Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pup.optional.bandoo virus


  • Please log in to reply

#1
brent_818

brent_818

    New Member

  • Member
  • Pip
  • 7 posts
Hey guys/gals,

I've got a virus that malware bytes identifies as pup.optional.bandoo and I can't seem to shake it. A fellow engineer I work with pointed me to this site, what a life saver btw. Any help would be great! Looking forward to getting this thing off my computer, thanks!
  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Hi! My name is zep516 and Welcome to Geeks to Go!

I'll do the best I can to resolve your computer issue
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

First:

Please download OTL to your Desktop
  • Double click on the Posted Image to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox
    and
  • Check the option for All under the Extra Registry section
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic
  • OTL.txt <-- Will be opened, maximized
  • Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.
  • 0

#3
brent_818

brent_818

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL.txt

OTL logfile created on: 10/21/2013 6:18:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Brent Willey\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 359.07 Mb Available Physical Memory | 35.41% Memory free
2.38 Gb Paging File | 1.78 Gb Available in Paging File | 74.49% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.07 Gb Total Space | 32.58 Gb Free Space | 47.17% Space Free | Partition Type: NTFS
Drive F: | 1.61 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BRENTWILLEYSPC | User Name: Brent Willey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/21 06:17:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brent Willey\My Documents\Downloads\OTL(1).exe
PRC - [2013/10/03 19:47:28 | 002,404,376 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/10/03 19:47:28 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
PRC - [2013/10/03 19:47:26 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
PRC - [2013/09/03 17:17:22 | 000,832,360 | ---- | M] (Spigot, Inc.) -- C:\Documents and Settings\Brent Willey\Application Data\Search Protection\SearchProtection.exe
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/22 10:05:32 | 000,720,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2012/09/28 11:21:20 | 000,098,304 | ---- | M] () -- C:\Program Files\Navionics World\NavService.exe
PRC - [2012/07/21 13:53:06 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2011/05/26 14:14:52 | 000,477,080 | ---- | M] () -- C:\Documents and Settings\Brent Willey\Application Data\HP SimpleSave Application\StartHelper.exe
PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Documents and Settings\Brent Willey\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/10 18:17:16 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/06/20 19:11:00 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/04/04 17:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006/02/14 15:11:46 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2005/11/28 16:38:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/11/28 16:38:42 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/10/12 00:36:38 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2004/11/17 23:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/19 12:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/02/20 17:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/03 19:47:29 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
MOD - [2013/10/03 19:47:29 | 000,142,360 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
MOD - [2013/10/03 19:47:28 | 002,404,376 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/10/03 19:47:26 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/09/28 11:21:20 | 000,098,304 | ---- | M] () -- C:\Program Files\Navionics World\NavService.exe
MOD - [2011/10/11 06:46:22 | 008,179,712 | ---- | M] () -- C:\Program Files\Navionics World\QtGui4.dll
MOD - [2011/10/11 06:36:08 | 000,983,040 | ---- | M] () -- C:\Program Files\Navionics World\QtNetwork4.dll
MOD - [2011/10/11 06:34:56 | 002,203,648 | ---- | M] () -- C:\Program Files\Navionics World\QtCore4.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/26 14:14:52 | 000,477,080 | ---- | M] () -- C:\Documents and Settings\Brent Willey\Application Data\HP SimpleSave Application\StartHelper.exe
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/04/02 08:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/07/03 00:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/07/03 00:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/06/20 19:11:00 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


========== Services (SafeList) ==========

SRV - [2013/10/03 19:47:28 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- (vToolbarUpdater17.0.12)
SRV - [2013/09/30 23:57:43 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/21 13:53:06 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2010/08/26 15:03:06 | 001,120,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Documents and Settings\Brent Willey\Application Data\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2006/06/20 19:11:00 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/06/13 11:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 12:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 13:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2006/05/18 13:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2006/05/08 07:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 20:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 20:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 20:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/04 17:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/28 16:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 16:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 16:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/07/14 22:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/08/11 03:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds)
SRV - [2004/08/11 00:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/10/03 19:47:29 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/08/26 15:03:06 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2009/07/13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/07/24 20:38:20 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/24 20:38:20 | 000,727,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/07/24 20:38:20 | 000,208,256 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/07/03 02:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/14 14:04:00 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/05/23 11:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/02/21 22:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2005/10/15 19:56:47 | 000,103,040 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mach3.sys -- (Mach3)
DRV - [2004/11/22 16:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-472147603-47468643-4270109915-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKU\S-1-5-21-472147603-47468643-4270109915-1005\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWin0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-472147603-47468643-4270109915-1005\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-21-472147603-47468643-4270109915-1005\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-472147603-47468643-4270109915-1005\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-07-21 23:20:58&v=14.2.0.1&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-472147603-47468643-4270109915-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3106777
IE - HKU\S-1-5-21-472147603-47468643-4270109915-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-472147603-47468643-4270109915-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-472147603-47468643-4270109915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-21-472147603-47468643-4270109915-500\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-21-472147603-47468643-4270109915-500\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - No CLSID value found
IE - HKU\S-1-5-21-472147603-47468643-4270109915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=617686"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B74c841e3-b59f-479e-8d7a-e26a942a87c8%7D:3.5
FF - prefs.js..extensions.enabledAddons: %7B50fafaf0-70a9-419d-a109-fa4b4ffd4e37%7D:3.20.0.4
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:17.0.1.12
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: [email protected]:10.0.0.7
FF - prefs.js..extensions.enabledItems: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.10.0.1
FF - prefs.js..extensions.enabledItems: {74c841e3-b59f-479e-8d7a-e26a942a87c8}:3.5
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@winzip.com/Winzip Courier: C:\Program Files\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.0.1.12 [2013/10/03 19:48:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{74c841e3-b59f-479e-8d7a-e26a942a87c8}: C:\Program Files\WinZip Courier\FFExt [2012/03/11 09:25:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/30 23:57:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/30 23:57:25 | 000,000,000 | ---D | M]

[2010/08/27 12:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Extensions
[2010/08/27 12:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Extensions\[email protected]
[2013/10/01 00:03:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions
[2010/09/21 22:22:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/09/09 22:27:06 | 000,000,000 | ---D | M] (WinZipBar Community Toolbar) -- C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}
[2013/09/04 21:06:34 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\searchplugins\yahoo.xml
[2013/09/30 23:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/30 23:57:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/03 19:48:08 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG SECURE SEARCH\FIREFOXEXT\17.0.1.12
[2011/02/06 17:36:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/03/11 09:25:01 | 000,000,000 | ---D | M] (WinZip Courier) -- C:\PROGRAM FILES\WINZIP COURIER\FFEXT
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/19 03:54:30 | 000,371,904 | ---- | M] (Navionics) -- C:\Program Files\mozilla firefox\plugins\npNavIn.dll
[2013/06/27 18:09:05 | 000,003,716 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - homepage: 11,backup:{_signature:qfXpfq8tAvs2+Z1OZ+QTmWU+pXIA2lc4mJd1kurIP1w=,_version:3,browser:{show_home_button:false},extensions:{ids:[ahfgeienlihckogmohjhadlkjgocpleb,blpcfgokakmgnkcojhhkbfbldkacnbeo,coobgpohoikkiipiblmjeljniedjpjpf,jmfkcklnlgedgbglfkkgedjfmejoahla,pjkljhegncpnkpknbcohdijeoejaedia]},homepage:http://www.google.com/,homepage_is_newtabpage:false,session:{restore_on_startup:5}},browser:{check_default_browser:false,window_placement:{bottom:728,left:10,maximized:false,right:1014,top:10,work_area_bottom:738,work_area_left:0,work_area_right:1024,work_area_top:0}},countryid_at_install:21843,custom_handlers:{enabled:true,ignored_protocol_handlers:[{protocol:mailto,title:Gmail,url:https://mail.google.com/mail/?extsrc=mailto&url=%s}]},default_apps_install_state:1,default_search_provider:{enabled:true,encodings:UTF-8,icon_url:http://www.google.com/favicon.ico,id:2,instant_url:{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&{google:instantFieldTrialGroupParameter}ie={inputEncoding}{google:instantEnabledParameter}{searchTerms},keyword:google.com,name:Google,prepopulate_id:1,search_url:{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms},suggest_url:{google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}},distribution:{create_all_shortcuts:true,do_not_launch_chrome:true,import_history:false,import_search_engine:false,make_chrome_default:true,show_welcome_page:true,skip_first_run_ui:true,verbose_logging:false},dns_prefetching:{host_referral_list:[2,[http://ad.yieldmanager.com/,[http://ad.yieldmanag...m/,2.27338020]],[http://answers.basspro.com/,[http://ajax.googleap...4164888999576]],[http://cd.progressive.com/,[http://cd.progressiv...9416085407748]],[http://cdn.turn.com/,[http://tag.admeld.com/,2.27338020]],[http://chase.com/,[https://www.chase.co...9614810014193]],[http://cmap.uac.ace.advertising.com/,[http://cmap.an.ace.a...m/,2.27338020]],[http://cti.w55c.net/,[http://i.w55c.net/,2...m/,2.27338020]],[http://d3.zedo.com/,[http://d14.zedo.com/...m/,2.27338020]],[http://dsp.imageg.net/,[http://dsp.imageg.ne...4863143604464]],[http://edge.sharethis.com/,[http://w.sharethis.c...2247640338808]],[http://fls.doubleclick.net/,[http://px.owneriq.ne...9968407483890]],[http://itunes.apple.com/,[http://a2.mzstatic.c...1115116577939]],[http://jmp.clickbooth.com/,[http://cpcserve.clic...1322810719999]],[http://network.realmedia.com/,[http://ib.mookie1.co...5776599045350]],[http://outlook.com/,[https://login.live.c...8778139421643]],[http://platform.twitter.com/,[http://cdn.api.twitt....320604615120]],[http://r.turn.com/,[http://cdn.turn.com/,2.60370040]],[http://re.progressive.com/,[https://onlineservic...4939569764937]],[http://reviews.basspro.com/,[http://reviews.bassp...1531454653306]],[http://rs.gwallet.com/,[http://tag.admeld.com/,2.27338020]],[http://s.imwx.com/,[http://g0.imwx.com/,...m/,2.93402060]],[http://s.ytimg.com/,[http://i3.ytimg.com/...4981199999999]],[http://s0.2mdn.net/,[http://s.imwx.com/,2.60370040]],[http://s7.addthis.com/,[http://cf.addthis.co...2360650398162]],[http://search.gandermountain.com/,[http://a248.e.akamai....134171894240]],[http://seg.sharethis.com/,[http://b.scorecardre...4201264590484]],[http://speed.pointroll.com/,[http://api.ipinfodb....m/,2.27338020]],[http://tag.admeld.com/,[http://ad.doubleclic...m/,2.60370040]],[http://this.content.....adshuffle.com/,[http://media2.adshuf...2419767876689]],[http://view.atdmt.com/,[http://ec.atdmt.com/,1.320604615120]],[http://wtags.bluekai.com/,[http://wtags.bluekai...7083409456189]],[http://www.basspro.com/,[http://basspro.tt.om...8504890335180]],[http://www.dickssportinggoods.com/,[http://d.monetate.ne...m/,2.27338020]],[http://www.facebook.com/,[http://external.ak.f...3167415423244]],[http://www.gandermountain.com/,[http://overtons.112....4340799999999]],[http://www.lrp.usace.army.mil/,[http://www.lrp.usace...7542799999998]],[http://www.progressive.com/,[http://cd.progressiv...5335319191497]],[http://www.progressive.homesite.com/,[https://progressived...5986538479316]],[http://www.walmart.com/,[http://beacon.walmar...7083409456189]],[http://www.weather.com/,[http://ad.doubleclic...8761282665689]],[http://www.youtube.com/,[http://s.ytimg.com/,...9354330618464]],[https://accounts.google.com/,[https://accounts.goo...7229544077419]],[https://banking.chase.com/,[https://ad.doublecli...3894300836889]],[https://chaseonline.chase.com/,[https://chaseonline....3894300836889]],[https://fls.doubleclick.net/,[https://engine.cmmeg...2826784861187]],[https://login.live.com/,[https://r3.res.outlo...4496137754815]],[https://mail.google.com/,[https://chatenabled....4392805991026]],[https://maps.google.com/,[https://khms0.google...7589482583341]],[https://mfasa.chase.com/,[https://mfasa.chase....6732773304977]],[https://onlineservic...rogressive.com/,[https://onlineservic...3663963792233]],[https://plusone.google.com/,[https://apis.google....8567374875001]],[https://poc.clixmetrix.com/,[https://poc.clixmetr...9614810014193]],[https://progressived...t.homesite.com/,[https://images.scana...1691866531241]],[https://sn2prd0102.outlook.com/,[https://cba.domains....6020039943161]],[https://www.basspro.com/,[https://basspro.tt.o...5616270450154]],[https://www.chase.com/,[https://ad.yieldmana...5335319191497]],[https://www.google.com/,[https://encrypted-tb...7019638168038]],[https://www.progressive.com/,[https://fls.doublecl...],startup_list:[1,http://maps.google.com/,http://t3.gstatic.com/,http://www.google.com/,https://lh3.googleusercontent.com/,https://lh4.googleusercontent.com/,https://maps.google.com/,https://s2.googleusercontent.com/,https://ssl.gstatic.com/,https://www.google.com/,https://ytimg.googleusercontent.com/]},download:{directory_upgrade:true},extensions:{alerts:{initialized:true},autoupdate:{last_check:12983115092759250,next_check:12983132366335250},blacklistupdate:{lastpingday:12983094002030035,version:0.0.0.110},chrome_url_overrides:{bookmarks:[chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html]},settings:{abciiempgohamehppammbkhkicmkgkob:{blacklist:true},aebfkgcamgnimcbnbiopgdakknjgggnm:{blacklist:true},aemcjbfajnnmhblifaejadoecfoaebld:{blacklist:true},afenhmponmfmdmbmccbmglppcmjhmhmh:{blacklist:true},aglmapjbjphdidmnileogpjkgpdoliep:{blacklist:true},agmhonoepgcnakccfpidhjehlocaeaaj:{blacklist:true},ahfgeienlihckogmohjhadlkjgocpleb:{active_permissions:{api:[appNotifications,management,webstorePrivate]},app_launcher_ordinal:n,page_ordinal:n},ahjfgnikolodijnpakeknpilnemojlhc:{blacklist:true},aifmjmboebdkdelpjenakhaodgneempp:{blacklist:true},alcbnnpmipohgdllkkglhkbncijplago:{blacklist:true},aljdncnajablgppdcfbehhmidlmbndda:{blacklist:true},apdmgffkfhjfeejmbjidennfjdkmmmbl:{blacklist:true},aphncaagnlabkeipnbbicmcahnamibgb:{blacklist:true},bjihddggcgnblgojnmhpnngonofbnkaj:{blacklist:true},bkkchglolnigbfncnbnnbhhempjkdpkf:{blacklist:true},bkplhcigeaiiliajeehehiikokgocbhb:{blacklist:true},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,active_permissions:{api:[appNotifications]},app_launcher_ordinal:t,events:[experimental.extension.onInstalled],from_bookmark:true,from_webstore:true,install_time:12982654034794499,lastpingday:12983094001899035,location:2,manifest:{app:{launch:{container:tab,web_url:http://www.youtube.com/},web_content:{enabled:true,origin:http://www.youtube.com}},current_locale:en_US,default_locale:en,description:The world's most popular online video community.,icons:{128:128.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDC/HotmFlyuz5FaHaIbVBhhL4BwbcUtsfWwzgUMpZt5ZsLB2nW/Y5xwNkkPANYGdVsJkT2GPpRRIKBO5QiJ7jPMa3EZtcZHpkygBlQLSjMhdrAKevpKgIl6YTkwzNvExY6rzVDzeE9zqnIs33eppY4S5QcoALMxuSWlMKqgFQjHQIDAQAB,name:YouTube,permissions:[appNotifications],update_url:http://clients2.google.com/service/update2/crx,version:4.2.5},page_ordinal:n,path:blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.5_0,state:1},boaoagnmpennjoigkkmnjhecapibhfko:{blacklist:true},boclfockfmgcppbajihcgajhpggaakgl:{blacklist:true},bokkificjhapflinbdejegngffgkcgfe:{blacklist:true},caphkimknlmnhpjoneddiaakmcaajagb:{blacklist:true},cbbjhegipokkofhhicbckicchjpcpeni:{blacklist:true},cekdjgnecpoooikhmceokdhojckkkhmh:{blacklist:true},cfbdodejdeejbkffcmiaknpmojjeibpn:{blacklist:true},cgnkbnaiipmfbakpmhllalggoepniemh:{blacklist:true},cihlkpohodpdkdnfalhdkhhlhmhffmbe:{blacklist:true},cjhklhdjonhcohlacgggcbklpnldleck:{blacklist:true},clapnamcglekekmamicmbahkghdcjaeh:{blacklist:true},cmjphjljejnfgdbkdgdlclaabimpknna:{blacklist:true},coajchbkdbfhmhbgcjepiofllfjjcpfp:{blacklist:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,active_bit:false,app_launcher_ordinal:x,events:[experimental.extension.onInstalled],from_bookmark:true,from_webstore:true,install_time:12982654042974499,last_active_pingday:0,lastpingday:12983094001899035,location:2,manifest:{app:{launch:{web_url:http://www.google.com/webhp?source=search_app},urls:[*://www.google.com/search,*://www.google.com/webhp,*://www.google.com/imgres]},current_locale:en_US,default_locale:en,description:The fastest way to search the web.,icons:{128:128.png,16:16.png,32:32.png,48:48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIiso3Loy5VJHL40shGhUl6it5ZG55XB9q/2EX6aa88jAxwPutbCgy5d9bm1YmBzLfSgpX4xcpgTU08ydWbd7b50fbkLsqWl1mRhxoqnN01kuNfv9Hbz9dWWYd+O4ZfD3L2XZs0wQqo0y6k64n+qeLkUMd1MIhf6MR8Xz1SOA8pwIDAQAB,name:Google Search,update_url:http://clients2.google.com/service/update2/crx,version:0.0.0.19},page_ordinal:n,path:coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.19_0,state:1},dadcalgappognjbjpalfophhcfakoeac:{blacklist:true},danapgfidmepmcfbjjacceiaiiioieio:{blacklist:true},dbiblcmlcgdjjbdpbmbcpineegngkiip:{blacklist:true},dbmdicehacbaohlockjgdglcobimmjkh:{blacklist:true},dejippphmhbpgckbhdidnjmdcpfccbaj:{blacklist:true},dgcfmgdfbfbgcpbendbhbkfjppboebed:{blacklist:true},dgkemngdheppgohkjjelnkjmdeimmfml:{blacklist:true},diinokaoicgobepmadnmedlhdfnpehcj:{blacklist:true},dlobhinihbmedmheccecfnkcadpehmbf:{blacklist:true},dmkdhgkknhnfpdjeicefnpmhcpbimden:{blacklist:true},doneghboglgnflpdicnkaojmmljgejkj:{blacklist:true},dpgenihgggagjjggfocjceeobjkadcbc:{blacklist:true},dpmloehicimdjkibmobhmpgdndgbcced:{blacklist:true},ebdcdchjcndpjhehacedepnggfdbfkpn:{blacklist:true},edmnikahahfkfilbbjbdoiabnghbkmjc:{blacklist:true},efhjelcghjkfigiagdfbfilndaffpmdj:{blacklist:true},efnaljpgehfilpmkhobibbjceeeondmn:{blacklist:true},egljdhfnbjahogjahnigfnbpidlmdagi:{blacklist:true},ehgoiaffgjoinpkllmmnikghgpghnabc:{blacklist:true},ehomcoocpagnlcakcbecdaknmacmedld:{blacklist:true},eofejpelggimkodeojpeojnbijgiglgh:{blacklist:true},fafoohpbicgbcejffcplajonhhooddle:{blacklist:true},fbhiehmngojjcmljddjmgpmcockbccmo:{blacklist:true},ffgfbfakpcnngelphjnppokmoicdollk:{blacklist:true},fibgploapkhokkbncddlkcmbmiengcfp:{blacklist:true},fjjeecfjmgfnleghoellhldedkaocjfc:{blacklist:true},flmmgcfcpbfddenepkfmgfpbaceolcoe:{blacklist:true},fmcccidacjgnfiafddkngmeolkoiihil:{blacklist:true},fmonlemffgbabjifjfaoamdflijecdbk:{blacklist:true},fnhcgnmfccojojojacgeiaaeacefdohb:{blacklist:true},fnkaadkanmfgpfbmdcllhjdgmdbgljpi:{blacklist:true},fpbippbofbmgmbojjmgfcifpmdaelcmd:{blacklist:true},fpmajanjndhgpifbcbnklbiehgnpkgmf:{blacklist:true},gbenikfjhilhpgagllmfgggdjaflbmbi:{blacklist:true},ghgphbmpcfgkfneodjpbdanmdoemklio:{blacklist:true},gifglngcdbggmlgkcombebegdaoknkho:{blacklist:true},gjkbghdignnlcknknflbigpammebiolo:{blacklist:true},gkjeccpmibljcfpfapfljciimedljpnm:{blacklist:true},gnapdhmknipknfmhhnhdmhakdfhgeing:{blacklist:true},gncfgndgeoddelbfhlndhljnecoednaa:{blacklist:true},gngmkbiihflpghldjnbpemaicedhdddk:{blacklist:true},gobjcjhhebpjbmjdgmejhebbleadnceo:{blacklist:true},hbaajkahagmlkdekmbdabikbopdgpaac:{blacklist:true},hbmlheccjkodhfejcmblndjodllmnlnl:{blacklist:true},hcapokajkngndbglnfglpfdpoeidmpha:{blacklist:true},hcpndbchnlgojmnijaldkicigmihmdca:{blacklist:true},hefmoncdemhjembgbnkgglhlookbipdc:{blacklist:true},hgjgaeknhmidehalnmokomhpfhbfmpcm:{blacklist:true},hhfffemhgkginfafaoapljdllodppana:{blacklist:true},hhfiljkpjapjjphcocclhhaldpfkkjbi:{blacklist:true},hhjmkijkgojfifipdgmiemghfikbohcm:{blacklist:true},hhlgbfcfbkhlmajakkcjippgpcmejkko:{blacklist:true},hkbgccpdcpbdckohbknjlamamelcnlki:{blacklist:true},hncomkjbbkchfjelocejkbbflmjhlhfp:{blacklist:true},hnipgljcblpgnnojcfldehpeknhakbgj:{blacklist:true},hnkcpoijaeegompjgbjjhkdmljldaccg:{blacklist:true},hnnebfeppcbhhbhiifeaajgcjnkljlld:{blacklist:true},hpibmhghjndideebpackbdlpncgkcppp:{blacklist:true},iablioliielnhdianpbiijaoncbmfend:{blacklist:true},ifbkndkaolfbjjhnnhfmkbkoclpdkpli:{blacklist:true},ifeijfpkjckedpclgncedmgdiaoeahmk:{blacklist:true},ijecjbcgpblkacpijljpaienknanaloa:{blacklist:true},ijenlpgidnapbndonoinbkhekgjonojg:{blacklist:true},imfbomjbodpfgfhfahlgkkcllmhbelhk:{blacklist:true},imkffpjpdngdkpgadcmnlkhhmhdocijn:{blacklist:true},iobnpmeeecphddicmhhmdjbnlbdhjlne:{blacklist:true},iomejadoamfilglofmeaffghddcgapmf:{blacklist:true},jaejgaoiipdjjlbnapngknalafalbkej:{blacklist:true},janhdpmhnighonkkbkdpnljcoenpfkbh:{blacklist:true},jcmipejepoimfflnoapdmkdephgjinck:{blacklist:true},jgmpapdckakiohhebmeoemejibommimi:{blacklist:true},jhhabiomopkibeecgngiggmopkeofacl:{blacklist:true},jindbcpkhnnnjgcjgmkjedbibibiojjf:{blacklist:true},jjnkfllhcgkgnfbekpnmoikpfihpjfli:{blacklist:true},jkihmglffmfjedfbpbpdbbimcodjbmdh:{blacklist:true},jmfkcklnlgedgbglfkkgedjfmejoahla:{ack_external:true,active_permissions:{api:[plugin],scriptable_host:[http://*/*,https://*/*]},events:[experimental.extension.onInstalled],from_bookmark:false,from_webstore:false,install_time:12982298965976191,lastpingday:12983094001899035,location:3,manifest:{background_page:background.html,content_scripts:[{js:[content/jquery-1.4.4.min.js,content/avgls-inline.js,content/searchengine.js,content/searchshield.js],matches:[http://*/*,https://*...iption:Securing your clicks.,format_version:1,icons:{128:content/Icons/128x128.png,16:content/Icons/16x16.png,48:content/Icons/48x48.png,64:content/Icons/64x64.png},id:881AC4EF96904f5fA0B49048C377CD59E8A84102,key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrH3sthUrxOpfC3hPSHs4tIWO24/z8ZQCH5oHRTRkwgdSZ7/ah1PgRHQeNkTYJT0bwLQoxsG1jBLvWLu4I9t3KCTXj0uanaCw7VJjmSIPQCip/1m7ewfS9XdPR9CSUkR2wwp8HeDryToyCINwP8Yg3Lws/FV0nGmF2IV8jpQ6OWQIDAQAB,minimum_chrome_version:9,name:AVG Safe Search,plugins:[{path:plugins/avgnpss.dll,public:true}],version:12.0.0.1901},path:jmfkcklnlgedgbglfkkgedjfmejoahla\\12.0.0.1901_0,state:1},jmifipgdcllamghkhdplfjffkciekbgo:{blacklist:true},jpgidahfcgiajlcbleeiaibpmmblcmnb:{blacklist:true},jpkdlckejfjidmplieobnhijmoiecbhl:{blacklist:true},kbipembkfhbdmkkkfbigmohilmknjnof:{blacklist:true},kcanfkmhccbaheheaackijegkclkaeic:{blacklist:true},kcfnnanmpghdnoompcfclakpacapnfbn:{blacklist:true},kelcbonmemlciepjdmfcifnhloeammhj:{blacklist:true},kgbkdabomfdpfoibliicpmibceaoohgh:{blacklist:true},kinhljbhjmcmoddhdoodekeklmjapjff:{blacklist:true},kkhomejdleoonmbdhcigkhkjcghngncf:{blacklist:true},kleaapgdkahaekcocmkbgfainbhihccj:{blacklist:true},kolbbghckjilleabphhgeggcgpfidofi:{blacklist:true},lbficnmfealeidppcbgdcbemgfjodbkg:{blacklist:true},lceaiepehinnomgijphkmjccbigkljkj:{blacklist:true},ldgfapfmnplpaohbbadnecegcpfkfall:{blacklist:true},lgalokbapphhklmilicdefmgbjkcmldf:{blacklist:true},likifpgnijjfbdegfepoalpamlgnfofi:{blacklist:true},ljcicfibknpmlcmcecddjlbgkejehhpa:{blacklist:true},ljeihpebkahejeacdalhkhmckmggppif:{blacklist:true},lkdimamelhbiijkiljlnedmhnnkkmlbl:{blacklist:true},lljnngafekbnkpdfophmcdlbfebcbcld:{blacklist:true},lnahlgmhpghkhmafjppdidhcoaomipfg:{blacklist:true},lnbeebaenahmkbffnimghceldeeihfak:{blacklist:true},lncjcfkpannmofmpgdfoonkniofdnaba:{blacklist:true},lndempehphjoeimfchjflohpmhamiamf:{blacklist:true},mamfageekafifnickhgkibkofcclfefe:{blacklist:true},mbmdaiddhfoljplpdhohimgieioblfif:{blacklist:true},mdiehnlecbjlppbpaaipmlnhhjgepfcg:{blacklist:true},mfffdpnblflpobcnekhekiahepofaane:{blacklist:true},mfhfkclojmdocagbmecgcnlofppebebd:{blacklist:true},mfncimdpmknolnnnccdmkpnpkaofonkc:{blacklist:true},mjgobkikdipfikmaoakdcdbicpioljgg:{blacklist:true},mjolnadmlahbpepjaemohnkhpjkbhmef:{blacklist:true},mkobblpffgbncfhijabakfafmkjdmmnm:{blacklist:true},mlmegahemifabfmdnndafagnncfbnahn:{blacklist:true},mlmmbepkgelpbenpobinockmiehdahai:{blacklist:true},mlnoedbhndgbjcbeadjfnmjloejlgojk:{blacklist:true},mmjodihhmnpkldljaifiajmlnpflfhpm:{blacklist:true},mnhcgaghminpdabllkbkecahjfkdiabk:{blacklist:true},mnichagcickblneeijmfnmoiakigmmhf:{blacklist:true},mogepbcllienegdibkfpmombhefhcoic:{blacklist:true},nbieffehfdniifkgdckbndjhojohbfjj:{blacklist:true},ndhkiimgbjnendpcfbiadlifmangejoa:{blacklist:true},ndiogongcmocdgjciemhagfhpjamehpe:{blacklist:true},negkalblfongjbphdcbbhddlickhlamd:{blacklist:true},nepfiodmbijheamafkiglonfkjebdjmf:{blacklist:true},nhboiakpmibkbkbeehchlfkggmhphpnk:{blacklist:true},nibohffepnilngkecenfdgnokfhmnkod:{blacklist:true},nidmbljkkcbdfklgdkklgjgmhejmbojn:{blacklist:true},nidodbfomffkfabciljelkbdiabkeehe:{blacklist:true},nihhbeikpchdddoillfdcdinnnnllmna:{blacklist:true},nlgapikcofpablcmfgaoodlhiejiehhh:{blacklist:true},nmphbnbmgfccfhcmibikmhcgajjpelpf:{blacklist:true},nnioepmjbjjlflmdgjanlcmbjahljeeo:{blacklist:true},nochkknnbahbhmmknnmdhagelcnfagom:{blacklist:true},noefghcilkpcabnhhilojimkkjplhcnd:{blacklist:true},npolaghondefgiomhkbiiompikfjneep:{blacklist:true},oakhllhnbcpgagdafgbninlpjdemdmjk:{blacklist:true},oanjogmonneelfpnfmdlalfddkeckdej:{blacklist:true},ocnlnkjmfnolmbclblfhfhcakldceiec:{blacklist:true},odnamglmogfldajnhkfodmloofeokcmm:{blacklist:true},oidjdpbndkjhmhmgdoggibcjnippkcgo:{blacklist:true},omceiakkomngangmllpgbjcoeloglald:{blacklist:true},onpnpccdagncipgnoofbhchlbajcjnkd:{blacklist:true},ookcgejbfhcmcanfkfmmmpahflnlajbl:{blacklist:true},opnnngnphijodjhemhdafpnnpdjggofe:{blacklist:true},pbekednmpdekknlffkiopooofokfmkla:{blacklist:true},pbglijbamgmlcpnnpbfjkbdeheejjloj:{blacklist:true},pfcelnbmkeoaeicedjomcjkcammlkdbk:{blacklist:true},pfoiaildicnbcjojocjlpcibenphhbln:{blacklist:true},pfonklmafadkmcedjlodommcoipgbcde:{blacklist:true},pgldfhecfiofkhnbgcncepnkjkeoahlk:{blacklist:true},phkpgooenaonkpnabopdbjjfmphclela:{blacklist:true},pjdhkkcnlbfebiokpeghfffajaabahfo:{blacklist:true},pjkljhegncpnkpknbcohdijeoejaedia:{ack_external:true,active_bit:false,active_permissions:{api:[notifications]},app_launcher_ordinal:w,events:[experimental.extension.onInstalled],from_bookmark:true,from_webstore:true,install_time:12982654040606499,last_active_pingday:0,lastpingday:12983094001899035,location:2,manifest:{app:{launch:{container:tab,web_url:https://mail.google.com/mail/ca},urls:[*://mail.google.com/mail/ca]},current_locale:en_US,default_locale:en,description:Fast, searchable email with less spam.,icons:{128:128.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCuGglK43iAz3J9BEYK/Mz6ZhloIMMDqQSAaf3vJt4eHbTbSDsu4WdQ9dQDRcKlg8nwQdePBt0C3PSUBtiSNSS37Z3qEGfS7LCju3h6pI1Yr9MQtxw+jUa7kXXIS09VV73pEFUT/F7c6Qe8L5ZxgAcBvXBh1Fie63qb02I9XQ/CQIDAQAB,name:Gmail,options_page:https://mail.google.com/mail/ca/#settings,permissions:[notifications],update_url:http://clients2.google.com/service/update2/crx,version:7},page_ordinal:n,path:pjkljhegncpnkpknbcohdijeoejaedia\\7_0,state:1},pkbbbncikcipejaiiiioboongndhmjgl:{blacklist:true},pkbkkendemaimikinaefldfljliecapm:{blacklist:true},plfijddblbcdcnammpdmfccchkbdekmm:{blacklist:true},pnaiiipilbpcceggeanphcpkkihnojan:{blacklist:true},pnnbdjcjeiobikdfikegpclkcimgafpp:{blacklist:true},pnpfkfanlgljpkpilhgiimfadggfmhcd:{blacklist:true},pnpgiaejfbdapllkchhgchjpdbcpiooa:{blacklist:true},ppmfajacidhcjbddpgmcmigffpppcadd:{blacklist:true}}},google:{services:{username:[email protected]}},homepage:http://isearch.avg.com/?cid={FBD7F416-9690-4646-A213-1ACA46418F12}&mid=6f996d0c2cee47d1b3c0d15198682735-9a8a6a08538e3bf92cf166252c59cca1a5622eba&lang=en&ds=AVG&pr=fr&d=2012-07-21 23:20:58&v=14.2.0.1&pid=avg&sg=0&sap=hp,homepage_is_newtabpage:false,is_google_plus_user:false,net:{http_server_properties:{accounts.google.com:443:{supports_spdy:true},accounts.youtube.com:443:{supports_spdy:true},ad.doubleclick.net:443:{supports_spdy:true},apis.google.com:443:{settings:[{id:4,value:100},{id:5,value:32},{id:6,value:0}],supports_spdy:true},chatenabled.mail.google.com:443:{supports_spdy:true},clients1.google.com:443:{settings:[{id:4,value:100},{id:5,value:16},{id:6,value:0}],supports_spdy:true},clients2.google.com:443:{settings:[{id:4,value:100},{id:5,value:16},{id:6,value:0}],supports_spdy:true},clients4.google.com:443:{settings:[{id:4,value:100},{id:5,value:16},{id:6,value:0}],supports_spdy:true},fls.doubleclick.net:443:{settings:[{id:4,value:100},{id:5,value:16},{id:6,value:0}],supports_spdy:true},fonts.googleapis.com:443:{supports_spdy:true},googleads.g.doubleclick.net:443:{settings:[{id:4,value:100},{id:5,value:16},{id:6,value:0}],supports_spdy:true},id.google.com:443:{settings:[{id:4,value:100},{id:5,value:16},{id:6,value:0}],supports_spdy:true},lh5.googleusercontent.com:443:{settings:[{id:4,value:100},{id:5,value:32},{id:6,value:0}],supports_spdy:true},mail-attachment.googleusercontent.com:443:{supports_spdy:true},mail.google.com:443:{supports_spdy:true},maps.gstatic.com:443:{supports_spdy:true},ssl.google-analytics.com:443:{supports_spdy:true},ssl.gstatic.com:443:{settings:[{id:4,value:100},{id:5,value:19},{id:6,value:0}],supports_spdy:true},stats.g.doubleclick.net:443:{supports_spdy:true},themes.googleusercontent.com:443:{supports_spdy:true},www.google.com:443:{settings:[{id:4,value:100},{id:5,value:27},{id:6,value:0}],supports_spdy:true},www.googleadservices.com:443:{settings:[{id:4,value:100},{id:5,value:16},{id:6,value:0}],supports_spdy:true},ytimg.googleusercontent.com:443:{supports_spdy:true}}},ntp:{app_page_names:[Apps],promo_build:4,promo_closed:false,promo_end:1338955140.0,promo_feature_mask:0,promo_group:44,promo_group_max:99,promo_group_timeslice:0,promo_is_logged_in_to_plus:true,promo_line:We’ve remodeled! <a href=\https://support.google.com/chromeos/?p=ntp19\>Learn more about the latest features</a> on your Chromebook.,promo_platform:8,promo_resource_cache_update:1338587719.422375,promo_start:1338321600.0,promo_views:0,promo_views_max:20,shown_page:2048},plugins:{enabled_internal_pdf3:true,enabled_nacl:true,last_internal_directory:C:\\Program Files\\Google\\Chrome\\Application\\19.0.1084.52,plugins_list:[{enabled:true,name:Remoting Viewer,path:internal-remoting-viewer,version:},{enabled:true,name:Remoting Viewer},{enabled:true,name:Native Client,path:C:\\Program Files\\Google\\Chrome\\Application\\19.0.1084.52\\ppGoogleNaClPluginChrome.dll,version:},{enabled:true,name:Native Client},{enabled:true,name:Chrome PDF Viewer,path:C:\\Program Files\\Google\\Chrome\\Application\\19.0.1084.52\\pdf.dll,version:},{enabled:true,name:Chrome PDF Viewer},{enabled:true,name:Shockwave Flash,path:C:\\Program Files\\Google\\Chrome\\Application\\19.0.1084.52\\gcswf32.dll,version:11,2,202,235},{enabled:true,name:Shockwave Flash,path:C:\\WINDOWS\\system32\\Macromed\\Flash\\NPSWF32.dll,version:11,1,102,55},{enabled:true,name:Flash},{enabled:true,name:AVG Internet Security,path:C:\\Documents and Settings\\Brent Willey\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\jmfkcklnlgedgbglfkkgedjfmejoahla\\12.0.0.1901_0\\plugins/avgnpss.dll,version:12.0.0.1901},{enabled:true,name:AVG Internet Security},{enabled:true,name:Adobe Acrobat,path:C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\Browser\\nppdf32.dll,version:7.0.5.2005092300},{enabled:false,name:Adobe Acrobat},{enabled:true,name:Java Deployment Toolkit 6.0.290.11,path:C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll,version:6.0.290.11},{enabled:true,name:Java™ Platform SE 6 U29,path:C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll,version:6.0.290.11},{enabled:true,name:Java},{enabled:true,name:QuickTime Plug-in 7.6.9,path:C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin.dll,version:7.6.9 (1680.9)},{enabled:true,name:QuickTime Plug-in 7.6.9,path:C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin2.dll,version:7.6.9 (1680.9)},{enabled:true,name:QuickTime Plug-in 7.6.9,path:C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin3.dll,version:7.6.9 (1680.9)},{enabled:true,name:QuickTime Plug-in 7.6.9,path:C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin4.dll,version:7.6.9 (1680.9)},{enabled:true,name:QuickTime Plug-in 7.6.9,path:C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin5.dll,version:7.6.9 (1680.9)},{enabled:true,name:QuickTime Plug-in 7.6.9,path:C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin6.dll,version:7.6.9 (1680.9)},{enabled:true,name:QuickTime Plug-in 7.6.9,path:C:\\Program Files\\Mozilla Firefox\\plugins\\npqtplugin7.dll,version:7.6.9 (1680.9)},{enabled:true,name:QuickTime},{enabled:true,name:Google Earth Plugin,path:C:\\Program Files\\Google\\Google Earth\\plugin\\npgeplugin.dll,version:6.2.0.5788},{enabled:true,name:Google Earth Plugin},{enabled:true,name:Google Update,path:C:\\Program Files\\Google\\Update\\1.3.21.111\\npGoogleUpdate3.dll,version:1.3.21.111},{enabled:true,name:Google Update},{enabled:true,name:WinZip Courier,path:C:\\Program Files\\WinZip Courier\\npwzwmc.dll,version:3.5 (32-bit)},{enabled:true,name:WinZip Courier},{enabled:true,name:iTunes Application Detector,path:C:\\Program Files\\iTunes\\Mozilla Plugins\\npitunes.dll,version:1.0.1.1},{enabled:true,name:iTunes Application Detector},{enabled:true,name:Windows Presentation Foundation,path:c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll,version:3.5.30729.1 built by: SP},{enabled:true,name:Windows Presentation Foundation}]},profile:{avatar_index:0,content_settings:{pref_version:1},exited_cleanly:true,name:First user},session:{restore_on_startup:null,restore_on_startup_migrated:true,urls_to_restore_on_startup:null},sync:{acknowledged_types:[Bookmarks,Preferences,Passwords,Autofill Profiles,Autofill,Themes,Typed URLs,Extensions,Encryption keys,Sessions,Apps,App settings,Extension settings,App Notifications],app_notifications:true,app_settings:true,apps:true,autofill:true,autofill_profile:true,bookmarks:true,encryption_bootstrap_token:AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA+iERA68Vmkew/O1gNcRoXAAAAAACAAAAAAADZgAAqAAAABAAAAB0OC0xhwiy9kNWwxNXhczvAAAAAASAAACgAAAAEAAAABiSUo5dEG/bOUyHZNoEfIs4AAAAC6582WYaA6Zj9EqNbnHHwDksadD58Hmb54Up+tQek2idd6GI00A8s037vo0yBbbg3c2nMhKXT8sUAAAAG20hK7M4ml1vfKfdB04r0GPcgOM=,extension_settings:true,extensions:true,has_setup_completed:true,keep_everything_synced:true,last_synced_time:12983127392990625,max_invalidation_versions:{10:1338410217200000,11:1338256821568000,12:1338520893018000,6:1338511021114000,8:1338518080513000},passwords:true,preferences:true,search_engines:true,session_sync_guid:session_syncax4C4EqmY1T4z9+crNn94Q==,sessions:true,suppress_start:false,themes:true,typed_urls:true},sync_promo:{show_ntp_bubble:false,startup_count:4,user_skipped:true,view_count:
CHR - homepage: http://search.yahoo....r=spigot-yhp-ch
CHR - Extension: No name found = C:\Documents and Settings\Brent Willey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Brent Willey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Brent Willey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: No name found = C:\Documents and Settings\Brent Willey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/03/15 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWin0.dll (Conduit Ltd.)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.0.1.12\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKU\S-1-5-21-472147603-47468643-4270109915-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-472147603-47468643-4270109915-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-472147603-47468643-4270109915-1005\..\Toolbar\WebBrowser: (WinZipBar Toolbar) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - C:\Program Files\WinZipBar\prxtbWin0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [navservice] C:\Program Files\Navionics World\NavService.exe ()
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PartSeal] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-472147603-47468643-4270109915-1005..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-472147603-47468643-4270109915-1005..\Run: [SearchProtection] C:\Documents and Settings\Brent Willey\Application Data\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKU\S-1-5-21-472147603-47468643-4270109915-500..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe (AVG Secure Search)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Brent Willey\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Documents and Settings\Brent Willey\Application Data\HP SimpleSave Application\StartHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-472147603-47468643-4270109915-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O7 - HKU\S-1-5-21-472147603-47468643-4270109915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B88E61E-DCCC-4BF5-8653-90765F6A1A97}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1920x1200.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1920x1200.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/01 18:15:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/06/07 15:27:20 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{5da86f78-b1ea-11df-9045-0018de8ccec6}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/17 07:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Afinia
[2013/10/16 18:12:20 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/10/13 16:59:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2013/10/13 16:59:41 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2013/10/13 16:58:35 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2013/10/13 16:58:35 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2013/10/13 16:58:35 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2013/10/13 16:58:01 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2013/10/13 16:58:01 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2013/10/13 16:58:01 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2013/10/13 16:58:01 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2013/09/30 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[775 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/21 06:06:19 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/21 06:06:17 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/10/21 06:06:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/21 06:06:07 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/20 20:39:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/17 07:52:05 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Brent Willey\Application Data\Microsoft\Internet Explorer\Quick Launch\Afinia.lnk
[2013/10/17 07:52:05 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Afinia.lnk
[2013/10/17 07:42:15 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/16 22:23:18 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/16 18:04:27 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2013/10/14 08:20:22 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/14 07:59:48 | 000,459,970 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/14 07:59:48 | 000,079,458 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/14 07:54:34 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/03 19:48:28 | 000,003,726 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/10/03 19:47:29 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/09/23 03:40:04 | 000,852,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/09/23 03:40:04 | 000,668,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/09/23 03:40:03 | 003,093,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/09/23 03:40:03 | 001,510,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2013/09/23 03:40:03 | 001,025,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2013/09/23 03:40:03 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/09/23 03:40:03 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2013/09/23 03:40:03 | 000,532,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/09/23 03:40:03 | 000,449,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/09/23 03:40:03 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2013/09/23 03:40:03 | 000,251,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2013/09/23 03:40:03 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2013/09/23 03:40:03 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2013/09/23 03:40:03 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdc.ocx
[2013/09/23 03:40:03 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2013/09/23 03:40:03 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/09/22 21:22:30 | 000,369,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2013/09/21 15:11:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[775 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/21 06:06:07 | 1063,440,384 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/17 07:52:05 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Brent Willey\Application Data\Microsoft\Internet Explorer\Quick Launch\Afinia.lnk
[2013/10/17 07:52:05 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Afinia.lnk
[2013/08/05 07:41:41 | 000,003,726 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/07/22 12:40:57 | 000,000,105 | ---- | C] () -- C:\WINDOWS\Mach3.INI
[2012/02/17 09:13:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/09/11 17:09:54 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/09/01 00:48:00 | 000,000,446 | ---- | C] () -- C:\Documents and Settings\Brent Willey\Application Data\wklnhst.dat
[2010/08/26 18:28:30 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Brent Willey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 16:42:19 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Brent Willey\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/09/01 18:12:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/09/23 03:40:03 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

EXTRAS>txt

OTL Extras logfile created on: 10/21/2013 6:18:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Brent Willey\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 359.07 Mb Available Physical Memory | 35.41% Memory free
2.38 Gb Paging File | 1.78 Gb Available in Paging File | 74.49% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.07 Gb Total Space | 32.58 Gb Free Space | 47.17% Space Free | Partition Type: NTFS
Drive F: | 1.61 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BRENTWILLEYSPC | User Name: Brent Willey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-472147603-47468643-4270109915-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Documents and Settings\Brent Willey\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\Brent Willey\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent Inc.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1C8A4EE2-9D97-440F-9D8D-DA19C9657178}" = AVG 2013
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 29
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{37ADBECF-1420-4557-B8CC-BED57053C3FF}" = Click to DVD Tutorial
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5B82682E-C555-45DA-8E2C-CE6525427AC9}" = Click to DVD 2.5.30
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{631E66F3-5BCC-4FF8-9F42-95AF0BFA38B7}" = AVG 2013
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{89D20029-0578-4D8D-979A-695C8D868868}" = H&R Block Basic + Efile 2012
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{908994F4-EBD2-40E0-B8F3-7004FA54E909}" = VAIO Media Tutorial
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A87EBA79-93DB-4A87-B9BA-62F8FB12D993}" = ImageStation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.7
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-11AF-B2CC-ABCD21A325B8}" = WinZip Courier
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D9952D4E-766C-4CD3-BF2E-A2C3D8B15EF3}" = VAIO Backup Utility
"{DF1F02EB-8AA3-4FE7-90B4-1D722C8139B3}" = Afinia 3D Printer
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3D278BD-FC97-4F87-BB1F-689AE0CB9122}" = Macromedia Flash Player 8 Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E85D9824-9316-4124-9AC2-9F7E63B97295}" = H&R Block Ohio 2012
"{E9834CE3-F357-4B85-AC06-43BD998E6D7B}_is1" = Afinia version 1.19
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AOL Search Enhancement" = Search Enhancement by AOL Search
"AVG" = AVG 2013
"AVG Secure Search" = AVG Security Toolbar
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_104D1700" = Soft Data Fax Modem with SmartCP
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)
"Mach3 Mach3VersionR1.83.027" = Mach3 Mach3VersionR1.83.027
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Navionics PC App 1.7.5.0" = Navionics PC App-1.7.5.0
"Navionics PC App 1.8.3.0" = Navionics PC App-1.8.3.0
"Navionics World 1.5.6" = Navionics World
"Navionics World 1.5.7" = Navionics World
"Network MagicUninstall" = Network Magic
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"ProInst" = Intel® PROSet/Wireless Software
"ShockwaveFlash" = Macromedia Flash Player 8
"The Da Vinci Code" = The Da Vinci Code (remove only)
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Wheel of Fortune" = Wheel of Fortune (remove only)
"WIC" = Windows Imaging Component
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0200" = Microsoft WinUsb 2.0
"WinZipBar Toolbar" = WinZipBar Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-472147603-47468643-4270109915-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Search Protection" = Search Protection
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/17/2013 7:22:29 AM | Computer Name = BRENTWILLEYSPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/17/2013 7:22:29 AM | Computer Name = BRENTWILLEYSPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 20968344

Error - 10/17/2013 7:22:29 AM | Computer Name = BRENTWILLEYSPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 20968344

Error - 10/17/2013 7:22:31 AM | Computer Name = BRENTWILLEYSPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/17/2013 7:22:31 AM | Computer Name = BRENTWILLEYSPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 20970297

Error - 10/17/2013 7:22:31 AM | Computer Name = BRENTWILLEYSPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 20970297

Error - 10/17/2013 7:22:33 AM | Computer Name = BRENTWILLEYSPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/17/2013 7:22:33 AM | Computer Name = BRENTWILLEYSPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 20972297

Error - 10/17/2013 7:22:33 AM | Computer Name = BRENTWILLEYSPC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 20972297

Error - 10/21/2013 6:09:07 AM | Computer Name = BRENTWILLEYSPC | Source = Application Hang | ID = 1002
Description = Hanging application nmapp.exe, version 5.5.9170.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/20/2013 8:40:53 PM | Computer Name = BRENTWILLEYSPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVGIDSDriver AVGIDSShim Avgldx86 DMICall Fips intelppm

Error - 10/20/2013 8:49:53 PM | Computer Name = BRENTWILLEYSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/20/2013 8:50:07 PM | Computer Name = BRENTWILLEYSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/20/2013 8:50:12 PM | Computer Name = BRENTWILLEYSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/20/2013 8:50:55 PM | Computer Name = BRENTWILLEYSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/20/2013 8:51:20 PM | Computer Name = BRENTWILLEYSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/20/2013 8:51:54 PM | Computer Name = BRENTWILLEYSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/20/2013 8:51:59 PM | Computer Name = BRENTWILLEYSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 10/21/2013 6:04:38 AM | Computer Name = BRENTWILLEYSPC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/21/2013 6:17:07 AM | Computer Name = BRENTWILLEYSPC | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >


Here are both log files. Let me know what you would like me to do next, thanks for the help!
  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Hi bret,

You have quite a collection of Junk, lets start getting rid of it.

Also I'd like to see the Malwarebytes log you ran. Can you find it? If not see below to "locate" the log report.

C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd

Or

You can also click on Start->Run-> %AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs
Just copy and paste that in bold above into a run command.

We need to run a fix using OTL:

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    PRC - [2013/09/03 17:17:22 | 000,832,360 | ---- | M] (Spigot, Inc.) -- C:\Documents and Settings\Brent Willey\Application Data\Search Protection\SearchProtection.exe
    SRV - [2010/08/26 15:03:06 | 001,120,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    DRV - [2010/08/26 15:03:06 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
    IE - HKU\S-1-5-21-472147603-47468643-4270109915-1005\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWin0.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-472147603-47468643-4270109915-1005\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3106777
    IE - HKU\S-1-5-21-472147603-47468643-4270109915-500\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@winzip.com/Winzip Courier: C:\Program Files\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
    [2013/09/09 22:27:06 | 000,000,000 | ---D | M] (WinZipBar Community Toolbar) -- C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}
    [2012/03/11 09:25:01 | 000,000,000 | ---D | M] (WinZip Courier) -- C:\PROGRAM FILES\WINZIP COURIER\FFEXT
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
    O2 - BHO: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWin0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files\WinZipBar\prxtbWin0.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-472147603-47468643-4270109915-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKU\S-1-5-21-472147603-47468643-4270109915-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKU\S-1-5-21-472147603-47468643-4270109915-1005\..\Toolbar\WebBrowser: (WinZipBar Toolbar) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - C:\Program Files\WinZipBar\prxtbWin0.dll (Conduit Ltd.)
    O4 - HKU\S-1-5-21-472147603-47468643-4270109915-1005..\Run: [SearchProtection] C:\Documents and Settings\Brent Willey\Application Data\Search Protection\SearchProtection.EXE (Spigot, Inc.)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=2&q="
    FF - user.js - File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

Next

Please download Junkware Removal Tool to your desktop.

  • Disable your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking on XP. Or right click and select Run as Administrator Vista/Win7 and above.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Next

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click AdwCleaner.exe to run the tool.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button.
  • AdwCleaner will begin. Be patient as the scan may take some time to complete.
  • After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, please let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Next

Programs to remove if found.

  • Java™ 6 Update 29
  • Adobe Reader 7.0.7
  • LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)
  • WinZipBar Toolbar
  • Symantec KB-DocID:2003093015493306

Please post the following logs in your next reply:

  • C:\_OTL\Moved Files
  • OTL.txt
  • JRT.txt
  • AdwCleaner[R0].txt
  • Malwarebytes log

Tell me how the computer is running.

Thanks,

Joe :)
  • 0

#5
brent_818

brent_818

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL Moved Files

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named SearchProtection.exe was found!
Service Symantec Core LC stopped successfully!
Service Symantec Core LC deleted successfully!
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe moved successfully.
Service symlcbrd stopped successfully!
Service symlcbrd deleted successfully!
C:\WINDOWS\system32\drivers\symlcbrd.sys moved successfully.
Registry value HKEY_USERS\S-1-5-21-472147603-47468643-4270109915-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\ deleted successfully.
C:\Program Files\WinZipBar\prxtbWin0.dll moved successfully.
Registry key HKEY_USERS\S-1-5-21-472147603-47468643-4270109915-1005\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\S-1-5-21-472147603-47468643-4270109915-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EA756889-2338-43DB-8F07-D1CA6FB9C90D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA756889-2338-43DB-8F07-D1CA6FB9C90D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@winzip.com/Winzip Courier\ deleted successfully.
C:\Program Files\WinZip Courier\npwzwmc.dll moved successfully.
Folder move failed. C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\searchplugin scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\Plugins scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\modules scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\META-INF scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\components scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} scheduled to be moved on reboot.
C:\PROGRAM FILES\WINZIP COURIER\FFEXT\content folder moved successfully.
C:\PROGRAM FILES\WINZIP COURIER\FFEXT folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\ not found.
File C:\Program Files\WinZipBar\prxtbWin0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\ not found.
File C:\Program Files\WinZipBar\prxtbWin0.dll not found.
Registry value HKEY_USERS\S-1-5-21-472147603-47468643-4270109915-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_USERS\S-1-5-21-472147603-47468643-4270109915-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\S-1-5-21-472147603-47468643-4270109915-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37}\ not found.
File C:\Program Files\WinZipBar\prxtbWin0.dll not found.
Registry value HKEY_USERS\S-1-5-21-472147603-47468643-4270109915-1005\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection deleted successfully.
C:\Documents and Settings\Brent Willey\Application Data\Search Protection\SearchProtection.exe moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Prefs.js: "http://search.condui...rchSource=2&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Brent Willey\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Brent Willey\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Brent Willey
->Temp folder emptied: 496723760 bytes
->Temporary Internet Files folder emptied: 33903334 bytes
->Java cache emptied: 699377 bytes
->FireFox cache emptied: 82832857 bytes
->Google Chrome cache emptied: 64188639 bytes
->Flash cache emptied: 816 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 93881089 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3215526 bytes
%systemroot%\System32 .tmp files removed: 205785970 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 451920768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 542770334 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 41111320 bytes

Total Files Cleaned = 1,924.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Brent Willey
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 10232013_094802

Files\Folders moved on Reboot...
C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\searchplugin folder moved successfully.
C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\Plugins folder moved successfully.
C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\modules folder moved successfully.
C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\META-INF folder moved successfully.
C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\defaults folder moved successfully.
C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\components folder moved successfully.
C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\chrome folder moved successfully.
C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} folder moved successfully.
File\Folder C:\Documents and Settings\Brent Willey\Local Settings\Temp\tmp2FB.tmp not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_514.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

JTR
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:2)
OS: Microsoft Windows XP x86
Ran by Brent Willey on Wed 10/23/2013 at 18:21:23.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3106777
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Brent Willey\Application Data\search protection"
Successfully deleted: [Folder] "C:\Documents and Settings\Brent Willey\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\Brent Willey\Local Settings\Application Data\winzipbar"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\winzipbar"



~~~ FireFox

Successfully deleted: [Folder] C:\Documents and Settings\Brent Willey\Application Data\mozilla\firefox\profiles\tp1dsfbs.default\conduitcommon
Successfully deleted the following from C:\Documents and Settings\Brent Willey\Application Data\mozilla\firefox\profiles\tp1dsfbs.default\prefs.js

user_pref("CT3106777..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT3106777..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT3106777.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT3106777.CT3106777.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3106777&octid=CT3106777&SearchSource=15&CUI=SB_CUI&S
user_pref("CT3106777.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT3106777.InstallationId", "ConduitNSISIntegration");
user_pref("CT3106777.InstallationType", "ConduitXPEIntegration");
user_pref("CT3106777.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT3106777.SearchCaption", "WinZipBar Customized Web Search");
user_pref("CT3106777.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=2&q=");
user_pref("CT3106777.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT3106777.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT3106777&octid=CT3106777&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
user_pref("CT3106777.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3106777&SearchSource=13");
user_pref("CT3106777.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3106777");
user_pref("CT3106777.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT3106777.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT3106777.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT3106777.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3106777/CT3106777", "\"cec9c60c99cd35bced7e9f8aec1dd0c03\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1500748/1496227/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3106777", "\"1359634418\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"23c5489aa686ce1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"23c5489aa686ce1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"f414eeaa6bece1:16e2\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3106777", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"dbf22d6c9deb489175eabfcb227c168a\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"f2982e793f1ad490a79e05219fde8c7e\"");
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Brent Willey\\Application Data\\Mozilla\\Firefox\\Profiles\\tp1dsfbs.default\\conduitCommon\\
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid=%7Bf240f969-4823-48df-a5af-965cf53fdeb0%7D&mid=6f996d0c2cee47d1b3c0d15198682735-9
user_pref("CommunityToolbar.ToolbarsList", "CT3106777");
user_pref("CommunityToolbar.ToolbarsList2", "CT3106777");
user_pref("CommunityToolbar.ToolbarsList4", "CT3106777");
user_pref("CommunityToolbar.globalUserId", "4a57105f-54b6-4e57-b639-61cdd15d8fd3");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3106777");
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue May 08 2012 22:55:15 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu May 10 2012 07:20:01 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu May 10 2012 07:19:53 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "9030fc43-0bb4-46c2-a15a-fafc62f86839");
user_pref("CommunityToolbar.originalHomepage", "resource:/browserconfig.properties");
user_pref("CommunityToolbar.originalSearchEngine", "AVG Secure Search");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/23/2013 at 18:27:52.76
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADW LOG

# AdwCleaner v3.010 - Report created 23/10/2013 at 18:36:21
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Brent Willey - BRENTWILLEYSPC
# Running from : C:\Documents and Settings\Brent Willey\My Documents\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater17.0.12

***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Documents and Settings\Brent Willey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Found C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\Brent Willey\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\Brent Willey\Local Settings\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\NetworkService\Local Settings\Application Data\AVG Secure Search
Folder Found C:\Documents and Settings\NetworkService\Local Settings\Application Data\WinZipBar
Folder Found C:\Program Files\AVG Secure Search
Folder Found C:\Program Files\Common Files\AVG Secure Search

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\WinZipBar
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9280CAA3-237E-468E-A41C-43EADB5FF61A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AB49A038-264C-4101-88A5-0F67930AED37}
Key Found : HKLM\Software\Description
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{66FB12CE-5A82-4645-B910-A0453EE9F566}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB8D9F99-2CED-4475-897F-059A9DA4D6F7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinZipBar Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9280CAA3-237E-468E-A41C-43EADB5FF61A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinZipBar Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\WinZipBar
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\prefs.js ]

Line Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AVG Secure Search\\FireFoxExt\\17.0.1.12");
Line Found : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");

-\\ Google Chrome v

[ File : C:\Documents and Settings\Brent Willey\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : homepage
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword

*************************

AdwCleaner[R0].txt - [4377 octets] - [23/10/2013 18:36:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4437 octets] ##########

Malware Log I ran on the 20th of October

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.17.02

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 6.0.2900.5512
Brent Willey :: BRENTWILLEYSPC [administrator]

10/20/2013 10:02:27 PM
mbam-log-2013-10-20 (22-02-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246849
Time elapsed: 14 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I wasn't able to find the latest OTL.txt log in the OTL folder. The only log file was the one I posted which was in the moved files folder. The rest of the logs have been posted and if you need that OTL.txt file from my latest scan could you help me find that? I performed a search on my C drive and still came up with nothing.

As far as my computers performance goes, its running faster than ever. Thanks for the help, you guys rock! Let me know what you'd like me to do next, thanks!
  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
You can just do another scan with OTL and post the new log, only 1 log will be created. I will have further instructions for you tomorrow at around this time. So be on time LOL !

Edited by zep516, 23 October 2013 - 05:12 PM.

  • 0

#7
brent_818

brent_818

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL logfile created on: 10/24/2013 6:50:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Brent Willey\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.11 Mb Total Physical Memory | 298.37 Mb Available Physical Memory | 29.42% Memory free
2.38 Gb Paging File | 1.68 Gb Available in Paging File | 70.36% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.07 Gb Total Space | 33.64 Gb Free Space | 48.71% Space Free | Partition Type: NTFS

Computer Name: BRENTWILLEYSPC | User Name: Brent Willey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/21 06:17:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Brent Willey\My Documents\Downloads\OTL(1).exe
PRC - [2013/09/30 23:57:44 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/08/15 11:53:50 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/22 10:05:32 | 000,720,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2012/09/28 11:21:20 | 000,098,304 | ---- | M] () -- C:\Program Files\Navionics World\NavService.exe
PRC - [2012/07/21 13:53:06 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2011/05/26 14:14:52 | 000,477,080 | ---- | M] () -- C:\Documents and Settings\Brent Willey\Application Data\HP SimpleSave Application\StartHelper.exe
PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Documents and Settings\Brent Willey\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/10 18:17:16 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/06/20 19:11:00 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/04/04 17:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006/02/14 15:11:46 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2005/11/28 16:38:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/11/28 16:38:42 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/10/12 00:36:38 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2004/11/17 23:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 12:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/02/20 17:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/30 23:57:42 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/09/28 11:21:20 | 000,098,304 | ---- | M] () -- C:\Program Files\Navionics World\NavService.exe
MOD - [2011/10/11 06:46:22 | 008,179,712 | ---- | M] () -- C:\Program Files\Navionics World\QtGui4.dll
MOD - [2011/10/11 06:36:08 | 000,983,040 | ---- | M] () -- C:\Program Files\Navionics World\QtNetwork4.dll
MOD - [2011/10/11 06:34:56 | 002,203,648 | ---- | M] () -- C:\Program Files\Navionics World\QtCore4.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/26 14:14:52 | 000,477,080 | ---- | M] () -- C:\Documents and Settings\Brent Willey\Application Data\HP SimpleSave Application\StartHelper.exe
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/04/02 08:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/07/03 00:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/07/03 00:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/06/20 19:11:00 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


========== Services (SafeList) ==========

SRV - [2013/09/30 23:57:43 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/21 13:53:06 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Documents and Settings\Brent Willey\Application Data\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2006/06/20 19:11:00 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/06/13 11:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 12:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 13:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2006/05/18 13:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2006/05/08 07:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 20:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 20:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 20:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/04 17:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/28 16:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 16:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 16:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/07/14 22:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/03/11 20:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/08/11 03:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Windows Media Connect\mswmccds.exe -- (WmcCds)
SRV - [2004/08/11 00:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect\mswmcls.exe -- (WmcCdsLs)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/10/03 19:47:29 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2009/07/13 16:51:12 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2006/07/24 20:38:20 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/24 20:38:20 | 000,727,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/07/24 20:38:20 | 000,208,256 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/07/03 02:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/14 14:04:00 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006/05/23 11:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/02/21 22:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2005/10/15 19:56:47 | 000,103,040 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mach3.sys -- (Mach3)
DRV - [2004/11/22 16:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-472147603-47468643-4270109915-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKU\S-1-5-21-472147603-47468643-4270109915-1005\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-21-472147603-47468643-4270109915-1005\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-472147603-47468643-4270109915-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-472147603-47468643-4270109915-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-472147603-47468643-4270109915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-21-472147603-47468643-4270109915-500\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-21-472147603-47468643-4270109915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{74c841e3-b59f-479e-8d7a-e26a942a87c8}: C:\Program Files\WinZip Courier\FFExt
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/09/30 23:57:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/30 23:57:25 | 000,000,000 | ---D | M]

[2010/08/27 12:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Extensions
[2010/08/27 12:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Extensions\[email protected]
[2013/10/23 18:35:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions
[2010/09/21 22:22:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/09/04 21:06:34 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\searchplugins\yahoo.xml
[2013/09/30 23:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/09/30 23:57:45 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/02/06 17:36:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/19 03:54:30 | 000,371,904 | ---- | M] (Navionics) -- C:\Program Files\mozilla firefox\plugins\npNavIn.dll

========== Chrome ==========

CHR - homepage: 11,backup:{_signature:qfXpfq8tAvs2+Z1OZ+QTmWU+pXIA2lc4mJd1kurIP1w=,_version:3,browser:{show_home_button:false},extensions:{ids:[ahfgeienlihckogmohjhadlkjgocpleb,blpcfgokakmgnkcojhhkbfbldkacnbeo,coobgpohoikkiipiblmjeljniedjpjpf,jmfkcklnlgedgbglfkkgedjfmejoahla,pjkljhegncpnkpknbcohdijeoejaedia]},homepage:http://www.google.com/,homepage_is_newtabpage:false,session:{restore_on_startup:5}},browser:{check_default_browser:false,window_placement:{bottom:728,left:10,maximized:false,right:1014,top:10,work_area_bottom:738,work_area_left:0,work_area_right:1024,work_area_top:0}},countryid_at_install:21843,custom_handlers:{enabled:true,ignored_protocol_handlers:[{protocol:mailto,title:Gmail,url:https://mail.google.com/mail/?extsrc=mailto&url=%s}]},default_apps_install_state:1,default_search_provider:{enabled:true,encodings:UTF-8,icon_url:http://www.google.com/favicon.ico:
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Documents and Settings\Brent Willey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\Brent Willey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\Brent Willey\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/10/23 09:50:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [navservice] C:\Program Files\Navionics World\NavService.exe ()
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PartSeal] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKU\S-1-5-21-472147603-47468643-4270109915-1005..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-472147603-47468643-4270109915-500..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Brent Willey\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Documents and Settings\Brent Willey\Application Data\HP SimpleSave Application\StartHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-472147603-47468643-4270109915-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O7 - HKU\S-1-5-21-472147603-47468643-4270109915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B88E61E-DCCC-4BF5-8653-90765F6A1A97}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1920x1200.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Light Flo Wallpaper TrueColor 1920x1200.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/01 18:15:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5da86f78-b1ea-11df-9045-0018de8ccec6}\Shell\AutoRun\command - "" = I:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/23 18:32:11 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/23 18:16:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/23 09:48:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/21 17:39:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Brent Willey\Local Settings\Application Data\Avg2014
[2013/10/17 07:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Afinia
[2013/10/16 18:12:20 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/10/13 16:59:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidparse.sys
[2013/10/13 16:59:41 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2013/10/13 16:58:35 | 000,123,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbvideo.sys
[2013/10/13 16:58:35 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2013/10/13 16:58:35 | 000,046,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irbus.sys
[2013/10/13 16:58:01 | 000,144,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbport.sys
[2013/10/13 16:58:01 | 000,032,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2013/10/13 16:58:01 | 000,030,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbehci.sys
[2013/10/13 16:58:01 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbd.sys
[2013/09/30 23:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/24 18:47:44 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/23 19:01:22 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/23 19:01:19 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/10/23 19:01:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/23 19:01:10 | 1063,440,384 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/23 09:50:06 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/10/20 20:39:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/17 07:52:05 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Brent Willey\Application Data\Microsoft\Internet Explorer\Quick Launch\Afinia.lnk
[2013/10/17 07:52:05 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Afinia.lnk
[2013/10/16 22:23:18 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/16 18:04:27 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2013/10/14 08:20:22 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/14 07:59:48 | 000,459,970 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/10/14 07:59:48 | 000,079,458 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/10/14 07:54:34 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/03 19:48:28 | 000,003,726 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/10/03 19:47:29 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys

========== Files Created - No Company Name ==========

[2013/10/21 06:06:07 | 1063,440,384 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/17 07:52:05 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Brent Willey\Application Data\Microsoft\Internet Explorer\Quick Launch\Afinia.lnk
[2013/10/17 07:52:05 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Afinia.lnk
[2013/08/05 07:41:41 | 000,003,726 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/07/22 12:40:57 | 000,000,105 | ---- | C] () -- C:\WINDOWS\Mach3.INI
[2012/02/17 09:13:24 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/09/11 17:09:54 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/09/01 00:48:00 | 000,000,446 | ---- | C] () -- C:\Documents and Settings\Brent Willey\Application Data\wklnhst.dat
[2010/08/26 18:28:30 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Brent Willey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/26 16:42:19 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Brent Willey\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2006/09/01 18:12:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/09/23 03:40:03 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Thanks brent_818,

I'll look this over and talk to the instructor, but before I go can you tell me "why" your Internet Explorer Browser is so out of date Internet Explorer (Version = 6.0.2900.5512). Internet Explore for XP is currently running at version 8.

Edited by zep516, 24 October 2013 - 05:13 PM.

  • 0

#9
brent_818

brent_818

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I haven't opened Internet explorer in 5 years if that makes any difference. I never liked using it so I switched to Firefox. Awhile back I had some issue with this pc downloading windows service pack 3 and just got that figured out a year ago. So in short, no I don't know why its so out of date, never saw a reason to update it I guess. I'm probably just ignorant to its importance also, so please expand on that if you can. Thanks.
  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
OK,

pup.optional.bandoo -----Any problems with that ?

Again I'll look over the fresh log and post some instructions, so stay with us until we clear you out.

Thanks,

Joe :)
  • 0

Advertisements


#11
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Hi brent_818,

We need to run another fix using OTL, like we did before.

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    
    O4 - HKU\S-1-5-21-472147603-47468643-4270109915-500..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB File not found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
    [2013/10/03 19:48:28 | 000,003,726 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
    [2013/08/05 07:41:41 | 000,003,726 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
    
    :COMMANDS
    [EMPTYTEMP]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

Next

Double-click AdwCleaner.exe to run the tool again.
  • Click the Scan button.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Next

Lets run a final scan to double check for any left over Malware

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the Posted Image icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Posted Image
    (Selecting Uninstall application on close if you so wish)

In your next reply please post
  • the ESET Log report
  • C:\_OTL\Moved Files
  • AdwCleaner[S0].txt

Edited by zep516, 28 October 2013 - 05:52 PM.

  • 0

#12
brent_818

brent_818

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here you go, thanks again!

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-472147603-47468643-4270109915-500\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found not found.
C:\Program Files\Mozilla Firefoxavg-secure-search.xml moved successfully.
File C:\Program Files\Mozilla Firefoxavg-secure-search.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Brent Willey
->Temp folder emptied: 3033452 bytes
->Temporary Internet Files folder emptied: 538743 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 38477386 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1190002 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 41.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10302013_181125

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_644.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


****************************************************************

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cc03d6b5c4c50d4b9783d552965ff10b
# engine=15703
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-31 01:21:17
# local_time=2013-10-30 09:21:17 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=101192
# found=1
# cleaned=0
# scan_time=7413
sh=2C7C651D15D2771EE89E1FCF9148B071F5980B0E ft=1 fh=8a43b250fe7eb64f vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\_OTL\MovedFiles\10232013_094802\C_Documents and Settings\Brent Willey\Application Data\Search Protection\SearchProtection.exe"


******************************************************************************


# AdwCleaner v3.010 - Report created 30/10/2013 at 18:23:29
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Brent Willey - BRENTWILLEYSPC
# Running from : C:\Documents and Settings\Brent Willey\My Documents\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\Description

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Brent Willey\Application Data\Mozilla\Firefox\Profiles\tp1dsfbs.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Brent Willey\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5556 octets] - [23/10/2013 18:36:21]
AdwCleaner[S0].txt - [962 octets] - [30/10/2013 18:23:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1021 octets] ##########
  • 0

#13
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Nice! Tell me how things are running?

Joe :)
  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,810 posts
Nice! Tell me how things are running?

Joe :)
  • 0

#15
brent_818

brent_818

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Joe,

Seems to be running better than it has in a year. Thanks again!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP