Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow running / CPU 100% [Closed]


  • This topic is locked This topic is locked

#1
ThetechmanDan

ThetechmanDan

    Member

  • Member
  • PipPip
  • 29 posts
I am running Vista in a laptop. 2.0gh single core, 4gb ram.


a few days ago I was trying to download a video player (vlc media player). I clicked "download" on a few pages that I was linked to before I got to the final "download" button that actually worked. I got it now, I installed it and it works.

I dint know if that matters at all but I thought I would share that just in case.

right before that I uninstalled a program or 2 that I never use... I don't remember which ones they err though.

anyways,

a little after installing vlc media, the cpu jumped to 100% and would not stop. long story short, I found a host/service file was the reason so I found it and closed that program along with its dependant running programs.

that worked great. now the computer only uses the cpu like it normally would however, it's slow. it can't display hd videos without sputtering and simple Facebook games don't respond even half as fast as they did before.

I'm not too sure what to do from here other then did a recovery... any I ideas?

-------------------------------
That was as of a few days ago. It been running fine other then a few things sputtering and not running as fast. As of right now, Its doing it even more. The CPU will jump to 100% for a lot longer then it should.

I have just done the OLDtimer.exe test. The outcome:

OTL Extras logfile created on: 9/18/2013 7:40:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laureano\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 35.82% Memory free
6.14 Gb Paging File | 2.77 Gb Available in Paging File | 45.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 47.60 Gb Free Space | 35.43% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 10.42 Gb Free Space | 71.10% Space Free | Partition Type: NTFS

Computer Name: LAUREANO-PC | User Name: Laureano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = TorchHTML] -- C:\Users\Laureano\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{166228A4-8173-48C5-BE12-2571E445EFA0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{21B42275-1A4C-4504-A237-21318D110F92}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2C60807B-EB14-4B33-8D52-6567631C1639}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3C070C22-607B-4657-9D75-9B36ECA742E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41FD555A-4718-43E1-AB6F-8AE1292282E9}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{45EDEF57-F4AD-431F-8BEF-67CA211029A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{523CD50F-5848-460A-8344-BEAFDD6F58AE}" = lport=139 | protocol=6 | dir=in | app=system |
"{5471BE28-F08D-48D3-B53B-A07D47E70764}" = lport=2869 | protocol=6 | dir=in | app=system |
"{60EDCC1E-55C3-474E-9ED7-4F1A6B78AB96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A9865C4-4276-41A6-A7D9-1EF821961F91}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C6DE059-7E7F-4703-8639-2ACDD3166F25}" = rport=445 | protocol=6 | dir=out | app=system |
"{7BAED3FE-FFA1-4821-94A9-B1B29242E723}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7ECA7EAA-0067-4B08-B2A4-FAE7111F80DF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7F23DD40-A2B6-4A5C-8263-79BF1EA8D3E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F43A5FB-E8F1-474E-902E-F721B3CDF09A}" = rport=138 | protocol=17 | dir=out | app=system |
"{835C8DE8-CBA2-47D6-B14D-6683B05990F4}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{83E9494C-571B-4035-93A1-2187696747FC}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8E7366EB-0E66-475D-A8F9-F17D10A05E07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9056CA62-E836-4B25-9BD8-E14AE25A8270}" = rport=2869 | protocol=6 | dir=out | app=system |
"{9A900970-F6A0-4487-82B2-F7222535ABCB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B26C10FC-43CA-4573-A4CF-A3E2521C8BF6}" = rport=137 | protocol=17 | dir=out | app=system |
"{C2FCE3DB-601F-41D4-AB44-BFEC255D9748}" = rport=139 | protocol=6 | dir=out | app=system |
"{D3A40A10-D098-4AB9-BDF3-2DC1693A5E1E}" = lport=445 | protocol=6 | dir=in | app=system |
"{E148EB92-96EF-4779-AF27-B7EF82E948FF}" = lport=138 | protocol=17 | dir=in | app=system |
"{E91C345F-EC08-419F-BD58-890ED3C45015}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ECC98A66-E523-486C-A458-E9D89E7A5F9B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F405CE62-D3E5-4C60-93EF-C77C766FEE38}" = lport=137 | protocol=17 | dir=in | app=system |
"{FAC42225-1ED1-4C69-82BC-5098205F6367}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F440121-F203-4C01-B28A-8B096DD57F70}" = protocol=6 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{1ECAF39E-6EC2-4CD6-A50F-54202B039CE8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{2AE264D2-64CC-4283-9C63-9C9C5DC9CC63}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{315B884A-7D83-4AF7-A84B-8ED833EDF8A3}" = protocol=1 | dir=in | [email protected],-28543 |
"{375FE341-1DD9-49B2-BB6D-0B0E8E760764}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3C35BD7D-5A65-4290-9BB5-D438169CE1A2}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{3ED5D2AA-B130-4701-8C00-72F341206832}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{45669C36-AD42-44D6-906C-325229B4929B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{573E2BEE-5FC3-4316-BE50-E15A3628B233}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{676D2C80-FFD9-4199-BFE6-21D80D39B058}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{6875C728-B989-449E-A121-8354350DE382}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{6D06F63F-7C2F-4398-B027-5FA9945075D6}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{80D6CC22-4B95-42A7-AE15-E39D1C2FFE38}" = protocol=58 | dir=out | [email protected],-28546 |
"{83F9B212-105E-4ACB-825F-EFFF7DE79C2D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{866682E7-C2B3-460B-815A-72B68AEB71FB}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{8873068D-2208-4256-B5AA-E4335E8BBF8F}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{9A279AC4-BA6E-4C29-AA81-629980B52834}" = protocol=17 | dir=in | app=c:\program files\search results toolbar\datamngr\srtool~1\dtuser.exe |
"{A84B25EE-39A8-4392-A0F0-BA853F0CEFBC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B2368417-DB15-4511-80F8-D0B49A089641}" = dir=in | app=c:\users\laureano\appdata\local\torch\plugins\torrent\torchtorrent.exe |
"{B746FD34-51CA-4273-B370-4CE096B8DFCA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BCC5D393-BAAC-4399-8260-1DC5080DBEC6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BCE428D0-B807-4202-86A2-50901BC5B7D8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C0277C91-90FE-4616-9C7E-6A130EFB9D7C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C5FD0E5B-F145-4D96-8025-DC2D5B95016C}" = protocol=58 | dir=in | [email protected],-28545 |
"{CFC11CC1-EE04-44A2-B04A-3D77AE4C1EB9}" = protocol=1 | dir=out | [email protected],-28544 |
"{D85CE46C-28BB-4D22-BA16-2812EC817F47}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{E3A6DD8A-7464-46D1-B5C2-B38F84D77652}" = protocol=58 | dir=in | [email protected],-148 |
"{EBE59025-5FB3-49F7-9D57-A001A81CCFD5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED359734-84BB-405B-8287-ABEFAA097980}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"TCP Query User{0B8294F6-AA2A-4ED6-98C8-E44ABE55F4D0}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{6E5E4F19-9482-4BCE-8ED4-3699C6504F8E}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"TCP Query User{88CFE10B-F927-4C2B-BCC8-B92615D98C25}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{FEF8A385-B24B-403D-971F-3666DA8EC5AF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{13783350-563B-49F3-B959-02148FFA6040}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{B59DDACB-F23C-4EDA-92E5-73ACF1C630D1}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{C3D779C6-4AD7-4067-B475-EE76CE287B0A}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{C8499659-36F4-4488-9378-76D166BC6D3C}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1CA34BAF-517A-4EAB-900C-D514DC39CAD4}" = Microsoft Expression Blend
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25349513-852F-470D-AB31-9B42100C926B}" = ActiveLink Connect
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{299CF645-48C7-4FA1-8BCD-5CE200CF180D}" = Microsoft Search Enhancement Pack
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DD9A660-BC20-4C5E-BADF-20C313D72850}" = Microsoft Expression Design
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.052
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.4
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = DriverScanner
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1" = Updater By SweetPacks 2.0.0.609
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D9020F55-B56D-4E77-8AF8-05A4175D3558}" = Microsoft Expression Media
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}" = Internet Explorer Toolbar 4.8 by SweetPacks
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"1ClickDownload" = FirstRowSportApp
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"AI RoboForm" = AI RoboForm (All Users)
"avast" = avast! Free Antivirus
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Chainz 2" = Chainz 2 (remove only)
"DefaultTab" = DefaultTab
"DivX Setup" = DivX Setup
"Escape Rosecliff Island 1.0.0.2" = Escape Rosecliff Island 1.0.0.2
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IECT3310511" = SweetPacks Toolbar for IE
"iLivid" = iLivid
"ilividtoolbarguid" = Search-Results Toolbar
"jZip" = jZip
"MechCommander2 1.0" = Microsoft MechCommander 2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RaidCall" = RaidCall
"Search Toolbar" = Search Toolbar
"SearchProtect" = Search Protect by conduit
"Searchqu Toolbar" = Searchqu Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"Starcraft" = Starcraft
"VLC media player" = VLC media player 2.0.0
"WebDesigner" = Microsoft Expression Web
"Webroot Software" = Webroot Software
"WinLiveSuite_Wave3" = Windows Live Essentials
"WNLT" = IB Updater Service

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveLink Connect" = ActiveLink Connect
"Define Ext" = Define Ext
"Facebook Plug-In" = Facebook Plug-In
"Progress Bar" = Progress Bar
"TidyNetwork.com" = TidyNetwork.com
"Torch" = Torch
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/10/2013 9:18:24 PM | Computer Name = Laureano-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 651444

Error - 9/10/2013 9:18:24 PM | Computer Name = Laureano-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 651444

Error - 9/11/2013 4:01:07 AM | Computer Name = Laureano-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/11/2013 4:01:07 AM | Computer Name = Laureano-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5351

Error - 9/11/2013 4:01:07 AM | Computer Name = Laureano-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5351

Error - 9/11/2013 12:50:55 PM | Computer Name = Laureano-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/11/2013 12:50:55 PM | Computer Name = Laureano-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 31793129

Error - 9/11/2013 12:50:55 PM | Computer Name = Laureano-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 31793129

Error - 9/11/2013 11:34:27 PM | Computer Name = Laureano-PC | Source = VSS | ID = 8194
Description =

Error - 9/11/2013 11:40:04 PM | Computer Name = Laureano-PC | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 9/25/2010 12:26:19 AM | Computer Name = Laureano-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 9/25/2010 2:38:33 PM | Computer Name = Laureano-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 9/26/2010 5:32:24 PM | Computer Name = Laureano-PC | Source = bowser | ID = 8003
Description =

Error - 9/27/2010 11:11:47 PM | Computer Name = Laureano-PC | Source = PlugPlayManager | ID = 12
Description = The device 'Intel® ICH9 Family PCI Express Root Port 5 - 2948' (PCI\VEN_8086&DEV_2948&SUBSYS_02BC1028&REV_03\3&11583659&0&E4)
disappeared from the system without first being prepared for removal.

Error - 9/27/2010 11:11:48 PM | Computer Name = Laureano-PC | Source = PlugPlayManager | ID = 12
Description = The device 'OHCI Compliant IEEE 1394 Host Controller' (PCI\VEN_1217&DEV_10F7&SUBSYS_02BC1028&REV_01\4&12bf0147&0&00E4)
disappeared from the system without first being prepared for removal.

Error - 9/27/2010 11:11:48 PM | Computer Name = Laureano-PC | Source = PlugPlayManager | ID = 12
Description = The device 'O2Micro Integrated MMC/SD controller' (PCI\VEN_1217&DEV_8120&SUBSYS_02BC1028&REV_01\4&12bf0147&0&01E4)
disappeared from the system without first being prepared for removal.

Error - 9/27/2010 11:11:48 PM | Computer Name = Laureano-PC | Source = PlugPlayManager | ID = 12
Description = The device 'O2Micro Integrated MS/MSPRO/xD Controller' (PCI\VEN_1217&DEV_8130&SUBSYS_02BC1028&REV_01\4&12bf0147&0&02E4)
disappeared from the system without first being prepared for removal.

Error - 9/30/2010 4:04:51 PM | Computer Name = Laureano-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 9/30/2010 5:47:32 PM | Computer Name = Laureano-PC | Source = bowser | ID = 8003
Description =

Error - 10/1/2010 7:59:22 PM | Computer Name = Laureano-PC | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.


< End of report >


And the second one:

OTL logfile created on: 9/18/2013 7:40:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laureano\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 35.82% Memory free
6.14 Gb Paging File | 2.77 Gb Available in Paging File | 45.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 47.60 Gb Free Space | 35.43% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 10.42 Gb Free Space | 71.10% Space Free | Partition Type: NTFS

Computer Name: LAUREANO-PC | User Name: Laureano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/18 19:40:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laureano\Downloads\OTL.exe
PRC - [2013/09/16 07:03:46 | 000,573,952 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
PRC - [2013/09/10 09:20:33 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/09/02 13:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/08/28 17:23:38 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/07/17 09:20:18 | 000,345,904 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe
PRC - [2013/07/17 09:20:14 | 001,344,304 | ---- | M] () -- C:\Windows\System32\dmwu.exe
PRC - [2013/07/01 12:09:56 | 000,188,760 | ---- | M] () -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
PRC - [2013/06/26 14:00:34 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/04/16 18:17:26 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\Laureano\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2013/04/16 18:17:26 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe
PRC - [2013/01/28 23:49:31 | 000,713,816 | ---- | M] (Koninklijke Philips Electronics N.V.) -- C:\Users\Laureano\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
PRC - [2013/01/16 14:47:30 | 000,026,456 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2012/11/15 01:35:54 | 001,681,472 | ---- | M] (Bandoo Media Inc) -- C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe
PRC - [2012/10/30 16:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/10 19:30:03 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/06/01 04:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/06/01 04:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/01/11 14:23:42 | 000,197,448 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\identities.exe
PRC - [2009/05/21 12:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 12:16:16 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/31 07:28:00 | 000,249,938 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\stacsv.exe
PRC - [2009/03/31 07:27:48 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\AEstSrv.exe
PRC - [2009/03/31 07:26:12 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/03/31 07:25:54 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/03/31 07:25:52 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/03/31 07:25:50 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/02/04 19:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/07 20:55:00 | 000,072,224 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/17 08:35:53 | 000,254,976 | ---- | M] () -- C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\plugins\npDefaultTabSearch.dll
MOD - [2013/09/16 08:31:38 | 000,013,600 | ---- | M] () -- C:\Users\Laureano\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
MOD - [2013/09/10 09:20:32 | 016,177,544 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/09/02 13:35:56 | 000,410,576 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013/09/02 13:35:55 | 013,599,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
MOD - [2013/09/02 13:35:54 | 004,053,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/02 13:35:01 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2013/08/28 17:25:02 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/08/28 17:23:38 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/07/17 09:20:18 | 000,345,904 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe
MOD - [2013/07/17 09:19:46 | 000,528,896 | ---- | M] () -- C:\Windows\System32\jmdp\lmrn.dll
MOD - [2013/07/04 00:12:00 | 000,362,029 | ---- | M] () -- C:\Windows\System32\jmdp\sqlite3.dll
MOD - [2013/06/26 14:00:31 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/06/27 16:53:57 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\47b2e1d9030f551f685dfea0b618e7fd\System.Web.ni.dll
MOD - [2009/06/27 16:53:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a4fd3b000abfd4712b02ec223df3e9dd\System.Runtime.Remoting.ni.dll
MOD - [2009/06/27 16:43:41 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6d75eb3ca10a514754f5e87cc2134f07\System.Windows.Forms.ni.dll
MOD - [2009/06/27 16:43:28 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\19d027c3381110e60c003f2c8bd307ee\System.Drawing.ni.dll
MOD - [2009/06/27 16:37:49 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll
MOD - [2009/06/27 16:37:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\982c005f97eacba888acdda322c49362\System.Configuration.ni.dll
MOD - [2009/06/27 16:37:24 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll
MOD - [2009/06/27 11:33:22 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll
MOD - [2008/12/11 10:47:34 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2008/10/13 15:26:58 | 005,242,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2008/10/13 15:26:58 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2008/07/27 11:03:15 | 003,149,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2008/07/27 11:03:15 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2008/07/27 11:03:15 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2008/07/27 11:03:14 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Yontoo\Y2Desktop.Updater.exe C:\Users\Laureano\AppData\Roaming\Yontoo\YontooDesktop.exe -- (Yontoo Desktop Updater)
SRV - [2013/09/16 07:03:46 | 000,573,952 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/09/10 09:20:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/17 09:20:14 | 001,344,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2013/07/01 12:09:56 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
SRV - [2013/06/26 14:00:32 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/10 19:30:03 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/06/01 04:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/03/31 07:28:00 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\stacsv.exe -- (STacSV)
SRV - [2009/03/31 07:27:48 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/07 20:55:00 | 000,072,224 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/10/30 16:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 16:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 16:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 16:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 16:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 16:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/11 10:07:52 | 000,181,008 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssidrv.sys -- (ssidrv)
DRV - [2011/07/11 10:07:52 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sshrmd.sys -- (sshrmd)
DRV - [2011/07/11 10:07:50 | 000,045,584 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2009/03/31 07:28:14 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/31 07:25:48 | 000,196,144 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/02/02 08:21:30 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/01/07 20:55:00 | 000,051,616 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009/01/07 20:55:00 | 000,041,760 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2008/12/11 10:47:16 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/01/20 19:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...A-0024E8AAA8B3}
IE - HKLM\..\URLSearchHook: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{56BA5EA1-8A8A-4E55-9884-A8FCD452B5F2}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...0321479053&UM=2
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...A-0024E8AAA8B3}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...83E0E98chTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{90D5743A-1DAE-4911-A375-C4FFA53A86D3}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...0321479053&UM=2
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...A-0024E8AAA8B3}
IE - HKCU\..\SearchScopes\{F837AEE8-572F-419E-9FA7-6489B2F34053}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3310511.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "SweetPacks Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "SweetPacks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.condui...1-E140783E0E98"
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.94.0
FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0
FF - prefs.js..extensions.enabledAddons: plugin%40yontoo.com:1.20.02
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: tidynetwork%40tidynetwork:5.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://search.condui...617298&UM=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Users\Laureano\AppData\LocalLow\raidcall\plugins\webplugin_en.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Laureano\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Laureano\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Laureano\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/01/11 14:24:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/19 00:00:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Program Files\Updater By SweetPacks\Firefox [2013/07/11 10:59:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Updater By SweetPacks\Firefox [2013/07/11 10:59:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/26 13:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/26 13:59:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/26 13:59:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/26 13:59:57 | 000,000,000 | ---D | M]

[2012/11/17 19:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Extensions
[2013/09/18 19:43:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions
[2013/09/18 19:43:01 | 000,000,000 | ---D | M] (SweetPacks) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
[2012/09/22 18:10:46 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2009/11/14 12:02:13 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/11/17 19:46:28 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2012/04/15 20:04:58 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\[email protected]
[2013/04/27 16:38:23 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\[email protected]
[2010/07/26 09:01:05 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\[email protected]
[2013/09/18 19:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\staged
[2013/09/11 21:02:19 | 000,000,000 | ---D | M] (Tidy Network) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\[email protected]
[2013/09/11 21:02:29 | 000,000,000 | ---D | M] (Define Ext) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\[email protected]
[2013/09/18 19:41:52 | 000,037,942 | ---- | M] () (No name found) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\[email protected]
[2013/04/27 16:37:36 | 000,216,582 | ---- | M] () (No name found) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\[email protected]
[2013/05/28 12:56:24 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/04/27 16:40:35 | 000,195,976 | ---- | M] () (No name found) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/09/18 19:41:53 | 000,275,449 | ---- | M] () (No name found) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\staged\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/09/11 21:04:36 | 000,000,997 | ---- | M] () -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\searchplugins\conduit.xml
[2013/09/16 08:30:01 | 000,002,144 | ---- | M] () -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\searchplugins\MyStart Search.xml
[2012/11/17 19:46:13 | 000,002,687 | ---- | M] () -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\searchplugins\Search_Results.xml
[2013/04/27 21:55:55 | 000,001,720 | ---- | M] () -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\searchplugins\sweetim.xml
[2013/06/26 13:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/26 13:59:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/26 14:00:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/11/17 19:46:40 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012/03/18 13:59:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/11/17 19:46:13 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...=CT3310511&UM=2
CHR - default_search_provider: suggest_url = http://suggest.searc...6510192219&UM=2
CHR - homepage: http://search.condui...6510192219&UM=2
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16249 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Laureano\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Laureano\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SweetPacks = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.505_0\
CHR - Extension: Updater By SweetPacks = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.609_0\
CHR - Extension: Define Ext = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\
CHR - Extension: avast! WebRep = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: DefaultTab = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\
CHR - Extension: FreeHDSport TV = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfggacklibaabdomphfdpcodjgihgon\1.0_0\
CHR - Extension: Yontoo = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\
CHR - Extension: TidyNetwork.com = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjfapmjdfefijidhnppmddblhlnkljgb\5.0.0.0_0\
CHR - Extension: SweetPacks = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.19.2.505_0\
CHR - Extension: Updater By SweetPacks = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.609_0\
CHR - Extension: Define Ext = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\
CHR - Extension: avast! WebRep = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: DefaultTab = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.28_0\
CHR - Extension: FreeHDSport TV = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfggacklibaabdomphfdpcodjgihgon\1.0_0\
CHR - Extension: Yontoo = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\
CHR - Extension: TidyNetwork.com = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjfapmjdfefijidhnppmddblhlnkljgb\5.0.0.0_0\

O1 HOSTS File: ([2013/09/16 08:30:44 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found.
O2 - BHO: (SweetPacks Toolbar) - {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Laureano\AppData\Local\DefineExt\temp.dat ()
O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (Updater By SweetPacks) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar) - {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ALconnect] C:\Users\Laureano\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe (Koninklijke Philips Electronics N.V.)
O4 - HKCU..\Run: [ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff] C:\Program Files\Conduit\CT3310511\plugins\TBVerifier.dll (Conduit Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\Laureano\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84585AD9-3FD1-40A2-BDE5-3D051E4FC399}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~3\Datamngr\datamngr.dll) - C:\Program Files\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~2\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Laureano\Desktop\scared-scrubs.jpg
O24 - Desktop BackupWallPaper: C:\Users\Laureano\Desktop\scared-scrubs.jpg
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (X2㘀㠵ᑀ 獭ㅶた搮汬) - File not found
O30 - LSA: Security Packages - (>뻯㠵ᑀ㠵ᑀ&) - File not found
O30 - LSA: Security Packages - (䷚) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{756926d5-e66b-11de-a911-0024e8aaa8b3}\Shell - "" = AutoRun
O33 - MountPoints2\{756926d5-e66b-11de-a911-0024e8aaa8b3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{af1e5467-2301-11df-8c17-0024e8aaa8b3}\Shell - "" = AutoRun
O33 - MountPoints2\{af1e5467-2301-11df-8c17-0024e8aaa8b3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{b27e65f8-eb43-11e2-b7d2-0024e8aaa8b3}\Shell - "" = AutoRun
O33 - MountPoints2\{b27e65f8-eb43-11e2-b7d2-0024e8aaa8b3}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{e07ab45e-d096-11e2-88f2-0024e8aaa8b3}\Shell - "" = AutoRun
O33 - MountPoints2\{e07ab45e-d096-11e2-88f2-0024e8aaa8b3}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{ef7f3919-2eeb-11e2-ad5d-0024e8aaa8b3}\Shell\AutoRun\command - "" = G:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/11 21:13:45 | 000,000,000 | ---D | C] -- C:\Users\Laureano\AppData\Roaming\vlc
[2013/09/11 21:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/09/11 21:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/09/11 21:07:22 | 000,000,000 | ---D | C] -- C:\Users\Laureano\AppData\Roaming\DefaultTab
[2013/09/11 21:07:19 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultTab
[2013/09/11 21:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/09/11 21:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\SweetPacks
[2013/09/11 21:06:19 | 000,000,000 | ---D | C] -- C:\Users\Laureano\AppData\Local\Conduit
[2013/09/11 21:05:45 | 000,000,000 | ---D | C] -- C:\Users\Laureano\AppData\Local\CRE
[2013/09/11 21:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/09/11 21:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/09/11 21:04:37 | 000,000,000 | ---D | C] -- C:\Users\Laureano\AppData\Roaming\SearchProtect
[2013/09/11 21:03:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\jmdp
[2013/09/11 21:03:38 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2013/09/11 21:03:38 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2013/09/11 21:03:38 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll
[2013/09/11 21:03:38 | 000,027,136 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\System32\ImHttpComm.dll
[2013/09/11 21:03:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC
[2013/09/11 21:03:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\WNLT
[2013/09/11 21:03:22 | 000,000,000 | ---D | C] -- C:\Users\Laureano\Documents\Optimizer Pro
[2013/09/11 21:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/09/11 21:02:40 | 000,000,000 | ---D | C] -- C:\Users\Laureano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
[2013/09/11 21:02:23 | 000,000,000 | ---D | C] -- C:\Users\Laureano\AppData\Local\DefineExt
[2013/09/11 21:02:18 | 000,000,000 | ---D | C] -- C:\Users\Laureano\AppData\Local\TidyNetwork.com
[2013/09/11 20:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2013/09/11 20:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013/09/11 20:34:25 | 000,000,000 | ---D | C] -- C:\Users\Laureano\AppData\Roaming\Uniblue
[2013/09/11 20:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2013/09/11 00:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\marys crap
[2013/08/26 02:13:02 | 000,354,656 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl

========== Files - Modified Within 30 Days ==========

[2013/09/18 19:50:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{65FCF4F9-7FC8-4BED-86B1-ABF96E235CCA}.job
[2013/09/18 19:35:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/18 18:27:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/18 18:19:42 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/18 18:06:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/18 18:06:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/17 09:26:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/16 21:38:01 | 000,608,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/16 21:38:01 | 000,105,952 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/16 08:29:35 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\dsmonitor.job
[2013/09/16 08:29:17 | 3178,164,224 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/15 22:08:50 | 000,143,360 | ---- | M] () -- C:\Users\Laureano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/15 20:33:04 | 000,000,680 | ---- | M] () -- C:\Users\Laureano\AppData\Local\d3d9caps.dat
[2013/09/12 23:53:09 | 000,143,048 | ---- | M] () -- C:\Users\Laureano\Desktop\scared-scrubs.jpg
[2013/09/11 21:08:56 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/09/11 21:06:56 | 000,000,000 | ---- | M] () -- C:\END
[2013/09/11 20:41:50 | 000,259,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/11 20:38:47 | 000,001,444 | ---- | M] () -- C:\Users\Laureano\Desktop\DivX Movies.lnk
[2013/09/11 20:38:20 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2013/09/11 20:37:49 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2013/09/11 20:34:30 | 000,001,059 | ---- | M] () -- C:\Users\Laureano\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2013/09/11 20:34:30 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2013/09/10 09:20:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/10 09:20:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/08/26 21:39:06 | 000,001,949 | ---- | M] () -- C:\Users\Laureano\Desktop\Torch.lnk
[2013/08/26 02:13:02 | 000,354,656 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl

========== Files Created - No Company Name ==========

[2013/09/12 23:53:04 | 000,143,048 | ---- | C] () -- C:\Users\Laureano\Desktop\scared-scrubs.jpg
[2013/09/11 21:08:56 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/09/11 21:03:46 | 000,000,000 | ---- | C] () -- C:\END
[2013/09/11 21:03:38 | 001,344,304 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2013/09/11 20:38:20 | 000,000,970 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2013/09/11 20:37:49 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2013/09/11 20:34:35 | 000,000,334 | ---- | C] () -- C:\Windows\tasks\dsmonitor.job
[2013/09/11 20:34:30 | 000,001,059 | ---- | C] () -- C:\Users\Laureano\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2013/09/11 20:34:30 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2012/06/15 00:18:23 | 000,032,936 | ---- | C] () -- C:\Windows\scunin.dat
[2010/06/05 18:52:50 | 000,395,108 | ---- | C] () -- C:\Users\Laureano\fishermans_wharf_map.pdf
[2009/12/09 23:19:42 | 000,143,360 | ---- | C] () -- C:\Users\Laureano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/14 12:04:52 | 000,000,680 | ---- | C] () -- C:\Users\Laureano\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 05:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/04/11 12:15:39 | 011,580,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/06/27 19:26:11 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 19:33:39 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >


I hope this is helps at all. Thanx guys!
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go Malware Forum. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am reviewing your logs and will reply shortly. In the meantime, please run this scan:


Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
ThetechmanDan

ThetechmanDan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
No Problem!

Here ya go:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-19 21:50:26
-----------------------------
21:50:26.730 OS Version: Windows 6.0.6001 Service Pack 1
21:50:26.730 Number of processors: 1 586 0xF0D
21:50:26.742 ComputerName: LAUREANO-PC UserName: Laureano
21:50:31.688 Initialize success
21:50:32.852 AVAST engine defs: 13091902
21:50:35.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:50:35.643 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
21:50:35.766 Disk 0 MBR read successfully
21:50:35.787 Disk 0 MBR scan
21:50:35.792 Disk 0 Windows VISTA default MBR code
21:50:35.795 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:50:35.822 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920
21:50:35.844 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 137586 MB offset 30801920
21:50:35.853 Disk 0 scanning sectors +312579760
21:50:35.948 Disk 0 scanning C:\Windows\system32\drivers
21:50:52.142 Service scanning
21:51:15.822 Modules scanning
21:51:37.290 Disk 0 trace - called modules:
21:51:37.700 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
21:51:37.706 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86010628]
21:51:37.711 3 CLASSPNP.SYS[8a1a6745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8474c028]
21:51:38.353 AVAST engine scan C:\Windows
21:51:40.629 AVAST engine scan C:\Windows\system32
21:54:27.879 AVAST engine scan C:\Windows\system32\drivers
21:54:42.864 AVAST engine scan C:\Users\Laureano
21:55:53.339 Disk 0 MBR has been saved successfully to "C:\Users\Laureano\Downloads\MBR.dat"
21:55:53.352 The log file has been saved successfully to "C:\Users\Laureano\Downloads\aswMBR.txt"


:cool:
  • 0

#4
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Ok. Let's clean out some adware and get a fresh OTL scan.


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Please download AdwCleaner by Xplode from here
  • Close all open windows and browsers
  • Run the tool by double-clicking it. If you are using Windows Vista, 7 or 8, right click on the Adwcleaner icon and choose Run as Administrator to execute the program
  • Click the Scan button and wait for the scan to finish.

    Posted Image
  • Now Click the Clean button and copy/paste the log in your next reply. This report is also saved to C:\AdwCleaner[**].txt

    Posted Image

After this, please open OTL, run a "Quick Scan," and post the log.
  • 0

#5
ThetechmanDan

ThetechmanDan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I got JRT.exe and clicked on "run as administrator"

It just told me that "a bad module has been detected!"

it made me restart after that (im restarting now)
  • 0

#6
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
If you can't get JRT to run, continue with adwCleaner.
  • 0

#7
ThetechmanDan

ThetechmanDan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows Vista ™ Home Basic x86
Ran by Laureano on Fri 09/20/2013 at 17:52:27.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] defaulttabsearch
Successfully deleted: [Service] defaulttabsearch
Failed to stop: [Service] ibupdaterservice
Successfully stopped: [Service] updater by sweetpacks
Successfully deleted: [Service] updater by sweetpacks
Failed to stop: [Service] yontoo desktop updater



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sweetie.ietoolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sweetie.ietoolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\sweetim_urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\toolbar3.sweetie
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\toolbar3.sweetie.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\browserconnection.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnsbho.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\extension.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\yontooieclient.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CE4DB5A3-58E6-41F1-8761-47238DF4F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{75E8DA27-44AF-40AE-927C-F2EEC99D65B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\apn dtx
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilividtoolbarguid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\searchqutoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1050773450-914210209-3468096444-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchqumediabartb
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\updater by sweetpacks
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wnlt
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\browserconnection.loader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\browserconnection.loader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnsbho.bho
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnsbho.bho.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\driverscanner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ilivid
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ilividiehelper.dnsguard
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ilividiehelper.dnsguard.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.api.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\defaulttab
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilividtoolbarguid
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\search results toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchqu toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c2f8ca82-2bd9-4513-b2d1-08a47914c1da}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{dd85d6bf-4787-4a93-99a5-3f0cf0ae8834}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3310511
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{56BA5EA1-8A8A-4E55-9884-A8FCD452B5F2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}



~~~ Files

Successfully deleted: [File] C:\Windows\System32\Tasks\dsmonitor
Successfully deleted: [File] C:\Windows\Tasks\dsmonitor.job
Successfully deleted: [File] "C:\Users\Laureano\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk"
Failed to delete: [File] "C:\Windows\system32\dmwu.exe"
Failed to delete: [File] "C:\Windows\system32\imhttpcomm.dll"
Successfully deleted: [File] "C:\end"
Successfully deleted: [File] "C:\Users\Laureano\AppData\Local\Temp\searchqutoolbar-manifest.xml"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\torchcrashhandler"
Successfully deleted: [Folder] "C:\Users\Laureano\AppData\Roaming\defaulttab"
Successfully deleted: [Folder] "C:\Users\Laureano\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\Laureano\AppData\Roaming\yontoo"
Successfully deleted: [Folder] "C:\Users\Laureano\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Laureano\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Laureano\appdata\local\defineext"
Successfully deleted: [Folder] "C:\Users\Laureano\appdata\local\ilivid"
Successfully deleted: [Folder] "C:\Users\Laureano\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\Laureano\appdata\local\torch"
Successfully deleted: [Folder] "C:\Users\Laureano\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Laureano\appdata\locallow\ilividtoolbarguid"
Successfully deleted: [Folder] "C:\Users\Laureano\appdata\locallow\searchquband"
Successfully deleted: [Folder] "C:\Users\Laureano\appdata\locallow\searchqutoolbar"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\defaulttab"
Successfully deleted: [Folder] "C:\Program Files\firstrowsportapp.com"
Successfully deleted: [Folder] "C:\Program Files\ilivid"
Successfully deleted: [Folder] "C:\Program Files\search results toolbar"
Successfully deleted: [Folder] "C:\Program Files\search toolbar"
Successfully deleted: [Folder] "C:\Program Files\searchprotect"
Successfully deleted: [Folder] "C:\Program Files\searchqu toolbar"
Successfully deleted: [Folder] "C:\Program Files\sweetim"
Successfully deleted: [Folder] "C:\Program Files\updater by sweetpacks"
Successfully deleted: [Folder] "C:\Program Files\yontoo"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Folder] "C:\Windows\system32\arfc"
Failed to delete: [Folder] "C:\Windows\system32\jmdp"
Successfully deleted: [Folder] "C:\Windows\system32\wnlt"



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\user.js
Successfully deleted: [File] C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\extensions\[email protected]
Successfully deleted: [File] C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\extensions\[email protected]
Successfully deleted: [File] C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\searchplugins\mystart search.xml
Successfully deleted: [File] C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\searchplugins\search_results.xml
Successfully deleted: [File] C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\searchplugins\sweetim.xml
Failed to delete: [Folder] "C:\Program Files\Mozilla Firefox\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}"
Successfully deleted: [Folder] C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\ilividtoolbarguid
Successfully deleted: [Folder] C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\searchqutoolbar
Successfully deleted: [Folder] C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\sweetpackstoolbardata
Successfully deleted: [Folder] C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\extensions\staged
Failed to delete: [Folder] C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
Successfully deleted: [Folder] C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Successfully deleted: [Folder] C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{8e9e3331-d360-4f87-8803-52de43566502}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{c4cfc0de-134f-4466-b2a2-ff7c59a8bfad}
Successfully deleted the following from C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\prefs.js

user_pref("CT3310511.smartbar.homepage", "true");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("browser.search.defaultenginename", "SweetPacks Customized Web Search");
user_pref("browser.search.defaultthis.engineName", "SweetPacks Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&CUI=UN31956352449617298&UM=2&SearchSource=3&q={searchTerms}");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=61&CUI=UN31956352449617298&UM=2&UP=SP93B44DD3-3CBB-4CAD-BCB1-E140
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN31956352449617298&UM=2&q=");
user_pref("smartbar.addressBarOwnerCTID", "CT3310511");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN31956352449617298&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3310511&oct
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN31956352449617298&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511");
user_pref("smartbar.homePageOwnerCTID", "CT3310511");
user_pref("smartbar.machineId", "FQX7JZSCFOFM/TJ/JRREPEWVSKKVPK03BDX1YHX8WDZWQBMQUPRFZUUCI1RC0JBOLHHB5O483MPQB5LRLDI6XA");
user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3310511&CUI=UN31956352449617298&UM=2&SearchSource=13");
Emptied folder: C:\Users\Laureano\AppData\Roaming\mozilla\firefox\profiles\g1bbrd2i.default\minidumps [34 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Laureano\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Folder] C:\Users\Laureano\appdata\local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
Successfully deleted: [Folder] C:\Users\Laureano\appdata\local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Successfully deleted: [Folder] C:\Users\Laureano\appdata\local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc



~~~ Event Viewer Logs were cleared
  • 0

#8
ThetechmanDan

ThetechmanDan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
# AdwCleaner v3.004 - Report created 20/09/2013 at 18:13:33
# Updated 15/09/2013 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 1 (32 bits)
# Username : Laureano - LAUREANO-PC
# Running from : C:\Users\Laureano\Downloads\adwcleaner (2).exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : IBUpdaterService
[#] Service Deleted : Yontoo Desktop Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
Folder Deleted : C:\Program Files\jZip
Folder Deleted : C:\Program Files\Uniblue\DriverScanner
Folder Deleted : C:\Program Files\SweetPacks
Folder Deleted : C:\Windows\system32\jmdp
Folder Deleted : C:\Users\Laureano\AppData\Local\jZip
Folder Deleted : C:\Users\Laureano\AppData\Local\PackageAware
Folder Deleted : C:\Users\Laureano\AppData\Local\TidyNetwork.com
Folder Deleted : C:\Users\Laureano\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\Laureano\AppData\Local\Temp\CT3310511
Folder Deleted : C:\Users\Laureano\AppData\LocalLow\SweetPacks
Folder Deleted : C:\Users\Laureano\AppData\Roaming\Uniblue\DriverScanner
Folder Deleted : C:\Users\Laureano\Documents\optimizer pro
Folder Deleted : C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\jetpack
Folder Deleted : C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\CT3310511
Folder Deleted : C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\Extensions\[email protected]
Folder Deleted : C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\Extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
Folder Deleted : C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
File Deleted : C:\Program Files\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Users\Public\Desktop\driverscanner.lnk
File Deleted : C:\Users\Public\Desktop\jZip.lnk
File Deleted : C:\Windows\system32\dmwu.exe
File Deleted : C:\Windows\system32\ImhxxpComm.dll
File Deleted : C:\Users\Laureano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Laureano\Desktop\iLivid.lnk
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9FF9AE6F-4553-41A7-B645-B0E88850EABF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{872622B1-2175-4390-BB3D-BDB14CCEDC55}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5E6C03E0-D368-4690-8168-9848D4C0F587}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{75AF2B2D-F7BD-48EF-8ED4-7AB4CA91455F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{571F10D0-8E95-4989-B56E-0C47841471AD}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7E8A1050-CF67-4575-92DF-DCC60E7D952D}]
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\AppDataLow\Software\SweetPacks
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\Software\jZip
Key Deleted : HKLM\Software\SweetPacks
Key Deleted : HKLM\Software\Uniblue\DriverScanner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\jZip
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilividtoolbarguid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\jZip
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18226


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\prefs.js ]

Line Deleted : user_pref("CT3310511.FF19Solved", "true");
Line Deleted : user_pref("CT3310511.UserID", "UN31956352449617298");
Line Deleted : user_pref("CT3310511.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3310511.fullUserID", "UN31956352449617298.IN.20130911210428");
Line Deleted : user_pref("CT3310511.installDate", "11/09/2013 21:04:34");
Line Deleted : user_pref("CT3310511.installSessionId", "{7CB299CD-E4F7-4FE3-B2F2-7D3283DD2DEB}");
Line Deleted : user_pref("CT3310511.installSp", "TRUE");
Line Deleted : user_pref("CT3310511.installerVersion", "1.7.0.9");
Line Deleted : user_pref("CT3310511.keyword", "true");
Line Deleted : user_pref("CT3310511.originalHomepage", "about:home");
Line Deleted : user_pref("CT3310511.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3310511.originalSearchEngine", "");
Line Deleted : user_pref("CT3310511.originalSearchEngineName", "");
Line Deleted : user_pref("CT3310511.searchRevert", "false");
Line Deleted : user_pref("CT3310511.searchUserMode", "2");
Line Deleted : user_pref("CT3310511.versionFromInstaller", "10.20.0.13");
Line Deleted : user_pref("CT3310511.xpeMode", "0");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "e17e8f5c-f1bf-4821-900e-980c594fbad8");

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : suggest_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [10211 octets] - [20/09/2013 18:12:09]
AdwCleaner[S0].txt - [10017 octets] - [20/09/2013 18:13:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10078 octets] ##########
  • 0

#9
ThetechmanDan

ThetechmanDan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OTL logfile created on: 9/20/2013 6:21:49 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laureano\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 58.02% Memory free
6.12 Gb Paging File | 4.79 Gb Available in Paging File | 78.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 47.52 Gb Free Space | 35.37% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 10.42 Gb Free Space | 71.10% Space Free | Partition Type: NTFS

Computer Name: LAUREANO-PC | User Name: Laureano | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/18 19:40:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laureano\Downloads\OTL.exe
PRC - [2013/09/02 13:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/08/28 17:23:38 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/01/28 23:49:31 | 000,713,816 | ---- | M] (Koninklijke Philips Electronics N.V.) -- C:\Users\Laureano\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe
PRC - [2012/10/30 16:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/09/10 19:30:03 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/06/01 04:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/06/01 04:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009/05/21 12:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 12:16:16 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/31 07:28:00 | 000,249,938 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\stacsv.exe
PRC - [2009/03/31 07:27:48 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\AEstSrv.exe
PRC - [2009/03/31 07:26:12 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/03/31 07:25:54 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/03/31 07:25:52 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/03/31 07:25:50 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/02/04 19:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/07 20:55:00 | 000,072,224 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/20 19:33:24 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE


========== Modules (No Company Name) ==========

MOD - [2013/09/02 13:35:56 | 000,410,576 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013/09/02 13:35:55 | 013,599,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
MOD - [2013/09/02 13:35:54 | 004,053,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/02 13:35:01 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2013/08/28 17:25:02 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/08/28 17:23:38 | 001,861,968 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/06/27 16:53:57 | 011,796,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\47b2e1d9030f551f685dfea0b618e7fd\System.Web.ni.dll
MOD - [2009/06/27 16:53:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a4fd3b000abfd4712b02ec223df3e9dd\System.Runtime.Remoting.ni.dll
MOD - [2009/06/27 16:37:49 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\38b9d09539b67b08ee996db6c71f8a9b\System.Xml.ni.dll
MOD - [2009/06/27 16:37:24 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\57ac9ba5419d6bf4b79f2979b0755428\System.ni.dll
MOD - [2009/06/27 11:33:22 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\c068708e16abf0be77a21b9f29817d83\mscorlib.ni.dll
MOD - [2008/12/11 10:47:34 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - [2013/09/19 21:48:42 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/10 09:20:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/10 19:30:03 | 003,381,184 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/08/24 18:29:02 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/06/01 04:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/03/31 07:28:00 | 000,249,938 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\stacsv.exe -- (STacSV)
SRV - [2009/03/31 07:27:48 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ec3a90dd\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/07 20:55:00 | 000,072,224 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/10/30 16:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 16:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 16:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 16:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 16:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 16:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/07/11 10:07:52 | 000,181,008 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssidrv.sys -- (ssidrv)
DRV - [2011/07/11 10:07:52 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sshrmd.sys -- (sshrmd)
DRV - [2011/07/11 10:07:50 | 000,045,584 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ssfmonm.sys -- (ssfmonm)
DRV - [2009/03/31 07:28:14 | 000,394,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/31 07:25:48 | 000,196,144 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/02/02 08:21:30 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/01/07 20:55:00 | 000,051,616 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009/01/07 20:55:00 | 000,041,760 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2008/12/11 10:47:16 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/01/20 19:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{90D5743A-1DAE-4911-A375-C4FFA53A86D3}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{F837AEE8-572F-419E-9FA7-6489B2F34053}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.94.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.9
FF - prefs.js..extensions.enabledAddons: tidynetwork%40tidynetwork:5.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@raidcall.com/RCplugin: C:\Users\Laureano\AppData\LocalLow\raidcall\plugins\webplugin_en.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Laureano\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Laureano\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Laureano\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/01/11 14:24:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/19 00:00:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/19 21:47:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/19 21:48:04 | 000,000,000 | ---D | M]

[2012/11/17 19:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Extensions
[2013/09/20 18:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions
[2009/11/14 12:02:13 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/04/15 20:04:58 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\[email protected]
[2010/07/26 09:01:05 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\[email protected]
[2013/09/11 21:02:29 | 000,000,000 | ---D | M] (Define Ext) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\[email protected]
[2013/05/28 12:56:24 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/09/20 18:13:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/09/19 21:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/19 21:48:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\LAUREANO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G1BBRD2I.DEFAULT\EXTENSIONS\[email protected]
[2012/03/18 13:59:54 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...=CT3310511&UM=2
CHR - default_search_provider: suggest_url = http://suggest.searc...6510192219&UM=2
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: getPlusPlus for Adobe 16249 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Laureano\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Laureano\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: TidyNetwork.com = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjfapmjdfefijidhnppmddblhlnkljgb\5.0.0.0_0\
CHR - Extension: avast! WebRep = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: TidyNetwork.com = C:\Users\Laureano\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjfapmjdfefijidhnppmddblhlnkljgb\5.0.0.0_0\

O1 HOSTS File: ([2013/09/16 08:30:44 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ALconnect] C:\Users\Laureano\AppData\Roaming\DirectLife\ALconnect\ALconnect.exe (Koninklijke Philips Electronics N.V.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll ()
O4 - HKLM..\RunOnce: [B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll ()
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84585AD9-3FD1-40A2-BDE5-3D051E4FC399}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Laureano\Desktop\scared-scrubs.jpg
O24 - Desktop BackupWallPaper: C:\Users\Laureano\Desktop\scared-scrubs.jpg
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (X2㘀㠵ᑀ 獭ㅶた搮汬) - File not found
O30 - LSA: Security Packages - (>뻯㠵ᑀ㠵ᑀ&) - File not found
O30 - LSA: Security Packages - (䷚) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{756926d5-e66b-11de-a911-0024e8aaa8b3}\Shell - "" = AutoRun
O33 - MountPoints2\{756926d5-e66b-11de-a911-0024e8aaa8b3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{af1e5467-2301-11df-8c17-0024e8aaa8b3}\Shell - "" = AutoRun
O33 - MountPoints2\{af1e5467-2301-11df-8c17-0024e8aaa8b3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\{b27e65f8-eb43-11e2-b7d2-0024e8aaa8b3}\Shell - "" = AutoRun
O33 - MountPoints2\{b27e65f8-eb43-11e2-b7d2-0024e8aaa8b3}\Shell\AutoRun\command - "" = F:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{e07ab45e-d096-11e2-88f2-0024e8aaa8b3}\Shell - "" = AutoRun
O33 - MountPoints2\{e07ab45e-d096-11e2-88f2-0024e8aaa8b3}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{ef7f3919-2eeb-11e2-ad5d-0024e8aaa8b3}\Shell\AutoRun\command - "" = G:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/20 18:12:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/20 17:41:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/19 21:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/09/11 21:13:45 | 000,000,000 | ---D | C] -- C:\Users\Laureano\AppData\Roaming\vlc
[2013/09/11 21:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/09/11 21:08:31 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/09/11 21:03:38 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2013/09/11 21:03:38 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2013/09/11 21:03:38 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcm80.dll
[2013/09/11 21:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/09/11 21:02:40 | 000,000,000 | ---D | C] -- C:\Users\Laureano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
[2013/09/11 20:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2013/09/11 20:34:25 | 000,000,000 | ---D | C] -- C:\Users\Laureano\AppData\Roaming\Uniblue
[2013/09/11 20:34:25 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2013/09/11 00:30:58 | 000,000,000 | ---D | C] -- C:\Program Files\marys crap
[2013/08/26 02:13:02 | 000,354,656 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl

========== Files - Modified Within 30 Days ==========

[2013/09/20 18:26:04 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/20 18:25:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{65FCF4F9-7FC8-4BED-86B1-ABF96E235CCA}.job
[2013/09/20 18:22:49 | 000,608,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/20 18:22:49 | 000,105,952 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/20 18:19:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/20 18:16:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 18:16:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 18:16:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/20 18:15:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/20 18:15:42 | 3180,224,512 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/20 17:52:22 | 000,000,680 | ---- | M] () -- C:\Users\Laureano\AppData\Local\d3d9caps.dat
[2013/09/15 22:08:50 | 000,143,360 | ---- | M] () -- C:\Users\Laureano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/12 23:53:09 | 000,143,048 | ---- | M] () -- C:\Users\Laureano\Desktop\scared-scrubs.jpg
[2013/09/11 21:08:56 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/09/11 20:41:50 | 000,259,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/09/11 20:38:47 | 000,001,444 | ---- | M] () -- C:\Users\Laureano\Desktop\DivX Movies.lnk
[2013/09/11 20:38:20 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2013/09/11 20:37:49 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2013/09/10 09:20:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/10 09:20:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/08/26 21:39:06 | 000,001,949 | ---- | M] () -- C:\Users\Laureano\Desktop\Torch.lnk
[2013/08/26 02:13:02 | 000,354,656 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl

========== Files Created - No Company Name ==========

[2013/09/20 17:30:48 | 001,768,904 | ---- | C] () -- C:\Users\Laureano\Documents\FW_WRT54Gv5v6_1.02.8.001_US_20091005(1).bin
[2013/09/12 23:53:04 | 000,143,048 | ---- | C] () -- C:\Users\Laureano\Desktop\scared-scrubs.jpg
[2013/09/11 21:08:56 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/09/11 20:38:20 | 000,000,970 | ---- | C] () -- C:\Users\Public\Desktop\DivX Player.lnk
[2013/09/11 20:37:49 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\DivX Converter.lnk
[2012/06/15 00:18:23 | 000,032,936 | ---- | C] () -- C:\Windows\scunin.dat
[2010/06/05 18:52:50 | 000,395,108 | ---- | C] () -- C:\Users\Laureano\fishermans_wharf_map.pdf
[2009/12/09 23:19:42 | 000,143,360 | ---- | C] () -- C:\Users\Laureano\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/14 12:04:52 | 000,000,680 | ---- | C] () -- C:\Users\Laureano\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 05:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/04/11 12:15:39 | 011,580,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/06/27 19:26:11 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 19:33:39 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#10
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Sorry for the delay. Will post later today. :)
  • 0

#11
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Tell me how the computer is running after this.


  • Click the Chrome menu Posted Image on the browser toolbar.
  • Click Tools.
  • Select Extensions.
  • Click the trash can icon by these extensions.
    • TidyNetwork.com -> There may be 2 entries.
  • A confirmation dialog appears, click Remove.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [createrestorepoint]
    
    :OTL
    FF - prefs.js..extensions.enabledAddons: tidynetwork%40tidynetwork:5.0
    [2010/07/26 09:01:05 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\[email protected]
    [2013/09/11 21:02:29 | 000,000,000 | ---D | M] (Define Ext) -- C:\Users\Laureano\AppData\Roaming\Mozilla\Firefox\Profiles\g1bbrd2i.default\extensions\[email protected]
    File not found (No name found) -- C:\USERS\LAUREANO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G1BBRD2I.DEFAULT\EXTENSIONS\[email protected]
    
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O30 - LSA: Authentication Packages - (ows\s) - File not found
    O30 - LSA: Security Packages - (X2㘀㠵ᑀ 獭ㅶた搮汬) - File not found
    O30 - LSA: Security Packages - (>뻯㠵ᑀ㠵ᑀ&) - File not found
    O30 - LSA: Security Packages - (䷚) - File not found
    
    O33 - MountPoints2\{e07ab45e-d096-11e2-88f2-0024e8aaa8b3}\Shell - "" = AutoRun
    O33 - MountPoints2\{e07ab45e-d096-11e2-88f2-0024e8aaa8b3}\Shell\AutoRun\command - "" = G:\setup.exe -a
    
    [2013/09/11 21:02:40 | 000,000,000 | ---D | C] -- C:\Users\Laureano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
    
    :Files
    C:\USERS\LAUREANO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G1BBRD2I.DEFAULT\EXTENSIONS\[email protected]
    dir C:\ProgramData\TEMP /c
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply. The log should be saved in C:\_OTL\MovedFiles and should be named with numbers describing the date and time it was run.

  • 0

#12
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP