHIBA_ GS00 Size: 305245MB BusType: 11
19:22:53.129 Disk 0 MBR read successfully
19:22:53.139 Disk 0 MBR scan
19:22:53.150 Disk 0 Windows 7 default MBR code
19:22:53.160 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:22:53.180 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 290878 MB offset 409600
19:22:53.218 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14063 MB offset 596127744
19:22:53.239 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
19:22:53.403 Disk 0 scanning C:\Windows\system32\drivers
19:23:02.108 Service scanning
19:23:38.715 Modules scanning
19:23:38.745 Disk 0 trace - called modules:
19:23:38.758
19:23:38.772 Scan finished successfully
19:24:00.503 Disk 0 MBR has been saved successfully to "C:\Users\Desmond\Downloads\MBR.dat"
19:24:00.515 The log file has been saved successfully to "C:\Users\Desmond\Downloads\aswMBR.txt"
  • 0

#9
Nutloaf
Posted 05 September 2013 - 05:29 PM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Now that is a nice looking log. I have a fix all prepared and ready to go, I just need clearance from my instructor. Expect a post from me tomorrow daytime. There is a lot to remove :thumbsup:

Many thanks Nutloaf
  • 0

#10
Nutloaf
Posted 06 September 2013 - 06:12 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi Desexx, we have a lot to do in this post. You will need some cake, a cup of coffee and a comfy chair :)

Here we will get rid of a lot of Malware from your machine, you still wont be clean after this so stick with me


Please follow in the order given. If you have problems with any of the steps then let me know

1. END folder

  • From the OTL scan I notice you have a folder named END I want you to navigate to this folder and tell me what is inside if anything. To do this:
  • Click Start then Computer double click Local Disk (C:)
  • Double click the END folder. Anything there? If so, what please :)


2. Uninstall

These are programs bundled into other downloads and can be considered as Adware. I have asked for AVG Toolbar to be removed as it is usually a bundled install. Mcafee also as it looks like you do not use this and is an optional uninstall.

  • Click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following if present:
  • wp-adk or maybe called Web Protect for Windows
  • SearchProtect
  • DefaultTab
  • Define Ext
  • 24x7 Help
  • FLV Player
  • AVG SafeGuard toolbar
  • McAfee Security Scan


3. OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    SRV - [2013/09/01 20:34:28 | 001,643,184 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
    SRV - [2013/05/08 02:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
    SRV - [2013/04/22 06:01:06 | 000,342,608 | ---- | M] (PCRx.com, LLC) [Auto | Running] -- C:\Program Files (x86)\24x7Help\App24x7Svc.exe -- (24x7HelpSvc)

    IE - HKLM\..\URLSearchHook: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {EEBA1484-C34F-426C-8959-43E4C7B24718}
    IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...6C-3AD515BE0F24
    IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\URLSearchHook: {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\SearchScopes,DefaultScope = {EEBA1484-C34F-426C-8959-43E4C7B24718}
    IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
    IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\SearchScopes\{7AD1CC1D-E9CF-4D08-AD96-D30F2B5C9F25}: "URL" = http://search.condui...q={searchTerms}
    IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\SearchScopes\{EEBA1484-C34F-426C-8959-43E4C7B24718}: "URL" = http://search.condui...6301277692&UM=2
    IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118

    FF - prefs.js..keyword.URL: "http://search.condui...126187&UM=2&q="
    FF - prefs.js..browser.startup.homepage: "http://search.condui...C-3AD515BE0F24"
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.5.0.2 [2013/09/01 20:35:09 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
    [2013/08/30 04:33:50 | 000,000,000 | ---D | M] (WebProtect) -- C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\extensions\{647A4E19-382A-45F2-A893-89D27E06A836}
    [2013/08/30 04:34:23 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
    [2013/09/01 20:35:09 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\PROGRAMDATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\15.5.0.2

    O2 - BHO: (MixiDJ V30 Toolbar) - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll (Conduit Ltd.)
    O2 - BHO: (Web Protect) - {2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4} - C:\Program Files (x86)\Web Protect\WebProtect.dll (WebProtect)
    O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Desmond\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
    O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Desmond\AppData\Local\DefineExt\temp.dat ()
    O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    O3 - HKLM\..\Toolbar: (MixiDJ V30 Toolbar) - {1122b43d-30ee-403f-9bfa-3cc99b0caddd} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\..\Toolbar\WebBrowser: (MixiDJ V30 Toolbar) - {1122B43D-30EE-403F-9BFA-3CC99B0CADDD} - C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
    O4 - HKLM..\Run: [24x7HELP] C:\Program Files (x86)\24x7Help\App24x7Help.exe (Crawler, LLC)
    O4 - HKLM..\Run: [Privoxy] C:\Program Files (x86)\privoxy\starthelp.exe ()
    O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

    [2013/08/31 15:12:05 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\DefaultTab
    [2013/08/31 15:11:40 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
    [2013/08/31 15:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FLVPlayer
    [2013/08/31 15:00:59 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\24x7 Help
    [2013/08/31 15:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
    [2013/08/31 15:00:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\24x7Help
    [2013/08/30 04:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
    [2013/08/30 04:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\privoxy
    [2013/08/30 04:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Protect
    [2013/08/30 04:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2013/08/30 04:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MixiDJ_V30
    [2013/08/30 04:32:16 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Conduit
    [2013/08/30 04:31:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
    [2013/08/30 04:31:42 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\SearchProtect
    [2013/08/31 15:12:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
    [2013/08/31 15:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
    [2013/08/31 15:12:51 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\AVG SafeGuard toolbar
    [2013/08/31 15:11:40 | 000,001,049 | ---- | M] () -- C:\Users\Desmond\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk
    [2013/08/31 15:11:39 | 000,001,025 | ---- | M] () -- C:\Users\Desmond\Desktop\FLV Player.lnk
    [2013/08/31 15:00:59 | 000,000,000 | ---D | M] -- C:\Users\Desmond\AppData\Roaming\24x7 Help
    [2013/08/31 15:12:05 | 000,000,000 | ---D | M] -- C:\Users\Desmond\AppData\Roaming\DefaultTab
    [2013/08/31 15:00:44 | 000,000,000 | ---D | M] -- C:\Users\Desmond\AppData\Roaming\SearchProtect
    [2013/08/27 16:03:16 | 000,000,000 | ---D | M] -- C:\Users\Desmond\AppData\Roaming\TuneUp Software
    [2013/08/30 04:34:32 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
    [2013/08/30 04:34:19 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\DefineExt

    :FILES
    ipconfig /flushdns /c
    C:\Program Files (x86)\Common Files\AVG Secure Search

    :COMMANDS
    [EMPTYTEMP]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.

4. Run ADWcleaner

  • Right click ADWcleaner and Run as Administrator then select Scan
  • Once the scan is complete click Clean
  • A reboot will be asked for click O.K
  • On reboot a log will be produced, please post in your next reply.


5. Junkware Removal Tool

Posted ImagePlease download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Right-mouse click JRT.exe and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

6. OTL Scan

  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply


Things I want to see in your next post.
  • END folder contents
  • OTL fix.txt
  • ADWcleaner results
  • JRT.txt
  • OTL.txt

  • 0

Advertisements

#11
Desexx
Posted 06 September 2013 - 11:37 PM

Desexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named vToolbarUpdater15.5.0 was found to stop!
Service\Driver key vToolbarUpdater15.5.0 not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe not found.
Error: No service named CltMngSvc was found to stop!
Service\Driver key CltMngSvc not found.
File C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe not found.
Error: No service named 24x7HelpSvc was found to stop!
Service\Driver key 24x7HelpSvc not found.
File C:\Program Files (x86)\24x7Help\App24x7Svc.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\ deleted successfully.
C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-4028401963-1350536223-1940162752-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\ not found.
File C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll not found.
HKEY_USERS\S-1-5-21-4028401963-1350536223-1940162752-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4028401963-1350536223-1940162752-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-4028401963-1350536223-1940162752-1001\Software\Microsoft\Internet Explorer\SearchScopes\{7AD1CC1D-E9CF-4D08-AD96-D30F2B5C9F25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AD1CC1D-E9CF-4D08-AD96-D30F2B5C9F25}\ not found.
Registry key HKEY_USERS\S-1-5-21-4028401963-1350536223-1940162752-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEBA1484-C34F-426C-8959-43E4C7B24718}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEBA1484-C34F-426C-8959-43E4C7B24718}\ not found.
HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-4028401963-1350536223-1940162752-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "http://search.condui...126187&UM=2&q=" removed from keyword.URL
Prefs.js: "http://search.condui...C-3AD515BE0F24" removed from browser.startup.homepage
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar not found.
File C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.5.0.2 not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin\ not found.
File C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll not found.
Folder C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\extensions\{647A4E19-382A-45F2-A893-89D27E06A836}\ not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\windows folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\window folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\utils folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\traits folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\tabs folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\system folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\l10n folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\events folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\event folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\dom folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\addon folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\lib folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\data folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\api-utils folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\lib folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\data folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\addon-kit folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\tests folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\lib folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\data folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\a folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\resources folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\defaults folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\.svn\tmp\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\.svn\tmp\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\.svn\tmp\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\.svn\tmp folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\.svn\text-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\.svn\props folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\.svn\prop-base folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\.svn folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] folder moved successfully.
Folder C:\PROGRAMDATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\15.5.0.2\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\ not found.
File C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2CEBF6C7-2B40-469B-B5D5-CD3F3676C3C4}\ not found.
File C:\Program Files (x86)\Web Protect\WebProtect.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}\ deleted successfully.
File C:\Users\Desmond\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ deleted successfully.
File C:\Users\Desmond\AppData\Local\DefineExt\temp.dat not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1122b43d-30ee-403f-9bfa-3cc99b0caddd} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}\ not found.
File C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll not found.
Registry value HKEY_USERS\S-1-5-21-4028401963-1350536223-1940162752-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}\ not found.
File C:\Program Files (x86)\MixiDJ_V30\prxtbMixi.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt not found.
File C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\24x7HELP not found.
File C:\Program Files (x86)\24x7Help\App24x7Help.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Privoxy not found.
File C:\Program Files (x86)\privoxy\starthelp.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll not found.
File C:\Program Files (x86)\SearchProtect\bin\cltmng.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Folder C:\Users\Desmond\AppData\Roaming\DefaultTab\ not found.
Folder C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player\ not found.
C:\Program Files (x86)\FLVPlayer\Uninstall folder moved successfully.
C:\Program Files (x86)\FLVPlayer folder moved successfully.
Folder C:\Users\Desmond\AppData\Roaming\24x7 Help\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help\ not found.
C:\Program Files (x86)\24x7Help folder moved successfully.
C:\Program Files (x86)\Optimizer Pro folder moved successfully.
C:\Program Files (x86)\privoxy folder moved successfully.
C:\Program Files (x86)\Web Protect folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Program Files (x86)\MixiDJ_V30 folder moved successfully.
C:\Users\Desmond\AppData\Local\Conduit\CT3298566 folder moved successfully.
C:\Users\Desmond\AppData\Local\Conduit folder moved successfully.
Folder C:\Program Files (x86)\SearchProtect\ not found.
Folder C:\Users\Desmond\AppData\Roaming\SearchProtect\ not found.
Folder C:\Program Files (x86)\AVG SafeGuard toolbar\ not found.
Folder C:\ProgramData\AVG SafeGuard toolbar\ not found.
Folder C:\Users\Desmond\AppData\Local\AVG SafeGuard toolbar\ not found.
File C:\Users\Desmond\Application Data\Microsoft\Internet Explorer\Quick Launch\FLV Player.lnk not found.
File C:\Users\Desmond\Desktop\FLV Player.lnk not found.
Folder C:\Users\Desmond\AppData\Roaming\24x7 Help\ not found.
Folder C:\Users\Desmond\AppData\Roaming\DefaultTab\ not found.
Folder C:\Users\Desmond\AppData\Roaming\SearchProtect\ not found.
C:\Users\Desmond\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Desmond\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Desmond\AppData\Roaming\TuneUp Software folder moved successfully.
Folder C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext\ not found.
C:\Users\Desmond\AppData\Local\DefineExt folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Desmond\Downloads\cmd.bat deleted successfully.
C:\Users\Desmond\Downloads\cmd.txt deleted successfully.
File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Desmond
->Temp folder emptied: 155085974 bytes
->Temporary Internet Files folder emptied: 52774459 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18498663 bytes
->Flash cache emptied: 26291 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 231825831 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43256543 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 478.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09072013_012957

Files\Folders moved on Reboot...
C:\Users\Desmond\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Desmond\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#12
Desexx
Posted 06 September 2013 - 11:45 PM

Desexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
# AdwCleaner v3.002 - Report created 07/09/2013 at 01:40:02
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Desmond - DESMOND-HP
# Running from : C:\Users\Desmond\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Desmond\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Desmond\AppData\LocalLow\MixiDJ_V30
Folder Deleted : C:\Users\Desmond\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\Smartbar
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\\invalidprefs.js
File Deleted : C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298566
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DAA6D527-6513-453E-A4E6-DA2BFA6C7A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1122B43D-30EE-403F-9BFA-3CC99B0CADDD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DAA6D527-6513-453E-A4E6-DA2BFA6C7A75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B9EF4E3-2F5A-406F-858A-CFCA5DE75DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B888836E-05C7-4D17-A57D-987FE39BA31F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\MixiDJ_V30
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MixiDJ_V30
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V30 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\prefs.js ]

Line Deleted : user_pref("CT3291325.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3291325.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3291325.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3291325.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3291325.FirstTime", "true");
Line Deleted : user_pref("CT3291325.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3291325.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&SearchSource=2&CUI=UN45701732927126187&UM=2&q=");
Line Deleted : user_pref("CT3291325.UserID", "UN45701732927126187");
Line Deleted : user_pref("CT3291325.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3291325.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3291325.countryCode", "US");
Line Deleted : user_pref("CT3291325.defaultSearch", "true");
Line Deleted : user_pref("CT3291325.embeddedsData", "[{\"appId\":\"130075605210846225\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3291325.enableAlerts", "true");
Line Deleted : user_pref("CT3291325.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3291325.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3291325.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3291325.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3291325.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3291325.fullUserID", "UN45701732927126187.IN.20130831150024");
Line Deleted : user_pref("CT3291325.installId", "stub.exe");
Line Deleted : user_pref("CT3291325.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3291325.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3291325.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3291325.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3291325.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3291325.keyword", true);
Line Deleted : user_pref("CT3291325.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3291325&octid=CT3291325&SearchSource=15&CUI=UN45701732927126187&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3291325.lastVersion", "10.19.2.505");
Line Deleted : user_pref("CT3291325.mam_gk_appStateReportTime.enc", "MTM3Nzk3NjU4MzU1MQ==");
Line Deleted : user_pref("CT3291325.mam_gk_appState_ACplus.enc", "b24=");
Line Deleted : user_pref("CT3291325.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3291325.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3291325.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3291325.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3291325.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3291325.mam_gk_appState_Infolinks_search.enc", "b24=");
Line Deleted : user_pref("CT3291325.mam_gk_appState_JobsMiner.enc", "b24=");
Line Deleted : user_pref("CT3291325.mam_gk_appState_Piclickuitest1.enc", "b24=");
Line Deleted : user_pref("CT3291325.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3291325.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3291325.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
Line Deleted : user_pref("CT3291325.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3291325.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3291325.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkpvYnNNaW5lciIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6ImVhOWU4MGI0LTkzNTAtNDE5OC04OTg2LTI4ZTNjMTcxZmYxYiIsImRvbWFpbnMiOls[...]
Line Deleted : user_pref("CT3291325.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Deleted : user_pref("CT3291325.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3291325.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3291325.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3291325.mam_gk_lastLoginTime.enc", "MTM3Nzk3NjU4Mzc5Ng==");
Line Deleted : user_pref("CT3291325.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3291325.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3291325.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3291325.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTYzXzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5Q29kZSI6IlVTIiwiaXNXZWxjb21lRXhw[...]
Line Deleted : user_pref("CT3291325.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3291325.mam_gk_userId.enc", "MTc3ZjQ3NTctYTEyZC00OWU2LWE4OTMtODVkNGYxYmQwYzA3");
Line Deleted : user_pref("CT3291325.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3291325.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3291325.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://KeyBar112.OurToolbar.com/[...]
Line Deleted : user_pref("CT3291325.openThankYouPage", "false");
Line Deleted : user_pref("CT3291325.openUninstallPage", "true");
Line Deleted : user_pref("CT3291325.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Line Deleted : user_pref("CT3291325.originalSearchAddressUrl", false);
Line Deleted : user_pref("CT3291325.originalSearchEngine", "Google");
Line Deleted : user_pref("CT3291325.originalSearchEngineName", "Google");
Line Deleted : user_pref("CT3291325.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3291325.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3291325.search.searchAppId", "130075605210846225");
Line Deleted : user_pref("CT3291325.search.searchCount", "0");
Line Deleted : user_pref("CT3291325.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3291325.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3291325.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3291325.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3291325.searchUserMode", "2");
Line Deleted : user_pref("CT3291325.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3291325.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3291325.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3291325.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3291325\"}");
Line Deleted : user_pref("CT3291325.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://KeyBar112.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3291325.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"KeyBar 1.12 \"}");
Line Deleted : user_pref("CT3291325.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3291325.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3291325.serviceLayer_services_Configuration_lastUpdate", "1377975867276");
Line Deleted : user_pref("CT3291325.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1377975876917");
Line Deleted : user_pref("CT3291325.serviceLayer_services_appsMetadata_lastUpdate", "1377975877368");
Line Deleted : user_pref("CT3291325.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1377975877043");
Line Deleted : user_pref("CT3291325.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1377975878081");
Line Deleted : user_pref("CT3291325.serviceLayer_services_searchAPI_lastUpdate", "1377975869318");
Line Deleted : user_pref("CT3291325.serviceLayer_services_serviceMap_lastUpdate", "1377975866957");
Line Deleted : user_pref("CT3291325.serviceLayer_services_setupAPI_lastUpdate", "1377975867699");
Line Deleted : user_pref("CT3291325.serviceLayer_services_toolbarContextMenu_lastUpdate", "1377975878609");
Line Deleted : user_pref("CT3291325.serviceLayer_services_toolbarSettings_lastUpdate", "1377975869355");
Line Deleted : user_pref("CT3291325.serviceLayer_services_translation_lastUpdate", "1377975877332");
Line Deleted : user_pref("CT3291325.settingsINI", true);
Line Deleted : user_pref("CT3291325.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3291325.showToolbarPermission", "false");
Line Deleted : user_pref("CT3291325.smartbar.CTID", "CT3291325");
Line Deleted : user_pref("CT3291325.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3291325.smartbar.homepage", true);
Line Deleted : user_pref("CT3291325.smartbar.isHidden", false);
Line Deleted : user_pref("CT3291325.smartbar.toolbarName", "KeyBar 1.12 ");
Line Deleted : user_pref("CT3291325.startPage", "true");
Line Deleted : user_pref("CT3291325.toolbarBornServerTime", "31-8-2013");
Line Deleted : user_pref("CT3291325.toolbarCurrentServerTime", "31-8-2013");
Line Deleted : user_pref("CT3291325.toolbarLoginClientTime", "Sat Aug 31 2013 15:16:02 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3291325_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1377976554233,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3291325&CUI=UN45701732927126187&UM=2&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "KeyBar 1.12 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&SearchSource=2&CUI=UN45701732927126187&UM=2&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3291325");
Line Deleted : user_pref("browser.search.defaultenginename", "KeyBar 1.12 Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "KeyBar 1.12 Customized Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3291325&CUI=UN45701732927126187&UM=2&SearchSource=13");
Line Deleted : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\": \"Scenario_1,Scenario_2\", \"set_default_search\": \"Search|Conduit\", \"window_content\": \"<html>[...]
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3291325");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN31121429757726955&UM=2&UP=SP4032221B-37C7-486C-9C6C-3AD515BE0F24,hxxp://searc[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291325&SearchSource=2&CUI=UN45701732927126187&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3291325");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3291325");
Line Deleted : user_pref("smartbar.machineId", "GDBQX5E5OBVUJOMT2V1YSYXNKNS8E7JXTCX6BRCIRY0TUTZBZCWJRBZZU08MDOKIZRKWSJWQ/1K0DQ5MPJCBMG");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3291325&CUI=UN45701732927126187&UM=2&SearchSource=13&UP=SP4032221B-37C7-486C-9C6C-3AD515BE0F24");

*************************

AdwCleaner[R0].txt - [26660 octets] - [04/09/2013 22:21:50]
AdwCleaner[R1].txt - [19448 octets] - [07/09/2013 01:38:31]
AdwCleaner[S0].txt - [19062 octets] - [07/09/2013 01:40:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19123 octets] ##########
  • 0

#13
Desexx
Posted 07 September 2013 - 12:07 AM

Desexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.8 (09.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Desmond on Sat 09/07/2013 at 1:50:46.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Desmond\appdata\local\{18AE3DB4-1716-4CB0-85BA-179DC0640025}



~~~ FireFox

Successfully deleted: [File] C:\Users\Desmond\AppData\Roaming\mozilla\firefox\profiles\gek1d27d.default\invalidprefs.js
Successfully deleted the following from C:\Users\Desmond\AppData\Roaming\mozilla\firefox\profiles\gek1d27d.default\prefs.js

user_pref("extensions.defaulttab.active.affiliate", 2201);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.browserID", "CB7E37D0803CAAB338B51B23D705EF67");
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "2.0");
Emptied folder: C:\Users\Desmond\AppData\Roaming\mozilla\firefox\profiles\gek1d27d.default\minidumps [14 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/07/2013 at 2:05:59.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#14
Desexx
Posted 07 September 2013 - 12:30 AM

Desexx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
OTL logfile created on: 9/7/2013 2:18:32 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Desmond\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 57.81% Memory free
5.21 Gb Paging File | 3.74 Gb Available in Paging File | 71.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.06 Gb Total Space | 247.56 Gb Free Space | 87.15% Space Free | Partition Type: NTFS
Drive D: | 13.73 Gb Total Space | 1.71 Gb Free Space | 12.46% Space Free | Partition Type: NTFS

Computer Name: DESMOND-HP | User Name: Desmond | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/04 21:49:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Desmond\Downloads\OTL.exe
PRC - [2013/08/14 13:55:20 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/02/19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2011/02/09 20:57:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/04 19:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/12/27 20:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/12/13 15:48:18 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/11/18 15:57:28 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/11/09 18:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/14 13:55:37 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/11/18 16:09:10 | 001,699,384 | ---- | M] () -- C:\Users\Desmond\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/11/18 15:57:42 | 012,284,984 | ---- | M] () -- C:\Users\Desmond\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/03/04 15:50:26 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/04 15:44:40 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 17:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 09:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/08/27 19:33:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/14 13:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/14 11:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/25 08:52:52 | 000,162,672 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2011/02/04 19:32:02 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/12/27 20:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/10 01:32:38 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/01 01:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/05 03:16:20 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/04 18:01:18 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/04 15:16:48 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/01 21:54:36 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/02/15 15:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/02/09 20:58:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/20 20:20:02 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/29 08:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 22:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/11 22:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.11.0.13348
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/08/27 15:52:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Desmond\AppData\Roaming\Mozilla\Extensions
[2013/09/07 01:20:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\extensions
[2013/08/31 15:16:34 | 000,001,096 | ---- | M] () -- C:\Users\Desmond\AppData\Roaming\Mozilla\Firefox\Profiles\gek1d27d.default\searchplugins\keybar-112-customized-web-search.xml
[2013/09/07 01:31:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/03 04:52:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/03 04:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/03 04:52:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/27 15:51:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{779A4D6A-C7C4-46D5-BD9B-AD9AF33CB35B}: DhcpNameServer = 192.168.96.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D515D735-2E64-4DCD-AF45-DFBA4A926090}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/07 01:50:44 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/07 01:29:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/05 19:55:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/09/04 22:21:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/04 12:11:32 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Windows Live Writer
[2013/09/04 12:11:32 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Windows Live Writer
[2013/09/03 04:52:22 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Skype
[2013/09/03 04:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/09/03 04:51:45 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/09/03 04:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/09/03 04:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/09/01 07:34:12 | 000,000,000 | ---D | C] -- C:\Users\Desmond\Desktop\games
[2013/08/30 14:38:16 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\CrashDumps
[2013/08/30 04:35:45 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\SkypeTalking
[2013/08/30 04:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypeTalking
[2013/08/30 04:35:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SkypeTalking
[2013/08/30 04:34:48 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Programs
[2013/08/29 04:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/08/28 03:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/08/28 03:01:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/08/28 03:01:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/08/27 19:28:28 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Macromedia
[2013/08/27 19:25:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/08/27 19:24:44 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Adobe
[2013/08/27 18:34:26 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/08/27 17:24:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/27 16:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/08/27 16:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/08/27 16:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/08/27 16:04:41 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\AVG2013
[2013/08/27 16:03:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/08/27 16:02:58 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/08/27 16:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/08/27 16:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/08/27 15:58:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/08/27 15:58:09 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Avg2013
[2013/08/27 15:58:08 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\MFAData
[2013/08/27 15:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/08/27 15:51:52 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Mozilla
[2013/08/27 15:51:52 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Mozilla
[2013/08/27 15:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/08/27 15:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/08/27 15:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/27 15:50:28 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\AMD
[2013/08/27 15:50:04 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\ATI
[2013/08/27 15:50:04 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\ATI
[2013/08/27 15:49:59 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\PictureMover
[2013/08/27 15:49:45 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Macromedia
[2013/08/27 15:49:43 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Adobe
[2013/08/27 15:48:59 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\hpqLog
[2013/08/27 15:48:58 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Synaptics
[2013/08/27 15:48:39 | 000,000,000 | R--D | C] -- C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/08/27 15:48:39 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Searches
[2013/08/27 15:48:39 | 000,000,000 | R--D | C] -- C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/08/27 15:48:38 | 000,000,000 | -H-D | C] -- C:\Users\Desmond\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/08/27 15:48:30 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Identities
[2013/08/27 15:48:28 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Contacts
[2013/08/27 15:47:46 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\RemEngine
[2013/08/27 15:43:18 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Hewlett-Packard
[2013/08/27 15:42:53 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\hewlett-packard
[2013/08/27 15:42:52 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Hewlett-Packard_Company
[2013/08/27 15:40:32 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\VirtualStore
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\AppData\Local\Temporary Internet Files
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Templates
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Start Menu
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\SendTo
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Recent
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\PrintHood
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\NetHood
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Documents\My Videos
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Documents\My Pictures
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Documents\My Music
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\My Documents
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Local Settings
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\AppData\Local\History
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Cookies
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\Application Data
[2013/08/27 15:40:18 | 000,000,000 | -HSD | C] -- C:\Users\Desmond\AppData\Local\Application Data
[2013/08/27 15:40:13 | 000,000,000 | --SD | C] -- C:\Users\Desmond\AppData\Roaming\Microsoft
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Videos
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Saved Games
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Pictures
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Music
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Links
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Favorites
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Downloads
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Documents
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\Desktop
[2013/08/27 15:40:13 | 000,000,000 | R--D | C] -- C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/08/27 15:40:13 | 000,000,000 | -H-D | C] -- C:\Users\Desmond\AppData
[2013/08/27 15:40:13 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Temp
[2013/08/27 15:40:13 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Local\Microsoft
[2013/08/27 15:40:13 | 000,000,000 | ---D | C] -- C:\Users\Desmond\AppData\Roaming\Media Center Programs

========== Files - Modified Within 30 Days ==========

[2013/09/07 01:50:24 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/07 01:50:24 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/07 01:42:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/07 01:42:44 | 2097,340,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/07 01:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/06 15:44:08 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDesmond.job
[2013/09/05 19:55:19 | 357,015,039 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/04 15:55:08 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDESMOND-HP$.job
[2013/09/03 04:51:46 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/09/02 12:24:04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/09/01 20:34:19 | 000,000,258 | RHS- | M] () -- C:\Users\Desmond\ntuser.pol
[2013/09/01 01:45:19 | 000,740,374 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/01 01:45:19 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/01 01:45:19 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/28 03:07:26 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/08/28 03:07:24 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/08/27 18:51:44 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/08/27 18:50:52 | 000,277,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/27 18:36:52 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/08/27 18:36:52 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/08/27 16:03:16 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/08/27 15:51:44 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/08/27 15:49:33 | 000,001,441 | ---- | M] () -- C:\Users\Desmond\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/09/05 19:55:19 | 357,015,039 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/09/03 04:51:45 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/09/02 12:24:04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/09/02 00:42:21 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDesmond.job
[2013/08/31 15:12:17 | 000,000,258 | RHS- | C] () -- C:\Users\Desmond\ntuser.pol
[2013/08/28 03:07:26 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/08/28 03:07:24 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/08/27 19:25:38 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/27 18:51:44 | 000,002,489 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/08/27 18:34:20 | 2097,340,416 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/27 17:50:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/08/27 17:06:55 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/08/27 16:03:16 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/08/27 15:55:21 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForDESMOND-HP$.job
[2013/08/27 15:51:44 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/08/27 15:51:43 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/08/27 15:49:33 | 000,001,441 | ---- | C] () -- C:\Users\Desmond\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/08/27 15:48:40 | 000,001,417 | ---- | C] () -- C:\Users\Desmond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/08/27 15:43:05 | 000,002,196 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk
[2013/08/27 15:43:04 | 000,002,272 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
[2013/08/27 15:43:04 | 000,001,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Install Rhapsody.lnk
[2013/08/27 15:40:13 | 000,000,290 | ---- | C] () -- C:\Users\Desmond\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/08/27 15:40:13 | 000,000,272 | ---- | C] () -- C:\Users\Desmond\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/09/23 18:21:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/09/23 18:13:40 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/27 16:04:41 | 000,000,000 | ---D | M] -- C:\Users\Desmond\AppData\Roaming\AVG2013
[2013/08/27 15:50:06 | 000,000,000 | ---D | M] -- C:\Users\Desmond\AppData\Roaming\PictureMover
[2013/08/27 15:48:58 | 000,000,000 | ---D | M] -- C:\Users\Desmond\AppData\Roaming\Synaptics
[2013/09/04 12:11:32 | 000,000,000 | ---D | M] -- C:\Users\Desmond\AppData\Roaming\Windows Live Writer

< End of report >
  • 0

#15
Nutloaf
Posted 07 September 2013 - 05:15 AM

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Nicely done, many thanks. Only a couple of things to do in this Post as I worked you hard in the last post :whistling:

Disable Windows Sidebar and run 2 more scans to make sure all is clean. The ESET scan may take a long time to run so find something to do :)

1. Windows SideBar

There are security risks with Sidebar and it can use a lot of memory so best to disable

2. DOWNLOAD and INSTALL MALWAREBYTES

  • using this link download and install Malwarebytes
  • Before clicking Finish Uncheck the Start Free Trial checkbox if present and Select the Update and Launch Checkboxes.
  • Click Finish
  • Any updates found will now be installed and the main screen loads.
  • Select Perform quick scan and click Scan
  • The scan will take a few minutes. Once complete click O.K and Show Results
  • Make sure anything found is checked and click Remove Selected
  • A reboot may be needed please proceed if asked.
  • When complete, a log will open in Notepad. Please paste this in your next reply.
  • If reboot was needed the log is automatically saved by MBAM and can be viewed by clicking the Logs tab then Open log


3. ESET SCAN ONLY

You will need to disable your currently installed Anti-Virus, how to do so can be read here.


IMPORTANT - Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu, Quick Launch Bar or the Taskbar and select Run as Administrator. For Taskbar right click IE then right click the IE icon that appears.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Now use this link to run an online scan with the ESET Online Scanner

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Uncheck the Remove Found Threats box. I want to check the results first as ESET may remove a false positive :)
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you copy the logfile
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste the log in your next reply.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Things I want to see in your next post.
  • Malwarebytes log.
  • ESET results.
  • How is the machine running?
  • Are your Browsers behaving themselves?

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP