Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

firefox? makes dd?.tmp files in /C:\Users\lgmd\AppData&


  • This topic is locked This topic is locked

#1
lgmd

lgmd

    New Member

  • Member
  • Pip
  • 9 posts
I do not know when this started.

I delete all files, including multiple dd????.tmp files in C:\Users\lgmd\AppData\Local\Temp (referred to as temp) everytime I exit Firefox 23.0.1. See TempFolder.png. Using Windows 7.

More of these files always show up again in temp every time Firefox is run. If I do not delete the dd????.tmp files, more of them keep getting created. All 0 size, but who knows what goes on while Firefox is running. I am questioning whether Firefox is creating the files, or if I have some virus or spy software. I have run Spybot, no results. I use free Avast. I have looked for rogue programs with unfamiliar names, but I find nothing.

I have disabled all plugins in Firefox, and the dd????.tmp keep getting written to to temp. DoNotTrackMe, duckduckgo.com do not show up in the add-ons or plugins, but they used to. The plugins for RealPlayer show up though. Duckduckgo.com does show up when I look at Manage Search engines.

I have tried everything I know to stop these files being created. Cannot figure it out. I have done web searches for this problem, I find nothing. "Grin!" I have dumped Firefox, but do not know how to debug it. What is a trustworthy debugging tool for Firefox? I am a bit paranoid about downloads. Didn't do me any good to be paranoid.

I have included the TempFolder.png, and the OTL.txt file.

Thank you so much for your help.

OTL logfile created on: 10/2/2013 2:10:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lgmd\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 49.81% Memory free
6.95 Gb Paging File | 5.03 Gb Available in Paging File | 72.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 572.06 Gb Total Space | 512.04 Gb Free Space | 89.51% Space Free | Partition Type: NTFS
Drive D: | 19.95 Gb Total Space | 2.13 Gb Free Space | 10.67% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.28% Space Free | Partition Type: FAT32

Computer Name: lgmd-HP | User Name: lgmd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/02 01:58:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lgmd\Desktop\OTL.exe
PRC - [2013/09/11 04:46:46 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/30 01:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 01:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/08/25 16:15:36 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2011/10/07 20:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/09/12 18:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/11 15:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/11 04:46:45 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/24 05:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files (x86)\ss helper\sprotector.dll
MOD - [2013/01/24 05:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files (x86)\EasyLife\sprotector.dll
MOD - [2011/10/15 00:35:04 | 000,877,624 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2010/11/20 21:51:24 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll
MOD - [2010/11/20 21:48:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010/11/20 21:48:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/30 01:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/09/28 20:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/28 08:19:38 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/05/27 13:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/16 23:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/09/12 18:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/06/28 19:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/30 01:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/30 01:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/30 01:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/30 01:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/30 01:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/30 01:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/30 01:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/30 01:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/08/12 17:10:26 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/30 02:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/06/22 12:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2011/10/14 23:45:36 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/14 23:45:36 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/28 20:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/28 19:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/18 06:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/07/18 18:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/06/17 05:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/06/17 05:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/06/09 20:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/30 18:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/27 13:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/30 16:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/01/26 23:35:26 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2E9EDF38-B883-4786-BA2B-DE6C0F5F17EA}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easyl...971&lg=EN&cc=US
IE - HKLM\..\URLSearchHook: {13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {9CBD3BD8-8EDD-4B02-8475-36C14411B3BC}
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easyl...971&lg=EN&cc=US
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2E9EDF38-B883-4786-BA2B-DE6C0F5F17EA}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 C1 7E AE A4 A6 CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9CBD3BD8-8EDD-4B02-8475-36C14411B3BC}
IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easyl...971&lg=EN&cc=US
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{9CBD3BD8-8EDD-4B02-8475-36C14411B3BC}: "URL" = http://search.condui...7855107289&UM=2
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3302996.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "Vafmusic3 Customized Web Search"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Vafmusic3 Customized Web Search"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.condui...200103&UM=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/08 07:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/30 16:49:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/08/28 18:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Extensions
[2013/09/27 18:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions
[2013/09/11 00:10:02 | 000,000,000 | ---D | M] (Vafmusic3) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\{13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56}
[2013/10/01 19:56:24 | 000,000,000 | ---D | M] ("Feven 1.7") -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com
[2013/08/31 00:56:03 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
[2013/09/10 20:10:05 | 000,000,000 | ---D | M] (savensharE) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
[2013/09/27 18:50:46 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
[2013/09/10 20:10:05 | 000,000,000 | ---D | M] (SearchNewTab) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
[2013/09/11 00:09:35 | 000,000,000 | ---D | M] (Define Ext) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
[2013/09/11 00:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com\extensionData
[2013/09/11 00:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com\extensionData\plugins
[2013/09/11 00:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com\extensionData\userCode
[2013/09/11 00:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions
[2013/08/30 16:49:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/30 16:49:18 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\[email protected]
[2013/08/30 16:49:17 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\[email protected]
[2013/09/11 00:09:43 | 000,000,000 | ---D | M] (Define Ext) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\[email protected]
[2013/09/11 00:09:33 | 000,040,384 | ---- | M] () (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\[email protected]
[2013/08/28 19:40:54 | 000,320,337 | ---- | M] () (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\[email protected]
[2013/08/31 22:45:24 | 000,010,357 | ---- | M] () -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\searchplugins\duckduckgo-lite.xml
[2013/09/11 00:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/11 00:09:31 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/08/28 19:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/11 04:46:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/08 07:36:48 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - homepage: http://searchy.easyl...971&lg=EN&cc=US
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.24.14_0\crossrider
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.24.14_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpmmangjmnibhglgbicpeemebbjfgba\1.0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\obolipcmfeopcbppbgjfghgcgjnoeckd\5.10\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/11 00:00:51 | 000,450,636 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (Feven 1.7) - {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho64.dll (Feven)
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Feven 1.7) - {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho.dll (Feven)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (savensharE) - {58F30DE4-0971-2A68-27BF-DEAB52966604} - C:\ProgramData\savensharE\EPvMZJ7.dll ()
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\lgmd\AppData\Local\DefineExt\temp.dat ()
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{601A54FE-0958-4E38-B0AD-20C88B4890EB}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81F15471-3CF9-4895-BFFB-518FDC30F400}: DhcpNameServer = 192.168.0.1 205.171.2.65
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - AppInit_DLLs: (c:\progra~2\sshelp~1\sprote~1.dll) - c:\Program Files (x86)\ss helper\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~2\easylife\sprote~1.dll) - c:\Program Files (x86)\EasyLife\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/08/28 10:49:45 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/02 01:58:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\lgmd\Desktop\OTL.exe
[2013/09/26 08:45:04 | 000,000,000 | ---D | C] -- C:\Users\lgmd\Desktop\PatioTable
[2013/09/18 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\Process Hacker 2
[2013/09/18 13:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2013/09/18 13:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2013/09/15 05:22:55 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Local\{67C154E9-5821-4587-898A-8CB3CFDC561F}
[2013/09/15 05:22:41 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Local\Windows Live Writer
[2013/09/11 02:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013/09/11 02:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/09/11 01:07:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/09/11 01:07:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/09/11 00:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/09/11 00:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vafmusic3
[2013/09/11 00:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/09/11 00:09:54 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
[2013/09/11 00:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feven 1.7
[2013/09/11 00:09:33 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\DefaultTab
[2013/09/11 00:09:26 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Local\DefineExt
[2013/09/10 20:11:07 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\EZDownloader
[2013/09/10 20:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SummerSoft
[2013/09/10 20:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyLife
[2013/09/10 20:09:50 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Local\Programs
[2013/09/10 20:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ss helper
[2013/09/10 20:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\savensharE
[2013/09/10 20:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/09/10 04:42:57 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\IDT
[2013/09/10 04:38:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Logs
[2013/09/06 14:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Duplicate File Finder
[2013/09/06 14:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fast Duplicate File Finder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\lgmd\Desktop\*.tmp files -> C:\Users\lgmd\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/02 01:58:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lgmd\Desktop\OTL.exe
[2013/10/02 00:14:00 | 000,001,834 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-firefoxinstaller.job
[2013/10/02 00:10:01 | 000,001,302 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-updater.job
[2013/10/02 00:10:00 | 000,001,206 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-codedownloader.job
[2013/10/02 00:10:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-enabler.job
[2013/10/02 00:09:01 | 000,001,910 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-chromeinstaller.job
[2013/10/01 21:53:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/01 19:51:28 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 19:51:28 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/01 19:44:02 | 2800,803,840 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/22 10:07:47 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/22 10:07:47 | 000,659,818 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/22 10:07:47 | 000,120,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/21 19:59:29 | 000,001,568 | ---- | M] () -- C:\Users\lgmd\Desktop\Garmin205w - Shortcut.lnk
[2013/09/21 19:59:28 | 000,001,567 | ---- | M] () -- C:\Users\lgmd\Desktop\MedicalCurrent2013 - Shortcut.lnk
[2013/09/21 19:59:28 | 000,001,441 | ---- | M] () -- C:\Users\lgmd\Desktop\CPAPJim - Shortcut.lnk
[2013/09/21 19:59:28 | 000,001,412 | ---- | M] () -- C:\Users\lgmd\Desktop\Jim1.lnk
[2013/09/18 13:54:06 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\Process Hacker 2.lnk
[2013/09/12 11:26:02 | 000,000,017 | ---- | M] () -- C:\Users\lgmd\AppData\Local\resmon.resmoncfg
[2013/09/11 16:28:07 | 000,000,511 | ---- | M] () -- C:\Windows\wininit.ini
[2013/09/11 02:37:37 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/09/11 01:08:41 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/08 07:36:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/09/06 14:12:37 | 000,001,162 | ---- | M] () -- C:\Users\lgmd\Desktop\Fast Duplicate File Finder.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\lgmd\Desktop\*.tmp files -> C:\Users\lgmd\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/18 13:54:06 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\Process Hacker 2.lnk
[2013/09/12 11:26:02 | 000,000,017 | ---- | C] () -- C:\Users\lgmd\AppData\Local\resmon.resmoncfg
[2013/09/11 16:28:05 | 000,000,511 | ---- | C] () -- C:\Windows\wininit.ini
[2013/09/11 02:37:37 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013/09/11 01:08:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/09/11 01:08:41 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/11 00:10:24 | 000,001,302 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-updater.job
[2013/09/11 00:10:20 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-enabler.job
[2013/09/11 00:10:07 | 000,001,206 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-codedownloader.job
[2013/09/11 00:09:47 | 000,001,834 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-firefoxinstaller.job
[2013/09/11 00:09:39 | 000,001,910 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-chromeinstaller.job
[2013/09/06 14:12:37 | 000,001,162 | ---- | C] () -- C:\Users\lgmd\Desktop\Fast Duplicate File Finder.lnk
[2011/12/25 03:03:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/25 03:00:45 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/12/25 02:56:42 | 000,772,430 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 21:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 21:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/11 00:09:33 | 000,000,000 | ---D | M] -- C:\Users\lgmd\AppData\Roaming\DefaultTab
[2013/08/30 16:47:55 | 000,000,000 | ---D | M] -- C:\Users\lgmd\AppData\Roaming\Easeware
[2013/09/10 20:11:07 | 000,000,000 | ---D | M] -- C:\Users\lgmd\AppData\Roaming\EZDownloader
[2013/09/10 04:42:57 | 000,000,000 | ---D | M] -- C:\Users\lgmd\AppData\Roaming\IDT
[2013/08/28 09:44:05 | 000,000,000 | ---D | M] -- C:\Users\lgmd\AppData\Roaming\ImgBurn
[2013/08/30 16:49:42 | 000,000,000 | ---D | M] -- C:\Users\lgmd\AppData\Roaming\OpenCandy
[2013/08/08 14:39:08 | 000,000,000 | ---D | M] -- C:\Users\lgmd\AppData\Roaming\OpenOffice
[2013/09/18 15:19:23 | 000,000,000 | ---D | M] -- C:\Users\lgmd\AppData\Roaming\Process Hacker 2
[2013/08/08 02:07:07 | 000,000,000 | ---D | M] -- C:\Users\lgmd\AppData\Roaming\Synaptics
[2013/08/21 09:40:26 | 000,000,000 | ---D | M] -- C:\Users\lgmd\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

Attached Thumbnails

  • TempFolder.png

Attached Files

  • Attached File  OTL.Txt   94.01KB   37 downloads

Edited by Essexboy, 02 October 2013 - 07:51 AM.

  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi , :)

:welcome:

My name is Valinorum and I will be your helper today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system, as it wastes another volunteer's time.
  • Please do not install any new software while we are working on this system,as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malwares infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. do not keep going on.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face. :)

 

Temp files are temporary files created by various applications when you run them. Their importance is temporary -- that being said as long as the application is running actively. Hence they are named temp file which is short for temporary files. In most cases they are harmless. Removing them may cause issues to the applications that are using the file. But after a restart they are created once again.

Can you tell me what problem they are causing? I will check your OTL log and instruct you a fix ( if it's required) after reviewing it by my teacher.

:)

Regards,
Valinorum
  • 0

#3
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi lgmd, :)

  • Step #1 Fix with OTL
  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

    :Commands
    [createrestorepoint]
    :OTL
    MOD - [2013/01/24 05:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files (x86)\ss helper\sprotector.dll
    MOD - [2013/01/24 05:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files (x86)\EasyLife\sprotector.dll
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easyl...971&lg=EN&cc=US
    IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easyl...971&lg=EN&cc=US
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
    IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easyl...971&lg=EN&cc=US
    IE - HKCU\..\SearchScopes\{9CBD3BD8-8EDD-4B02-8475-36C14411B3BC}: "URL" = http://search.condui...7855107289&UM=2
    FF - prefs.js..browser.search.defaultenginename: "Vafmusic3 Customized Web Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic3 Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "Vafmusic3 Customized Web Search"
    FF - prefs.js..keyword.URL: "http://search.condui...200103&UM=2&q="
    [2013/09/11 00:10:02 | 000,000,000 | ---D | M] (Vafmusic3) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\{13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56}
    [2013/10/01 19:56:24 | 000,000,000 | ---D | M] ("Feven 1.7") -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com
    [2013/09/10 20:10:05 | 000,000,000 | ---D | M] (savensharE) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
    CHR - homepage: http://searchy.easyl...971&lg=EN&cc=US
    O2:64bit: - BHO: (Feven 1.7) - {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho64.dll (Feven)
    O2 - BHO: (Feven 1.7) - {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho.dll (Feven)
    O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\lgmd\AppData\Local\DefineExt\temp.dat ()
    O3 - HKLM\..\Toolbar: (no name) - {13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O20 - AppInit_DLLs: (c:\progra~2\sshelp~1\sprote~1.dll) - c:\Program Files (x86)\ss helper\sprotector.dll ()
    O20 - AppInit_DLLs: (c:\progra~2\easylife\sprote~1.dll) - c:\Program Files (x86)\EasyLife\sprotector.dll ()[2013/09/11 00:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vafmusic3
    [2013/09/11 00:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
    [2013/09/11 00:09:54 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
    [2013/09/11 00:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feven 1.7
    [2013/09/11 00:09:26 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Local\DefineExt
    [2013/09/10 20:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyLife
    [2013/09/10 20:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\savensharE
    [2013/10/02 00:14:00 | 000,001,834 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-firefoxinstaller.job
    [2013/10/02 00:10:01 | 000,001,302 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-updater.job
    [2013/10/02 00:10:00 | 000,001,206 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-codedownloader.job
    [2013/10/02 00:10:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-enabler.job
    [2013/10/02 00:09:01 | 000,001,910 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-chromeinstaller.job

    :Commands
    [createrestorepoint]
    [emptytemp]

  • Click on "Run Fix" and let the program run unhindered;
  • Your PC will reboot automatically and a log will be opened;
  • Please post it in your next reply.

 

  • Step #2 Fix with AdwCleaner
    Download : ADWCleaner to your desktop.

    NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

    Close all programs and click on the AdwCleaner icon.

    Posted Image

    Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

    The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

 

  • Step #3 Fix with Junkware Removal Tool
    Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

  • Step #4 Scan with OTL
  • Re-run OTL;
  • Copy and Paste the following code inside the Custom Scans/Fixes box;
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Avenger\*.*
    CREATERESTOREPOINT
  • From the Extra Registry choose Use Safe List;
  • Click the Run Scan button;
  • After the scan two logs will be produced;
  • Copy and paste the content of the logs in your next reply

 

  • Required Log(s):
  • OTL fix log;
  • Adwcleaner log;
  • JRT.txt
  • OTL.txt
  • Extras.txt

Regards,
Valinorum
  • 0

#4
lgmd

lgmd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Valinorum,

Thank you for your reply

I am new too. My post was my first. I backed up my data files, in case we have to do a reinstall.

Steps I took

I copied your post to a file on an external drive for a record.
Then I copied your commands from the .odt file I creaded for your reply into ODT. Maybe I should have copied the commands from the network.

Anyway, I am so new, I got what I think are bad results, and I thought I should send you the results before going on.

I could just reinstall, but then I would never find out what is wrong, and I do want to understand and be able to work in the Windows operating system.

As a little further description, these dd????.tmp files in C:\Users\lgmd\AppData\Local\Microsoft\Windows\Temporary Internet Files directory are not normal. I have used Firefox and Windows 7 for quite a long time, and have never had these files before. I just want to figure out where they are coming from, I hope it is not a virus.

I know I am moving slowly, but if I understand what I am doing, and you understand what I am doing, we will have a good chance of a great outcome.

So I did not finish all you gave me to do, but I would rather make sure I am proceeding correctly. Here are the log files from step #1.

----------------------------
All processes killed
Error: Unable to interpret <:Commands
[createrestorepoint]
:OTL
MOD - [2013/01/24 05:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files (x86)\ss helper\sprotector.dll
MOD - [2013/01/24 05:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files (x86)\EasyLife\sprotector.dll
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easyl...971&lg=EN&cc=US
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easyl...971&lg=EN&cc=US
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easyl...971&lg=EN&cc=US
IE - HKCU\..\SearchScopes\{9CBD3BD8-8EDD-4B02-8475-36C14411B3BC}: "URL" = http://search.condui...7855107289&UM=2
FF - prefs.js..browser.search.defaultenginename: "Vafmusic3 Customized Web Search"
FF - prefs.js..b> in the current context!
Error: Unable to interpret <rowser.search.defaultthis.engineName: "Vafmusic3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Vafmusic3 Customized Web Search"
FF - prefs.js..keyword.URL: "http://search.condui...200103&UM=2&q="
[2013/09/11 00:10:02 | 000,000,000 | ---D | M] (Vafmusic3) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\{13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56}
[2013/10/01 19:56:24 | 000,000,000 | ---D | M] ("Feven 1.7") -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com
[2013/09/10 20:10:05 | 000,000,000 | ---D | M] (savensharE) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
CHR > in the current context!
Error: Unable to interpret <- homepage: http://searchy.easyl...971&lg=EN&cc=US
O2:64bit: - BHO: (Feven 1.7) - {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho64.dll (Feven)
O2 - BHO: (Feven 1.7) - {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho.dll (Feven)
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\lgmd\AppData\Local\DefineExt\temp.dat ()
O3 - HKLM\..\Toolbar: (no name) - {13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O20 - AppInit_DLLs: (c:\progra~2\sshelp~1\sprote~1.dll) - c:\Program Files (x86)\ss helper\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~2\easylife\sprote~1.dll) - c:\Program Files (x86)\EasyLife\sprotector.dll ()[2013/09/11 00:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vafmusic3
[2013/09/11 00:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/09/11 0> in the current context!
Error: Unable to interpret <0:09:54 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
[2013/09/11 00:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feven 1.7
[2013/09/11 00:09:26 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Local\DefineExt
[2013/09/10 20:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyLife
[2013/09/10 20:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\savensharE
[2013/10/02 00:14:00 | 000,001,834 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-firefoxinstaller.job
[2013/10/02 00:10:01 | 000,001,302 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-updater.job
[2013/10/02 00:10:00 | 000,001,206 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-codedownloader.job
[2013/10/02 00:10:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-enabler.job
[2013/10/02 00:09:01 | 000,001,910 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-chromeinstaller.job

:Commands
[createrestorepoint]
[emptytemp]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 10022013_172032

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#5
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi lgmd, :)

I am new too. My post was my first. I backed up my data files, in case we have to do a reinstall.

Don't worry mate. Everyone starts as a new. I am still learning new things too. :) And good thing of backing up the data but I doubt we would require a reinstall as I hardly see any major infection in the system. :)

Then I copied your commands from the .odt file I creaded for your reply into ODT. Maybe I should have copied the commands from the network.

Sometime doing that changes the character and they don't work. If you need to copy them, do it in a Notepad. :)

Anyway, I am so new, I got what I think are bad results, and I thought I should send you the results before going on.

Sadly, yes. The fix didn't work.

As a little further description, these dd????.tmp files in C:\Users\lgmd\AppData\Local\Microsoft\Windows\Temporary Internet Files directory are not normal. I have used Firefox and Windows 7 for quite a long time, and have never had these files before. I just want to figure out where they are coming from, I hope it is not a virus.

Once again, they are fine and necessary for applications to perform. The reason you couldn't see them is because they are mostly hidden files. If you go to this link you will see that they are the default directory.

I know I am moving slowly, but if I understand what I am doing, and you understand what I am doing, we will have a good chance of a great outcome.

Not a problem mate. It's always good to ask if you are unsure. :)


Now you need to do the step#1: OTL fix again. This time copy the whole commands(remember that the :(colon) sign in front of the commands is also necessary and paste them in the Custom Scans/Fixes box and click on Run Fix.

Regards,
Valinorum
  • 0

#6
lgmd

lgmd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Firefox is acting funny. Let me know if you get this e-mail

Hi Valinorum,

I ran all the programs.

The creation of these temp files have been slowing down my computer. At least it seems that is the cause. I want to send of this e-mail now, but I will close and re-open Firefox and see if it is still slow.

I told you wrong. At least one time I told you the dd****.tmp files were being written in

C:\Users\lgmd\AppData\Local\Microsoft\Windows\Temporary Internet Files

but they are being written in

C:\Users\lgmd\AppData\Local\Temp


Here are all the log and text files.
OTL fix log;
Adwcleaner log;
JRT.txt
OTL.txt
Extras.txt

OTL fix log -- Seems to have run well this time.
OTL logfile created on: 10/3/2013 5:26:48 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lgmd\Desktop\dd----.tmpProblem
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 48.80% Memory free
6.95 Gb Paging File | 4.97 Gb Available in Paging File | 71.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 572.06 Gb Total Space | 511.18 Gb Free Space | 89.36% Space Free | Partition Type: NTFS
Drive D: | 19.95 Gb Total Space | 2.13 Gb Free Space | 10.67% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.28% Space Free | Partition Type: FAT32
Drive G: | 1397.17 Gb Total Space | 1227.00 Gb Free Space | 87.82% Space Free | Partition Type: NTFS

Computer Name: LGMD-HP | User Name: lgmd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/02 01:58:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lgmd\Desktop\dd----.tmpProblem\OTL.exe
PRC - [2013/09/11 04:46:46 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/30 01:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 01:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/08/25 16:15:36 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2011/10/07 20:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/09/12 18:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/11 15:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/11 04:46:45 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/24 05:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files (x86)\ss helper\sprotector.dll
MOD - [2013/01/24 05:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files (x86)\EasyLife\sprotector.dll
MOD - [2011/10/15 00:35:04 | 000,877,624 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2010/11/20 21:51:24 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll
MOD - [2010/11/20 21:48:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010/11/20 21:48:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/30 01:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/09/28 20:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/28 08:19:38 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/05/27 13:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/16 23:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/09/12 18:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/06/28 19:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/30 01:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/30 01:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/30 01:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/30 01:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/30 01:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/30 01:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/30 01:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/30 01:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/08/12 17:10:26 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/30 02:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/06/22 12:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2011/10/14 23:45:36 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/14 23:45:36 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/28 20:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/28 19:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/18 06:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/07/18 18:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/06/17 05:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/06/17 05:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/06/09 20:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/30 18:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/27 13:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/30 16:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/01/26 23:35:26 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2E9EDF38-B883-4786-BA2B-DE6C0F5F17EA}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easyl...971&lg=EN&cc=US
IE - HKLM\..\URLSearchHook: {13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {9CBD3BD8-8EDD-4B02-8475-36C14411B3BC}
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easyl...971&lg=EN&cc=US
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2E9EDF38-B883-4786-BA2B-DE6C0F5F17EA}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 C1 7E AE A4 A6 CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9CBD3BD8-8EDD-4B02-8475-36C14411B3BC}
IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easyl...971&lg=EN&cc=US
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{9CBD3BD8-8EDD-4B02-8475-36C14411B3BC}: "URL" = http://search.condui...7855107289&UM=2
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3302996.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "Vafmusic3 Customized Web Search"
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: "Vafmusic3 Customized Web Search"
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.condui...200103&UM=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/08 07:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/30 16:49:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/08/28 18:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Extensions
[2013/09/27 18:50:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions
[2013/09/11 00:10:02 | 000,000,000 | ---D | M] (Vafmusic3) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\{13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56}
[2013/10/03 04:00:58 | 000,000,000 | ---D | M] ("Feven 1.7") -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com
[2013/08/31 00:56:03 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
[2013/09/10 20:10:05 | 000,000,000 | ---D | M] (savensharE) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
[2013/09/27 18:50:46 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
[2013/09/10 20:10:05 | 000,000,000 | ---D | M] (SearchNewTab) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
[2013/09/11 00:09:35 | 000,000,000 | ---D | M] (Define Ext) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
[2013/09/11 00:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com\extensionData
[2013/09/11 00:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com\extensionData\plugins
[2013/09/11 00:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com\extensionData\userCode
[2013/09/11 00:09:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions
[2013/08/30 16:49:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/30 16:49:18 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\[email protected]
[2013/08/30 16:49:17 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\[email protected]
[2013/09/11 00:09:43 | 000,000,000 | ---D | M] (Define Ext) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\[email protected]
[2013/09/11 00:09:33 | 000,040,384 | ---- | M] () (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\[email protected]
[2013/08/28 19:40:54 | 000,320,337 | ---- | M] () (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\[email protected]
[2013/08/31 22:45:24 | 000,010,357 | ---- | M] () -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\searchplugins\duckduckgo-lite.xml
[2013/09/11 00:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/11 00:09:31 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/08/28 19:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/11 04:46:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/08 07:36:48 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - homepage: http://searchy.easyl...971&lg=EN&cc=US
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.24.14_0\crossrider
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.24.14_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpmmangjmnibhglgbicpeemebbjfgba\1.0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\obolipcmfeopcbppbgjfghgcgjnoeckd\5.10\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/11 00:00:51 | 000,450,636 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (Feven 1.7) - {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho64.dll (Feven)
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Feven 1.7) - {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho.dll (Feven)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (savensharE) - {58F30DE4-0971-2A68-27BF-DEAB52966604} - C:\ProgramData\savensharE\EPvMZJ7.dll ()
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\lgmd\AppData\Local\DefineExt\temp.dat ()
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{601A54FE-0958-4E38-B0AD-20C88B4890EB}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81F15471-3CF9-4895-BFFB-518FDC30F400}: DhcpNameServer = 192.168.0.1 205.171.2.65
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - AppInit_DLLs: (c:\progra~2\sshelp~1\sprote~1.dll) - c:\Program Files (x86)\ss helper\sprotector.dll ()
O20 - AppInit_DLLs: (c:\progra~2\easylife\sprote~1.dll) - c:\Program Files (x86)\EasyLife\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/08/28 10:49:45 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/02/27 01:46:23 | 000,000,000 | -H-D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2011/08/29 03:08:32 | 000,000,124 | -H-- | M] () - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

[CREATERESTOREPOINT]
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/02 17:20:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/26 08:45:04 | 000,000,000 | ---D | C] -- C:\Users\lgmd\Desktop\PatioTable
[2013/09/18 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\Process Hacker 2
[2013/09/18 13:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2013/09/18 13:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2013/09/15 05:22:55 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Local\{67C154E9-5821-4587-898A-8CB3CFDC561F}
[2013/09/15 05:22:41 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Local\Windows Live Writer
[2013/09/11 03:41:16 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/11 03:41:16 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/11 02:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013/09/11 02:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/09/11 01:07:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/09/11 01:07:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/09/11 00:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/09/11 00:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vafmusic3
[2013/09/11 00:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/09/11 00:09:54 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
[2013/09/11 00:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feven 1.7
[2013/09/11 00:09:33 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\DefaultTab
[2013/09/11 00:09:26 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Local\DefineExt
[2013/09/10 20:11:07 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\EZDownloader
[2013/09/10 20:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SummerSoft
[2013/09/10 20:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyLife
[2013/09/10 20:09:50 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Local\Programs
[2013/09/10 20:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ss helper
[2013/09/10 20:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\savensharE
[2013/09/10 20:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/09/10 04:42:57 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\IDT
[2013/09/10 04:38:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Logs
[2013/09/06 14:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Duplicate File Finder
[2013/09/06 14:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fast Duplicate File Finder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\lgmd\Desktop\*.tmp files -> C:\Users\lgmd\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/03 04:01:24 | 000,001,302 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-updater.job
[2013/10/03 04:01:16 | 000,001,834 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-firefoxinstaller.job
[2013/10/03 04:01:01 | 000,001,910 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-chromeinstaller.job
[2013/10/03 04:01:01 | 000,001,206 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-codedownloader.job
[2013/10/03 04:01:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-enabler.job
[2013/10/03 04:00:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/02 17:30:18 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/02 17:30:18 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/02 17:22:36 | 2800,803,840 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/02 13:24:02 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/02 13:24:02 | 000,659,818 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/02 13:24:02 | 000,120,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/02 00:32:30 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/02 00:32:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/21 19:59:29 | 000,001,568 | ---- | M] () -- C:\Users\lgmd\Desktop\Garmin205w - Shortcut.lnk
[2013/09/21 19:59:28 | 000,001,567 | ---- | M] () -- C:\Users\lgmd\Desktop\MedicalCurrent2013 - Shortcut.lnk
[2013/09/21 19:59:28 | 000,001,441 | ---- | M] () -- C:\Users\lgmd\Desktop\CPAPJim - Shortcut.lnk
[2013/09/21 19:59:28 | 000,001,412 | ---- | M] () -- C:\Users\lgmd\Desktop\Jim1.lnk
[2013/09/18 13:54:06 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\Process Hacker 2.lnk
[2013/09/12 11:26:02 | 000,000,017 | ---- | M] () -- C:\Users\lgmd\AppData\Local\resmon.resmoncfg
[2013/09/11 16:28:07 | 000,000,511 | ---- | M] () -- C:\Windows\wininit.ini
[2013/09/11 01:08:41 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/08 07:36:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/09/06 14:12:37 | 000,001,162 | ---- | M] () -- C:\Users\lgmd\Desktop\Fast Duplicate File Finder.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\lgmd\Desktop\*.tmp files -> C:\Users\lgmd\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/18 13:54:06 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\Process Hacker 2.lnk
[2013/09/12 11:26:02 | 000,000,017 | ---- | C] () -- C:\Users\lgmd\AppData\Local\resmon.resmoncfg
[2013/09/11 16:28:05 | 000,000,511 | ---- | C] () -- C:\Windows\wininit.ini
[2013/09/11 01:08:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/09/11 01:08:41 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/11 00:10:24 | 000,001,302 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-updater.job
[2013/09/11 00:10:20 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-enabler.job
[2013/09/11 00:10:07 | 000,001,206 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-codedownloader.job
[2013/09/11 00:09:47 | 000,001,834 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-firefoxinstaller.job
[2013/09/11 00:09:39 | 000,001,910 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-chromeinstaller.job
[2013/09/06 14:12:37 | 000,001,162 | ---- | C] () -- C:\Users\lgmd\Desktop\Fast Duplicate File Finder.lnk
[2011/12/25 03:03:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/25 03:00:45 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/12/25 02:56:42 | 000,772,430 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 21:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 21:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< :Commands >

< :OTL >

< MOD - [2013/01/24 05:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files (x86)\ss helper\sprotector.dll >
Invalid Switch: 24 05:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files (x86)\ss helper\sprotector.dll

< MOD - [2013/01/24 05:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files (x86)\EasyLife\sprotector.dll >
Invalid Switch: 24 05:16:54 | 001,050,112 | ---- | M] () -- c:\Program Files (x86)\EasyLife\sprotector.dll

< IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF >

< IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easyl...971&lg=EN&cc=US >
Invalid Switch: searchy.easyl...971&lg=EN&cc=US

< IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easyl...971&lg=EN&cc=US >

< IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF >

< IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easyl...971&lg=EN&cc=US >

< IE - HKCU\..\SearchScopes\{9CBD3BD8-8EDD-4B02-8475-36C14411B3BC}: "URL" = http://search.condui...7855107289&UM=2 >

< FF - prefs.js..browser.search.defaultenginename: "Vafmusic3 Customized Web Search" >

< FF - prefs.js..browser.search.defaultthis.engineName: "Vafmusic3 Customized Web Search" >

< FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}" >

< FF - prefs.js..browser.search.selectedEngine: "Vafmusic3 Customized Web Search" >

< FF - prefs.js..keyword.URL: "http://search.condui...200103&UM=2&q=" >

< [2013/09/11 00:10:02 | 000,000,000 | ---D | M] (Vafmusic3) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\{13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56} >
Invalid Switch: 11 00:10:02 | 000,000,000 | ---D | M] (Vafmusic3) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\{13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56}

< [2013/10/01 19:56:24 | 000,000,000 | ---D | M] ("Feven 1.7") -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com >

< [2013/09/10 20:10:05 | 000,000,000 | ---D | M] (savensharE) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected] >
Invalid Switch: 10 20:10:05 | 000,000,000 | ---D | M] (savensharE) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]

< CHR - homepage: http://searchy.easyl...971&lg=EN&cc=US >
Invalid Switch: searchy.easyl...971&lg=EN&cc=US

< O2:64bit: - BHO: (Feven 1.7) - {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho64.dll (Feven) >

< O2 - BHO: (Feven 1.7) - {11111111-1111-1111-1111-110411051194} - C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho.dll (Feven) >

< O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\lgmd\AppData\Local\DefineExt\temp.dat () >

< O3 - HKLM\..\Toolbar: (no name) - {13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56} - No CLSID value found. >

< O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. >

< O20 - AppInit_DLLs: (c:\progra~2\sshelp~1\sprote~1.dll) - c:\Program Files (x86)\ss helper\sprotector.dll () >

< O20 - AppInit_DLLs: (c:\progra~2\easylife\sprote~1.dll) - c:\Program Files (x86)\EasyLife\sprotector.dll ()[2013/09/11 00:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vafmusic3 >
Invalid Switch: 11 00:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vafmusic3

< [2013/09/11 00:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect >
Invalid Switch: 11 00:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect

< [2013/09/11 00:09:54 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext >
Invalid Switch: 11 00:09:54 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext

< [2013/09/11 00:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feven 1.7 >
Invalid Switch: 11 00:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feven 1.7

< [2013/09/11 00:09:26 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Local\DefineExt >
Invalid Switch: 11 00:09:26 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Local\DefineExt

< [2013/09/10 20:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyLife >
Invalid Switch: 10 20:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyLife

< [2013/09/10 20:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\savensharE >
Invalid Switch: 10 20:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\savensharE

< [2013/10/02 00:14:00 | 000,001,834 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-firefoxinstaller.job >
Invalid Switch: 02 00:14:00 | 000,001,834 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-firefoxinstaller.job

< [2013/10/02 00:10:01 | 000,001,302 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-updater.job >
Invalid Switch: 02 00:10:01 | 000,001,302 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-updater.job

< [2013/10/02 00:10:00 | 000,001,206 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-codedownloader.job >
Invalid Switch: 02 00:10:00 | 000,001,206 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-codedownloader.job

< [2013/10/02 00:10:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-enabler.job >
Invalid Switch: 02 00:10:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-enabler.job

< [2013/10/02 00:09:01 | 000,001,910 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-chromeinstaller.job >
Invalid Switch: 02 00:09:01 | 000,001,910 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-chromeinstaller.job

< >

< :Commands >

< [emptytemp] >

< End of report >

Adwcleaner log
---------------
# AdwCleaner v3.006 - Report created 03/10/2013 at 05:51:53
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : lgmd - LGMD-HP
# Running from : C:\Users\lgmd\Desktop\dd----.tmpProblem\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\savensharE
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\EasyLife
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Program Files (x86)\Vafmusic3
Folder Deleted : C:\Users\lgmd\AppData\Local\DefineExt
Folder Deleted : C:\Users\lgmd\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\lgmd\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\lgmd\AppData\LocalLow\Vafmusic3
Folder Deleted : C:\Users\lgmd\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\lgmd\AppData\Roaming\EZDownloader
Folder Deleted : C:\Users\lgmd\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\CT3302996
Folder Deleted : C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\jetpack
Folder Deleted : C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\Extensions\{13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56}
Folder Deleted : C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
File Deleted : C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\Extensions\[email protected]
File Deleted : C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_d33a5824
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_eea72b4f
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0040594.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0040594.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0040594.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0040594.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3302996
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A10AE34-82BD-424B-B3F6-21DFEAC8D212}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411051194}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422052294}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455055594}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466056694}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444054494}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411051194}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2A10AE34-82BD-424B-B3F6-21DFEAC8D212}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411051194}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B1DFCF2D-4E07-4D84-A12E-FE14BB8FBC56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BA0FDD68-B1EA-4664-989F-2F42B3486B5C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{13E6FD5A-3CA5-4D3C-9F79-52FD4134ED56}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{13E6FD5A-3CA5-4D3C-9F79-52FD4134ED56}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{13E6FD5A-3CA5-4D3C-9F79-52FD4134ED56}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411051194}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422052294}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455055594}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466056694}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411051194}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\Vafmusic3
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\Vafmusic3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vafmusic3 Toolbar
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\sshelp~1\sprote~1.dll
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\easylife\sprote~1.dll

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\prefs.js ]

Line Deleted : user_pref("CT3302996.FF19Solved", "true");
Line Deleted : user_pref("CT3302996.UserID", "UN87704137217200103");
Line Deleted : user_pref("CT3302996.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3302996.fullUserID", "UN87704137217200103.IN.20130911000949");
Line Deleted : user_pref("CT3302996.installDate", "11/09/2013 00:10:01");
Line Deleted : user_pref("CT3302996.installSessionId", "{3972133A-17F0-4EEC-BA87-87D96D4C11D4}");
Line Deleted : user_pref("CT3302996.installSp", "TRUE");
Line Deleted : user_pref("CT3302996.installerVersion", "1.6.1.2");
Line Deleted : user_pref("CT3302996.keyword", "true");
Line Deleted : user_pref("CT3302996.originalHomepage", "about:home");
Line Deleted : user_pref("CT3302996.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3302996.originalSearchEngine", "");
Line Deleted : user_pref("CT3302996.originalSearchEngineName", "");
Line Deleted : user_pref("CT3302996.searchRevert", "false");
Line Deleted : user_pref("CT3302996.searchUserMode", "2");
Line Deleted : user_pref("CT3302996.smartbar.homepage", "true");
Line Deleted : user_pref("CT3302996.versionFromInstaller", "10.20.0.13");
Line Deleted : user_pref("CT3302996.xpeMode", "0");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3302996&octid=CT3302996&SearchSource=61&CUI=UN87704137217200103&UM=2&UP=SP727267E5-B325-4DDF-9115-584028AFC533");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename", "Vafmusic3 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Vafmusic3 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3302996&CUI=UN87704137217200103&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "Vafmusic3 Customized Web Search");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3302996&SearchSource=2&CUI=UN87704137217200103&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3302996");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3302996&CUI=UN87704137217200103&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3302996&octid=CT3302996&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3302996&SearchSource=2&CUI=UN87704137217200103&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3302996");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3302996");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3302996&CUI=UN87704137217200103&UM=2&SearchSource=13");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v

[ File : C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [12142 octets] - [03/10/2013 05:50:46]
AdwCleaner[S0].txt - [11563 octets] - [03/10/2013 05:51:53]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11624 octets] ##########


JRT.txt
----------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Windows 7 Home Premium x64
Ran by lgmd on Thu 10/03/2013 at 6:35:15.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411051194}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9CBD3BD8-8EDD-4B02-8475-36C14411B3BC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2E9EDF38-B883-4786-BA2B-DE6C0F5F17EA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F30DE4-0971-2A68-27BF-DEAB52966604}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{58F30DE4-0971-2A68-27BF-DEAB52966604}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{58F30DE4-0971-2A68-27BF-DEAB52966604}



~~~ Files

Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\nsprotector.js"



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\lgmd\appdata\local\{67C154E9-5821-4587-898A-8CB3CFDC561F}



~~~ FireFox

Successfully deleted: [Folder] C:\Users\lgmd\AppData\Roaming\mozilla\firefox\profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com
Emptied folder: C:\Users\lgmd\AppData\Roaming\mozilla\firefox\profiles\dwb36ica.default\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 10/03/2013 at 6:49:20.79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 10/3/2013 8:46:26 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lgmd\Desktop\dd----.tmpProblem
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 54.16% Memory free
6.95 Gb Paging File | 5.03 Gb Available in Paging File | 72.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 572.06 Gb Total Space | 510.84 Gb Free Space | 89.30% Space Free | Partition Type: NTFS
Drive D: | 19.95 Gb Total Space | 2.13 Gb Free Space | 10.67% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.28% Space Free | Partition Type: FAT32
Drive G: | 1397.17 Gb Total Space | 1227.00 Gb Free Space | 87.82% Space Free | Partition Type: NTFS

Computer Name: LGMD-HP | User Name: lgmd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/02 01:58:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\lgmd\Desktop\dd----.tmpProblem\OTL.exe
PRC - [2013/10/02 00:32:30 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/09/11 04:46:46 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/30 01:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 01:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/08/25 16:15:36 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2011/10/07 20:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/09/12 18:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/11 15:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/02 00:32:30 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/09/11 04:46:45 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/15 00:35:04 | 000,877,624 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2010/11/20 21:51:24 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\System.Management.ni.dll
MOD - [2010/11/20 21:48:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010/11/20 21:48:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/30 01:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/09/28 20:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/28 08:19:38 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/05/27 13:06:16 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/16 23:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 03:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/09/05 08:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/09/12 18:55:46 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/07/11 15:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/06/28 19:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/30 01:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/30 01:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/30 01:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/30 01:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/30 01:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/30 01:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/30 01:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/30 01:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/08/12 17:10:26 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/04/30 02:51:09 | 000,040,616 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/06/22 12:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2011/10/14 23:45:36 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/14 23:45:36 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/28 20:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/28 19:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/18 06:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/07/18 18:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/06/17 05:08:26 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/06/17 05:08:24 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/06/09 20:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/30 18:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/27 13:06:16 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/30 16:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/01/26 23:35:26 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2E9EDF38-B883-4786-BA2B-DE6C0F5F17EA}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 C1 7E AE A4 A6 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.9.812
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1497
FF - prefs.js..extensions.enabledAddons: idme%40abine.com:1.27.318
FF - prefs.js..extensions.enabledAddons: 0efc9c38-1ec7-49ed-8915-53a48b6b7600%40e7f17679-2a42-4659-83c5-7ba961fdf75a.com:0.92.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/08 07:36:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/08/30 16:49:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/08/28 18:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Extensions
[2013/10/03 07:29:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions
[2013/10/03 07:29:44 | 000,000,000 | ---D | M] ("Feven 1.7") -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com
[2013/08/31 00:56:03 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
[2013/09/10 20:10:05 | 000,000,000 | ---D | M] (savensharE) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
[2013/09/27 18:50:46 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
[2013/09/10 20:10:05 | 000,000,000 | ---D | M] (SearchNewTab) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
[2013/09/11 00:09:35 | 000,000,000 | ---D | M] (Define Ext) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]
[2013/10/03 07:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com\extensionData
[2013/10/03 07:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com\extensionData\plugins
[2013/10/03 07:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com\extensionData\userCode
[2013/10/03 05:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions
[2013/08/30 16:49:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/30 16:49:18 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\[email protected]
[2013/08/30 16:49:17 | 000,000,000 | ---D | M] (MaskMe) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\[email protected]
[2013/09/11 00:09:43 | 000,000,000 | ---D | M] (Define Ext) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\[email protected]
[2013/08/28 19:40:54 | 000,320,337 | ---- | M] () (No name found) -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\holcixtm.default\extensions\[email protected]
[2013/08/31 22:45:24 | 000,010,357 | ---- | M] () -- C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\searchplugins\duckduckgo-lite.xml
[2013/09/11 00:09:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/11 00:09:31 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/08/28 19:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/11 04:46:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/09/08 07:36:48 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.24.14_0\crossrider
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajppokcpihekimknckddpgkbiphmaglg\1.24.14_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdpmmangjmnibhglgbicpeemebbjfgba\1.0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\obolipcmfeopcbppbgjfghgcgjnoeckd\5.10\
CHR - Extension: No name found = C:\Users\lgmd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/11 00:00:51 | 000,450,636 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{601A54FE-0958-4E38-B0AD-20C88B4890EB}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81F15471-3CF9-4895-BFFB-518FDC30F400}: DhcpNameServer = 192.168.0.1 205.171.2.65
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/08/28 10:49:45 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/02/27 01:46:23 | 000,000,000 | -H-D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2011/08/29 03:08:32 | 000,000,124 | -H-- | M] () - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/03 06:35:13 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/03 05:47:35 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/02 17:20:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/26 08:45:04 | 000,000,000 | ---D | C] -- C:\Users\lgmd\Desktop\PatioTable
[2013/09/18 15:19:23 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\Process Hacker 2
[2013/09/18 13:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2013/09/18 13:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2013/09/15 05:22:41 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Local\Windows Live Writer
[2013/09/11 03:41:16 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/11 03:41:16 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/11 02:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013/09/11 02:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/09/11 01:07:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/09/11 01:07:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/09/11 00:12:37 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/09/11 00:09:54 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext
[2013/09/11 00:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feven 1.7
[2013/09/10 20:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SummerSoft
[2013/09/10 20:09:50 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Local\Programs
[2013/09/10 20:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ss helper
[2013/09/10 20:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/09/10 04:42:57 | 000,000,000 | ---D | C] -- C:\Users\lgmd\AppData\Roaming\IDT
[2013/09/10 04:38:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Logs
[2013/09/06 14:12:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fast Duplicate File Finder
[2013/09/06 14:12:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fast Duplicate File Finder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\lgmd\Desktop\*.tmp files -> C:\Users\lgmd\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/03 07:36:18 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/03 07:36:18 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/03 07:29:54 | 000,001,834 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-firefoxinstaller.job
[2013/10/03 07:29:30 | 000,001,302 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-updater.job
[2013/10/03 07:29:30 | 000,001,206 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-codedownloader.job
[2013/10/03 07:29:30 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-enabler.job
[2013/10/03 07:29:25 | 000,001,910 | ---- | M] () -- C:\Windows\tasks\Feven 1.7-chromeinstaller.job
[2013/10/03 07:28:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/03 07:28:28 | 2800,803,840 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/02 13:24:02 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/02 13:24:02 | 000,659,818 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/02 13:24:02 | 000,120,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/02 00:32:30 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/02 00:32:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/21 19:59:29 | 000,001,568 | ---- | M] () -- C:\Users\lgmd\Desktop\Garmin205w - Shortcut.lnk
[2013/09/21 19:59:28 | 000,001,567 | ---- | M] () -- C:\Users\lgmd\Desktop\MedicalCurrent2013 - Shortcut.lnk
[2013/09/21 19:59:28 | 000,001,441 | ---- | M] () -- C:\Users\lgmd\Desktop\CPAPJim - Shortcut.lnk
[2013/09/21 19:59:28 | 000,001,412 | ---- | M] () -- C:\Users\lgmd\Desktop\Jim1.lnk
[2013/09/18 13:54:06 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\Process Hacker 2.lnk
[2013/09/12 11:26:02 | 000,000,017 | ---- | M] () -- C:\Users\lgmd\AppData\Local\resmon.resmoncfg
[2013/09/11 16:28:07 | 000,000,511 | ---- | M] () -- C:\Windows\wininit.ini
[2013/09/11 01:08:41 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/08 07:36:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/09/06 14:12:37 | 000,001,162 | ---- | M] () -- C:\Users\lgmd\Desktop\Fast Duplicate File Finder.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\lgmd\Desktop\*.tmp files -> C:\Users\lgmd\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/18 13:54:06 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\Process Hacker 2.lnk
[2013/09/12 11:26:02 | 000,000,017 | ---- | C] () -- C:\Users\lgmd\AppData\Local\resmon.resmoncfg
[2013/09/11 16:28:05 | 000,000,511 | ---- | C] () -- C:\Windows\wininit.ini
[2013/09/11 01:08:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/09/11 01:08:41 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/11 00:10:24 | 000,001,302 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-updater.job
[2013/09/11 00:10:20 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-enabler.job
[2013/09/11 00:10:07 | 000,001,206 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-codedownloader.job
[2013/09/11 00:09:47 | 000,001,834 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-firefoxinstaller.job
[2013/09/11 00:09:39 | 000,001,910 | ---- | C] () -- C:\Windows\tasks\Feven 1.7-chromeinstaller.job
[2013/09/06 14:12:37 | 000,001,162 | ---- | C] () -- C:\Users\lgmd\Desktop\Fast Duplicate File Finder.lnk
[2011/12/25 03:03:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/25 03:00:45 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/12/25 02:56:42 | 000,772,430 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 21:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 21:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 21:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 21:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2009/07/13 19:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2010/11/20 21:24:16 | 000,136,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2010/11/20 21:24:16 | 000,177,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 21:24:32 | 000,136,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 21:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 21:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/10/14 23:34:32 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 21:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2010/11/20 21:23:54 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/10/14 23:40:50 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2010/11/20 21:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2009/07/13 19:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 21:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 21:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2009/07/13 19:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 21:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 21:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 21:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 21:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 21:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 21:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2010/11/20 21:24:01 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 21:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 21:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 21:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 21:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 21:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 21:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 21:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 21:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 21:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/10/14 23:35:17 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/10/14 23:35:17 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/10/14 23:35:17 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/10/14 23:35:17 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 21:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/10/14 23:35:17 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/10/14 23:35:17 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 21:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2013/09/05 08:04:32 | 000,002,537 | ---- | M] () MD5=12119C94DF8D736A53F6C331FD72D46E -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\sl_SI\Services\Services.asfx
[2013/09/05 08:04:20 | 000,002,491 | ---- | M] () MD5=137C7EE24F5411F53B8326B9B219FC66 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\nb_NO\Services\Services.asfx
[2013/09/05 08:04:32 | 000,002,646 | ---- | M] () MD5=1C24FB4029C5A7955E15B54B554F57EF -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\ro_RO\Services\Services.asfx
[2013/09/05 08:04:30 | 000,002,514 | ---- | M] () MD5=1DEE0ACF57AF9BCA6EF55DB87DE5177D -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\hr_HR\Services\Services.asfx
[2013/09/05 08:04:30 | 000,003,372 | ---- | M] () MD5=25FC40F1B20BA96E94362080824538BB -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\ru_RU\Services\Services.asfx
[2013/09/05 08:04:16 | 000,002,626 | ---- | M] () MD5=2FD7F2FDEF0BA1B3080372C092348748 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\nl_NL\Services\Services.asfx
[2013/09/05 08:04:12 | 000,002,531 | ---- | M] () MD5=3245B95570BB6FBB531E2FEDF48A75C0 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\it_IT\Services\Services.asfx
[2013/09/05 08:04:18 | 000,002,575 | ---- | M] () MD5=41E9C3CD70C83B6E2120F86B813E45D6 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\fi_FI\Services\Services.asfx
[2013/09/05 08:04:38 | 000,002,495 | ---- | M] () MD5=5023B9592E48988B41AE03208E6E11BF -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\eu_ES\Services\Services.asfx
[2013/09/05 08:04:22 | 000,002,651 | ---- | M] () MD5=529CE83F2FA3AB06251EAA5DB897D096 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\ko_KR\Services\Services.asfx
[2013/09/05 08:04:28 | 000,002,758 | ---- | M] () MD5=5BF29BD056628A88C25959BA80EE9BED -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\hu_HU\Services\Services.asfx
[2013/09/05 08:04:36 | 000,002,541 | ---- | M] () MD5=5EA0637B4A389696A7D809C3E9EC2EC7 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\ca_ES\Services\Services.asfx
[2013/09/05 08:04:34 | 000,003,262 | ---- | M] () MD5=67A74DCD86C142D2E6B4F1F16E5E1F2C -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\uk_UA\Services\Services.asfx
[2013/09/05 08:04:26 | 000,002,617 | ---- | M] () MD5=689F53EAA80054DF4BC686856E185035 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2013/09/05 08:04:24 | 000,002,486 | ---- | M] () MD5=69DBB0C500BD18C1D0764FB0242ED213 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\zh_TW\Services\Services.asfx
[2013/09/05 08:04:34 | 000,002,638 | ---- | M] () MD5=71B6B0BD0214C789D3F301EE790A6D2F -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\sk_SK\Services\Services.asfx
[2013/09/05 08:04:14 | 000,002,554 | ---- | M] () MD5=74339E2CE2536875C3C678B0CAF6EC51 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\sv_SE\Services\Services.asfx
[2013/09/05 08:04:30 | 000,002,599 | ---- | M] () MD5=83107AFE70C6D6EEB7C079CCCCE406D7 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\tr_TR\Services\Services.asfx
[2013/09/05 08:04:12 | 000,002,849 | ---- | M] () MD5=86BBDCD8357F52C31C289EDEC9B158FF -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\ja_JP\Services\Services.asfx
[2012/09/23 20:43:54 | 000,002,488 | R--- | M] () MD5=B1468F053A250799FCE421BEC8AA9A57 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx
[2013/09/05 08:04:16 | 000,002,523 | ---- | M] () MD5=BFFD6506EABA593CF59568B43395B742 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\da_DK\Services\Services.asfx
[2013/09/05 08:04:14 | 000,002,544 | ---- | M] () MD5=E34F6F2011E6A981EE46105A813AA6B4 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\es_ES\Services\Services.asfx
[2013/09/05 08:04:24 | 000,002,455 | ---- | M] () MD5=E6A6F3449EDB55E0A8A4F98E4527964B -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\zh_CN\Services\Services.asfx
[2013/09/05 08:04:08 | 000,002,614 | ---- | M] () MD5=F1B43A488FA907619B1469F76373D812 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\fr_FR\Services\Services.asfx
[2013/09/05 08:04:22 | 000,002,586 | ---- | M] () MD5=F6CC4E1BC7DF8CA3D0EA34B84B83C1B0 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\pt_BR\Services\Services.asfx
[2013/09/05 08:04:10 | 000,002,675 | ---- | M] () MD5=F9E81A4C2C84268EE7437424514D0D8D -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\de_DE\Services\Services.asfx
[2013/09/05 08:04:26 | 000,002,541 | ---- | M] () MD5=FDA0451B478CA4B92ECCBDC4C15D007C -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Locale\pl_PL\Services\Services.asfx

< MD5 for: SERVICES.ASFX1 >
[2012/09/23 20:43:54 | 000,002,457 | R--- | M] () MD5=BE0958E015FED942FAD670540F2BCEC1 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx1

< MD5 for: SERVICES.ASFX10 >
[2012/09/23 20:43:56 | 000,002,543 | R--- | M] () MD5=C66A95C06294259E63522BBB0E8B3ED8 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx10

< MD5 for: SERVICES.ASFX11 >
[2012/09/23 20:43:48 | 000,002,628 | R--- | M] () MD5=8A84C89E1D2A0916D4464D5AD46FB8AC -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx11

< MD5 for: SERVICES.ASFX12 >
[2012/09/23 20:43:50 | 000,002,493 | R--- | M] () MD5=A8C9725DBFAA9DB585F9691060B1FFA3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx12

< MD5 for: SERVICES.ASFX13 >
[2012/09/23 20:43:52 | 000,002,653 | R--- | M] () MD5=881E2DDB014FD5D09B84AA45F2E86077 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx13

< MD5 for: SERVICES.ASFX14 >
[2012/09/23 20:43:44 | 000,002,851 | R--- | M] () MD5=364469E5C8724EB95F2E142438C8CECF -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx14

< MD5 for: SERVICES.ASFX15 >
[2012/09/23 20:43:46 | 000,002,533 | R--- | M] () MD5=72E505C96C0A40BE1DFD0F5FB982F527 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx15

< MD5 for: SERVICES.ASFX16 >
[2012/09/23 20:43:56 | 000,002,760 | R--- | M] () MD5=69BCCC8BA799AD320C723B14DAE327EB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx16

< MD5 for: SERVICES.ASFX17 >
[2012/09/23 20:44:00 | 000,002,516 | R--- | M] () MD5=9B850C525959D9F53CD576DEF11F6ED4 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx17

< MD5 for: SERVICES.ASFX18 >
[2012/09/23 20:43:42 | 000,002,616 | R--- | M] () MD5=939A97CCEC5E78C7D41262B21158D749 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx18

< MD5 for: SERVICES.ASFX19 >
[2012/09/23 20:43:50 | 000,002,577 | R--- | M] () MD5=4160D76537EB300F681419BEA7589192 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx19

< MD5 for: SERVICES.ASFX2 >
[2012/09/23 20:44:02 | 000,003,264 | R--- | M] () MD5=6A3669AC3D692776A76DB4C513B73718 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx2

< MD5 for: SERVICES.ASFX20 >
[2012/09/23 20:44:06 | 000,002,497 | R--- | M] () MD5=6ECF361623A3B738642C61790DF3BF73 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx20

< MD5 for: SERVICES.ASFX21 >
[2012/09/23 20:43:46 | 000,002,546 | R--- | M] () MD5=DE20C36CDD3208B4E8544397E551C40B -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx21

< MD5 for: SERVICES.ASFX22 >
[2012/09/23 20:43:44 | 000,002,677 | R--- | M] () MD5=22FEEF662B7E813F8547E1446EBC706B -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx22

< MD5 for: SERVICES.ASFX23 >
[2012/09/23 20:43:50 | 000,002,525 | R--- | M] () MD5=34EB1E120DAE2C8346BA3747D562355B -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx23

< MD5 for: SERVICES.ASFX24 >
[2012/09/23 20:43:54 | 000,002,619 | R--- | M] () MD5=2468CEF75419234DCA72F892392DFB6C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx24

< MD5 for: SERVICES.ASFX25 >
[2012/09/23 20:44:04 | 000,002,543 | R--- | M] () MD5=C2EDC3B5BB19B6F41226433A889EFE48 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx25

< MD5 for: SERVICES.ASFX3 >
[2012/09/23 20:43:58 | 000,002,601 | R--- | M] () MD5=4E7A75C5564D7E08200E3B7F656BF227 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx3

< MD5 for: SERVICES.ASFX4 >
[2012/09/23 20:43:48 | 000,002,556 | R--- | M] () MD5=3BE849A0D8DEEF6E14BEC19D565A965D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx4

< MD5 for: SERVICES.ASFX5 >
[2012/09/23 20:44:02 | 000,002,539 | R--- | M] () MD5=8DEA878E25C893461D45C8974160B559 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx5

< MD5 for: SERVICES.ASFX6 >
[2012/09/23 20:44:04 | 000,002,640 | R--- | M] () MD5=A86B5BD2B198C0870542D6478C3CC6BC -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx6

< MD5 for: SERVICES.ASFX7 >
[2012/09/23 20:43:58 | 000,003,374 | R--- | M] () MD5=7DE29C93BAEEB470EE77CF5C1B1C03A1 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx7

< MD5 for: SERVICES.ASFX8 >
[2012/09/23 20:44:02 | 000,002,648 | R--- | M] () MD5=0865ABFC40AE2C730EF33F0E29C2C780 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx8

< MD5 for: SERVICES.ASFX9 >
[2012/09/23 20:43:52 | 000,002,588 | R--- | M] () MD5=0D18AE3100D7B9D49DCB1CE1EABA21F7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.asfx9

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\services.cfg
[2013/09/05 08:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.DAT >
[2013/09/27 01:26:22 | 000,002,876 | ---- | M] () MD5=9B75D345C253663B133A4EE3169B9FEA -- C:\Users\lgmd\AppData\Local\Temp\jrt\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.JS >
[2012/12/05 01:09:33 | 000,000,241 | ---- | M] () MD5=C55FD4B2D9ADC20E01AE93DBE519D034 -- C:\Users\lgmd\Desktop\DrKinder\Family\obituary.aspx_files\services.js

< MD5 for: SERVICES.LNK >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2013/07/16 15:28:04 | 000,186,248 | ---- | M] () MD5=3190DA6D96EAE3A354AE533BA0D35D5F -- C:\Program Files (x86)\OpenOffice 4\program\services.rdb

< MD5 for: SERVICES.SBS >
[2013/07/16 13:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< C:\Avenger\*.* >

< End of report >

Extras.txt
------------------
OTL Extras logfile created on: 10/3/2013 4:36:32 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\lgmd\Desktop\dd----.tmpProblem
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 55.01% Memory free
6.95 Gb Paging File | 5.13 Gb Available in Paging File | 73.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 572.06 Gb Total Space | 511.26 Gb Free Space | 89.37% Space Free | Partition Type: NTFS
Drive D: | 19.95 Gb Total Space | 2.13 Gb Free Space | 10.67% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.28% Space Free | Partition Type: FAT32
Drive G: | 1397.17 Gb Total Space | 1227.00 Gb Free Space | 87.82% Space Free | Partition Type: NTFS

Computer Name: LGMD-HP | User Name: lgmd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9C152CDE-5413-4B4C-B8EE-ECB3A0656758}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F77CFD0A-A9B6-4448-B8A1-7FA5479E4D7B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{111B79AA-B511-4655-B3BB-03F1627F8A1D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{307E7DC6-3FE4-4787-884E-55A29CBF151F}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
"{72D11655-39F0-4D69-A19D-54B0DDF75587}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
"{7988778C-60AB-474D-967B-017FF3174204}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{AF66DDF2-FA61-4016-BBA7-9F7FDEFA8165}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{D37322CE-74DD-46D2-A71E-782F2C83E146}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{EEB35DCF-F8EC-4ADF-AC93-6DF48813EFA5}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{F463F9A5-14B5-4963-AD62-E106671621B5}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2FD3DC87-EC8D-78D2-1D3A-F4D6E7531BAF}" = AMD Fuel
"{45726347-6D97-4613-9F89-A9635ACBD34D}" = AMD Media Foundation Decoders
"{45E3D837-4855-7F41-A22E-D1D0AEA71EF8}" = AMD Steady Video Plug-In
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{562608FE-2051-4488-BF22-8CE4C03046AC}" = HP Security Assistant
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ACD449FA-9DF3-779D-DA68-11D486963225}" = AMD Catalyst Install Manager
"{ACE9FB2A-31A5-4285-9510-43F1636EAB21}" = EasyLife Gadget
"{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}" = HP Launch Box
"{BF92729B-1505-55D8-DAD4-4727CDB02FF6}" = ccc-utility64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Process_Hacker2_is1" = Process Hacker 2.31 (r5355)
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{0535D679-6FFB-2CAB-F7FF-7B05D6D6CAB5}" = CCC Help Chinese Standard
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{16F1B95A-F813-7600-EFA5-A97CB11222BC}" = CCC Help French
"{17A5CB1F-712A-41D2-FBBB-4A881EBA9B17}" = CCC Help Polish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20DBF540-DF10-0A5C-7443-F139A84CC1F5}" = CCC Help Dutch
"{21CC6030-B1EA-3E53-DF36-38054A1596B4}" = CCC Help Turkish
"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29819186-C15B-D50E-AB2E-8C24E2619273}" = CCC Help Portuguese
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1" = Folder Size 2.9.0.0
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{314F8264-25FB-C833-1017-3A0E0846112C}" = CCC Help Hungarian
"{3167966F-9811-30EF-6093-B7B95E2F19B7}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{346DAD45-38D4-B63C-C372-1E2BC136DE69}" = CCC Help Finnish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3A83B36C-17B9-4832-445A-7A9DF377BB12}" = CCC Help Swedish
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58A2F6F8-6009-CC35-2A83-DB5F922003DE}" = CCC Help Czech
"{5E21F3A1-9E84-DC22-1C62-0DB056EC7344}" = CCC Help Japanese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62D82EC1-0D3A-DF54-8E3E-07E1337A5311}" = savensharE
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}" = AMD System Monitor
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{81C9D048-B677-3CDD-7E20-3AF8DBFC4A0A}" = Catalyst Control Center Localization All
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{870163D1-4D3A-198C-5414-889F1F4347AE}" = CCC Help Korean
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93335AAC-9F8B-54DF-7DB5-2C98D0DC2111}" = CCC Help Chinese Traditional
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AB0000000001}" = Adobe Reader XI (11.0.04) MUI
"{AD0AAA4D-9A81-8B10-EB28-3C1372987DE7}" = CCC Help Italian
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF240B18-034B-4A82-B3FC-0B879C4BAE2E}" = HP Software Framework
"{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1" = Fast Duplicate File Finder 3.7.0.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F17D6A-12A3-5403-6050-32A5B4A31F31}" = Catalyst Control Center InstallProxy
"{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb
"{BC6CB499-9F29-4B41-8B8B-FA7248525256}" = HP Documentation
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C55C2A19-BAD2-287A-1D7A-9D5FF5FD526E}" = AMD VISION Engine Control Center
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46914D5-CA39-1A40-3CEC-9368E9C28568}" = CCC Help Greek
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEA477E5-F916-973D-E1AB-3CDC735FDB58}" = CCC Help Norwegian
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EA0E4DD2-7CD7-9583-0BE6-AFF3DF09E3E4}" = CCC Help Thai
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0A76517-2D1D-8DE3-F3B7-121B6A1990E8}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F35C5FE9-57EC-9936-5738-D7EB3EA73B28}" = CCC Help Spanish
"{F4708461-A1E0-0657-1FC6-FACFEEA55CBE}" = CCC Help Russian
"{F4EB5AE1-0065-0752-FF11-1E45ABCD443A}" = CCC Help Danish
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{FC2150C5-A1AF-6238-9632-E5BB8739C0BC}" = CCC Help German
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"DefaultTab" = DefaultTab
"DMUninstaller" = DMUninstaller
"Feven 1.7" = Feven 1.7
"ImgBurn" = ImgBurn
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"RealPlayer 16.0" = RealPlayer
"SP_d33a5824" = EasyLife Search 1.74
"SP_eea72b4f" = ss helper 1.74
"Vafmusic3 Toolbar" = Vafmusic3 Toolbar
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-02fce626-93e7-4747-a0d0-b30296ab8875" = Farmscapes
"WTA-046f3adb-3dd0-4de3-b6b7-43960c73e224" = Mah Jong Medley
"WTA-103094ea-8277-404e-8c2b-4e24afa38b93" = The Treasures of Mystery Island: The Ghost Ship
"WTA-19306e08-d307-4336-b431-2baf7083d0b7" = Penguins!
"WTA-2391bce9-41a7-484c-bf41-5a83231b30de" = Cradle of Rome 2
"WTA-2b6ee581-d6b1-4461-9672-7eeb4e9bcb10" = Letters from Nowhere 2
"WTA-32327094-68e9-46a5-b6f9-1eacbb5c75ec" = FATE
"WTA-50db1726-7109-4fdc-9134-20e67de4deb9" = Zuma's Revenge
"WTA-515f2f6f-fc8d-42ea-960a-02b6cc015e9b" = Hoyle Card Games
"WTA-5793ec2b-bcde-4f4e-bdf7-915b121ef8e2" = Polar Golfer
"WTA-5932db8c-721d-4ed1-bc18-f83c89038bf6" = Virtual Villagers 4 - The Tree of Life
"WTA-6a967852-271e-44f8-9ed5-7f3d3c620d71" = Dora's World Adventure
"WTA-6d03cad0-6474-40e7-8cb1-d58d6adf74b9" = Poker Superstars III
"WTA-6ec6e4b6-246a-42da-88c2-656f2c7f6364" = Torchlight
"WTA-77c48557-07e6-4dbb-a09a-d66940a5fdc2" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-7c2d1a8f-6cd1-41e4-8faa-8ca8ad160af4" = Blackhawk Striker 2
"WTA-86d03529-f28e-4b6e-a0c3-7580c7e03f89" = Final Drive Fury
"WTA-8ba63097-2a65-49b5-9d4d-16aa16cccad5" = Jewel Match 3
"WTA-950cecea-ea88-40cf-90e8-3e80fb37184c" = Luxor HD
"WTA-a7f4fd25-c854-4040-9c39-a0ac6ee48349" = Bejeweled 3
"WTA-b7f704b7-ffac-4f78-aeb4-1f8f04fe8654" = Plants vs. Zombies - Game of the Year
"WTA-db14a1bf-a766-4036-bcbc-98f8efc7f96d" = Chuzzle Deluxe
"WTA-edb6ee1b-e268-49fa-b316-b2516982da2a" = Farm Frenzy
"WTA-efaa8289-94dc-4a53-a745-a383ed68d707" = Polar Bowler
"WTA-f6247d29-5448-4cdf-a2a5-05896a97f02e" = RollerCoaster Tycoon 3: Platinum
"WTA-f9b839b1-a021-44ae-be54-e58818a534d2" = John Deere Drive Green

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Define Ext" = Define Ext

< End of report >
  • 0

#7
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
You need to redo the OTL fix part. I think you clicked Run Scan instead of Run Fix. :)
Please, try again. Thanks.
  • 0

#8
lgmd

lgmd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I am having trouble sending a reply. Here is the log file for running OTL again.

10032013_103248.log
-------------------------
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CBD3BD8-8EDD-4B02-8475-36C14411B3BC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CBD3BD8-8EDD-4B02-8475-36C14411B3BC}\ not found.
Folder C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\{13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56}\ not found.
Folder C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]961fdf75a.com\ not found.
Folder C:\Users\lgmd\AppData\Roaming\Mozilla\Firefox\Profiles\dwb36ica.default\extensions\[email protected]\ not found.
Use Chrome's Settings page to change the HomePage.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411051194}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411051194}\ not found.
C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411051194}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411051194}\ not found.
C:\Program Files (x86)\Feven 1.7\Feven 1.7-bho.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}\ not found.
File C:\Users\lgmd\AppData\Local\DefineExt\temp.dat not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13e6fd5a-3ca5-4d3c-9f79-52fd4134ed56}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\sshelp~1\sprote~1.dll deleted successfully.
c:\Program Files (x86)\ss helper\sprotector.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\easylife\sprote~1.dll deleted successfully.
File c:\Program Files (x86)\EasyLife\sprotector.dll ()[2013/09/11 00:10:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vafmusic3 not found.
Folder C:\Program Files (x86)\SearchProtect\ not found.
Folder C:\Users\lgmd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext\ not found.
C:\Program Files (x86)\Feven 1.7 folder moved successfully.
Folder C:\Users\lgmd\AppData\Local\DefineExt\ not found.
Folder C:\Program Files (x86)\EasyLife\ not found.
Folder C:\ProgramData\savensharE\ not found.
C:\Windows\Tasks\Feven 1.7-firefoxinstaller.job moved successfully.
C:\Windows\Tasks\Feven 1.7-updater.job moved successfully.
C:\Windows\Tasks\Feven 1.7-codedownloader.job moved successfully.
C:\Windows\Tasks\Feven 1.7-enabler.job moved successfully.
C:\Windows\Tasks\Feven 1.7-chromeinstaller.job moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Guest
->Temp folder emptied: 2328708 bytes
->Temporary Internet Files folder emptied: 128 bytes

User: lgmd
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5850 bytes
->FireFox cache emptied: 130586481 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 523 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1900463 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 882 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50595 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 129.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10032013_103248

Files\Folders moved on Reboot...
C:\Users\lgmd\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\lgmd\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#9
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts

Firefox is acting funny. Let me know if you get this e-mail

Can you elaborate the issue, please? :)

The creation of these temp files have been slowing down my computer. At least it seems that is the cause. I want to send of this e-mail now, but I will close and re-open Firefox and see if it is still slow.

They are not suppose to slow down your PC unless you have a huge amount of temp files in your system.

I told you wrong. At least one time I told you the dd****.tmp files were being written in

C:\Users\lgmd\AppData\Local\Microsoft\Windows\Temporary Internet Files

but they are being written in

C:\Users\lgmd\AppData\Local\Temp


Once again they are the valid location for the temporary files required for normal software performance.
Here is the image of temporary files in my PC. :)
Posted Image

I am going through your log and your issue. I will post a fix after reviewing it by my teacher. Please, stay with me.

Regards,
Valinorum
  • 0

#10
lgmd

lgmd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Valinorum,

I was concerned about getting that last e-mail sent, so I did not elaborate at the time.

Here are the "funny" things that Firefox is doing.

[indent=1][indent=1]going very slow, creaping
a perminant add keeps popping up. I cannot delete it or stop it. I checked my options in Firefox. No changes that I can tell.
I think the whole sysstem runs slower, but I need to fix the Firefox problem to see if this is the case for sure. Of course, most of the work done on this computer is done on the web.

What got fixed
The dd****.tmp files went away. ccleaner cleans up everything in the local temp file now. I need to study the logs to see what was changed to make them go away.
The rest of the files in the local temp file clean up with ccleaner, just like they used to do, and how they still do on our alternate PC
You have a lot of files in your local temp directory. I run ccleaner quite often. I get some of the same files you have, but they always go away when I run ccleaner

I am going to go over your notes again. I think you have some notes on POP... something or other. I will take a look and see what you have

ccleaner cleans most temp files in the system, but not all.

I will stay with you to the end.

Actually, this is fun.

Oh, I do have company this weekend. I will keep up with the e-mail, but will not have much time to spend. Just a note. I would like to help on this website also when I become more acquainted. This is fun. I like solving problems. I have written so many work instructions, and yet, when I have to follow work instructions written by someone else, I have to pay close attention. I had many calls on my work instructions. They were very detailed, easy steps, pictures and all. People were afraid to take the first step. I was afraid to take the first step on this problem also. We are all so similar.
  • 0

Advertisements


#11
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi lgmd, :)

[indent=1][indent=1]going very slow, creaping
a perminant add keeps popping up. I cannot delete it or stop it. I checked my options in Firefox. No changes that I can tell.
I think the whole sysstem runs slower, but I need to fix the Firefox problem to see if this is the case for sure. Of course, most of the work done on this computer is done on the web.

This is strange. Your logs show that the programs causing those ads were removed.

The dd****.tmp files went away. ccleaner cleans up everything in the local temp file now.

OTL removed them. For curiosity's shake, if you check the last log you posted, you will notice that Total Files Cleaned = 129.00 mb. Also, you can read this.
http://www.computerh...n/t/tempdir.htm (The directory mentioned there is also a legitimate location for the temp files).

The rest of the files in the local temp file clean up with ccleaner, just like they used to do, and how they still do on our alternate PC

CCleaner is an excellent program. But we do not recommend the registry cleaning option of that program or any programs with that feature as Windows registry is a very sophisticated area and removing entries without knowledge can result an unbootable machine.

ccleaner cleans most temp files in the system, but not all.

If a file is using by a program, CCleaner will not remove it. Even you cannot manually remove them.

I will stay with you to the end.

:thumbsup:

Just a note. I would like to help on this website also when I become more acquainted.

Apply to GeekU after I clean your PC.

We are all so similar.

It's a small world. :)

 
Now let's get back to work.

  • Step #1 Reinstall Firefox
  • Download the latest version of Firefox from here;
  • Uninstall the current version of Firefox. Make sure you do a complete uninstall which included all preferences and restart your PC;
  • Right-click on the Firefox setup file that you downloaded and choose Run as administrator;
  • Install the new version of Firefox.

How is it running now?

Also, re run OTL and click on Quick Scan and post the log.

Regards,
Valinorum
  • 0

#12
lgmd

lgmd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Valinorum,

Sorry I did not get back to you sooner. One problem was that, of all things, my mouse wore out. Had to steal the mouse from the other family computer. I can use the touch pad, but I do not like it. Also, my company came and left now. It was a very nice visit. Back to work.

I am a bit of a hacker, I think. I think out of the box. So, I read your e-mail, but kept thinking about the problem. I came up with a solution. I really did not want to just re-install Firefox, so I looked at about:config. I discovered with a google search in config:about that google had a setting for google adds. I deleted that setting and the permanent pop-up add went away, and I could again see my addons, and got better performance. I plan to look further into about:config and other about: settings. I do not want google, yahoo, or other adds or controls being put on my private browser and controlling or recording what I do. So there is another project.

Do you know about about:config in firefox? Getting rid of the google add setting also make firefox run better.

What is wrong with ccleaner registry cleaner? I have used it for a long time. I have tried some of the commercial registry cleaners, but never have liked their results. The commercial registry cleaners have really messed up my computer at times, like making ccleaner run slow, like making my whole computer run slow.

Why does the bullet and indent functions on this, otherwise really nice mail reply program, not work for me? Maybe it does work for you? The smiley faces do not work for me either. If I use these functions, I just get words (like indent) inserted. Maybe something else wrong with about: I do not know what the problem is.

So, currently I am not going to re-install Firefox. I would like to know what made all the dd****.tmp files go away, though. Do you know what made them go away?

Where do you want to take it from here?

Regards,

lgmd
  • 0

#13
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi lgmd, :)

Sorry I did not get back to you sooner. One problem was that, of all things, my mouse wore out. Had to steal the mouse from the other family computer. I can use the touch pad, but I do not like it. Also, my company came and left now. It was a very nice visit. Back to work.


No problem. :)

Do you know about about:config in firefox? Getting rid of the google add setting also make firefox run better.

about:config is a feature of Mozilla applications which lists application settings (known as preferences) that are read from the profile files prefs.js and user.js, and from application defaults. Many of these preferences are not present in the Options or Preferences dialog. But since I cannot check it via a log and intruding with about:config entry may break Firefox and void its warranty, re-install was a safe solution from my part as it will also reset the about:config.

What is wrong with ccleaner registry cleaner? I have used it for a long time. I have tried some of the commercial registry cleaners, but never have liked their results. The commercial registry cleaners have really messed up my computer at times, like making ccleaner run slow, like making my whole computer run slow.


Windows registry is a sensitive place and modifying data without taking precaution can cause serious damage. Some times an inactive entry can be useful at later time. Registry cleaner removes not by a specific method but by hindsight of years of experience. Beside, registy takes less memory space and cleaning it hardly makes a difference.

Why does the bullet and indent functions on this, otherwise really nice mail reply program, not work for me? Maybe it does work for you? The smiley faces do not work for me either. If I use these functions, I just get words (like indent) inserted. Maybe something else wrong with about: I do not know what the problem is.

It's a forum feature to make lists like in MS Office. Are you viewing my posts in email which may unable to interpret the feature?

So, currently I am not going to re-install Firefox.

No need seeing it's working good.

I would like to know what made all the dd****.tmp files go away, though. Do you know what made them go away?

Maybe from one of the adwares you had in the system. Removing the adware made the creating of the dd****.tmp futile.

Where do you want to take it from here?

It will depend on what issue(s) you are facing currently. Are you facing any?

Regards,
Valinorum
  • 0

#14
lgmd

lgmd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi Valinorum ,

I think I got a little too smartie. I am going to re-install Firefox, and maybe the whole system. What happened was some virus or something got through. Avast tried to stop it, and asked to do a boot scan, which I put off. I think what ever got through messed up Avast. I cannot find a setting on Avast to do a boot scan. Oh, I am so stupid. What ever got through also made it so that I cannot set Firefox Options>Privacy>History No matter what I set it, It always goes back to "User custum settings" I have always set this to "never remember history"

I like to figure out what is going on, but sometimes things just get out of hand. That is usually when I do an OS re-install. It has been some time since I did an OS re-install. I probably should start with a Firefox re-install.

I will take your advice.

Regards,
lgmd
  • 0

#15
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,915 posts
Hi lgmd, :)

What happened was some virus or something got through. Avast tried to stop it, and asked to do a boot scan, which I put off. I think what ever got through messed up Avast. I cannot find a setting on Avast to do a boot scan.

Because of this hindsight you will be more careful in the future. :)

It has been some time since I did an OS re-install. I probably should start with a Firefox re-install.

If you are planning an OS re-install, I hardly think reinstalling Firefox is necessary. Backup you data which included pictures, office files and other and format the drive. And reinstall all the program. So, you can have a clean system.


Also, since you like to play with your system, I suggest you to try them inside a Virtual Machine. In this way you can experiment as much as you can like while keeping your main system protected.

Regards,
Valinorum
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP