Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer needs constant rebooting, issues... [Solved]


  • This topic is locked This topic is locked

#1
Faithsa

Faithsa

    Member

  • Member
  • PipPipPip
  • 190 posts
I have windows xp. Used to have McAffee, finally was able to get taht off teh pc and then had avast. Now with Comcast I have Norton. I had also downloaded teh RegClean program. Had to upload Chrome due to gmail not working with firefox. Now I have a ton of popups and the blockers I tried just kept crashing Chrome. I need to rebood the pc just about every morining because chrome won't load pages. It also affects the pc general in that when I go to restart sometimes the normal buttons are not there and i seem to end up at a default screen. Sometimes it only gives me the option to logoff and not shut down. I'm beginning to suspect something else causing issues. It tends to be sluggish loading programs. I also get 'low on virtual memory' notices. I've also noticed a few of my photo files seem to be unviewable now... And I'm sure other issues I'm not remembering at the moment. I have no idea where to start. I appreciate any help I can get. Thank you!

Here is the Otl.txt - notepad:

OTL logfile created on: 10/29/2013 12:27:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.23 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 28.56% Memory free
4.31 Gb Paging File | 2.26 Gb Available in Paging File | 52.47% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 759.52 Gb Free Space | 81.54% Space Free | Partition Type: NTFS
Drive E: | 3.80 Gb Total Space | 2.72 Gb Free Space | 71.65% Space Free | Partition Type: FAT32

Computer Name: OWNER-5F64AFAA0 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/29 12:27:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2013/10/08 20:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/09/22 07:57:32 | 003,470,624 | ---- | M] (Conduit) -- C:\Documents and Settings\Owner\Application Data\SearchProtect\bin\cltmng.exe
PRC - [2013/08/20 16:52:16 | 000,040,512 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2013/08/20 16:52:13 | 003,857,984 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe
PRC - [2013/07/11 21:28:45 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/05/08 02:18:34 | 000,097,056 | ---- | M] (Conduit) -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/02/14 05:16:13 | 001,683,456 | ---- | M] (Bandoo Media Inc) -- C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe
PRC - [2013/01/12 11:07:43 | 000,199,016 | ---- | M] (Tidy Network) -- C:\Documents and Settings\Owner\Local Settings\Application Data\TidyNetwork.com\tidynetwork008.exe
PRC - [2012/11/20 16:30:38 | 001,653,760 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2012/09/02 13:15:12 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/04/08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
PRC - [2010/04/08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2010/04/08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009/08/28 16:33:28 | 000,116,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
PRC - [2009/02/10 03:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/07 17:52:14 | 000,140,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
PRC - [2003/05/15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/08 20:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 20:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/08 20:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 20:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/08/20 16:52:19 | 000,549,272 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\sqlite3.dll
MOD - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/06/14 13:44:32 | 000,245,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\cc063533b04f9420d1aa571a36d1fabd\WindowsFormsIntegration.ni.dll
MOD - [2012/06/14 13:44:22 | 001,828,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\87e09dfbe3a44d6b00d3a5895f5a21a6\System.Web.Services.ni.dll
MOD - [2012/06/14 13:44:17 | 000,365,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\76a5d670ce969c0c65a905b7303d4bbf\System.ServiceModel.Routing.ni.dll
MOD - [2012/06/14 13:44:17 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll
MOD - [2012/06/14 13:44:16 | 001,127,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dbf07cb14b4dcc210cdf8b5d90a12a56\System.ServiceModel.Discovery.ni.dll
MOD - [2012/06/14 13:44:14 | 001,388,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\52481fccddb053768631c640d5059d4b\System.ServiceModel.Activities.ni.dll
MOD - [2012/06/14 13:44:14 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c3831eb95ccf3904bab81a97a9b08ed3\System.ServiceModel.Channels.ni.dll
MOD - [2012/06/14 13:44:11 | 017,919,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll
MOD - [2012/06/14 13:43:46 | 001,159,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll
MOD - [2012/06/14 13:43:41 | 001,065,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9eac876f58a3ebca8878b8654efdc817\System.IdentityModel.ni.dll
MOD - [2012/06/14 13:41:49 | 000,645,632 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\dd9dbf82e44454689976a49a9e4ddb6d\System.Transactions.ni.dll
MOD - [2012/06/14 13:41:48 | 001,011,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/06/14 13:41:46 | 000,142,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll
MOD - [2012/06/14 13:41:45 | 002,625,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
MOD - [2012/06/14 13:41:41 | 001,776,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2012/06/14 13:17:53 | 017,629,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
MOD - [2012/06/14 13:17:40 | 013,006,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2012/06/14 13:17:32 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2012/06/14 13:17:20 | 006,754,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\92cccedc7cda413ff6fc6492cb256b58\System.Data.ni.dll
MOD - [2012/06/14 13:17:18 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/06/14 13:17:13 | 001,651,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2012/06/14 13:17:07 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/06/14 13:17:04 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/06/14 13:16:58 | 000,973,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
MOD - [2012/06/14 13:16:56 | 000,283,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f5e029e2215c95ab38a1eefef7b32ac9\PresentationFramework.Classic.ni.dll
MOD - [2012/06/14 13:16:54 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/06/14 13:16:45 | 000,144,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\b07f0d26a34ad53fc369248f289d1126\System.Numerics.ni.dll
MOD - [2012/06/14 13:16:44 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Security Suite\Engine\20.4.0.40\wincfi39.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/02/10 03:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2013/10/08 23:27:56 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/20 16:52:16 | 000,040,512 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2013/07/10 21:36:51 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/21 00:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ccSvcHst.exe -- (N360)
SRV - [2013/05/08 02:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/18 15:59:49 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe -- (VideoDownloadConverter_4zService)
SRV - [2012/09/02 13:15:12 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/06/27 12:14:41 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/04/08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2010/04/08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2010/04/08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/28 16:33:28 | 000,116,032 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2009/02/10 03:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/12/07 17:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\jbridgep.sys -- (jbridgep)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AVGIDSShim.Sys -- (AVGIDSShim)
DRV - [2013/10/28 16:59:35 | 000,380,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131025.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2013/10/22 19:11:14 | 001,096,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131022.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2013/09/17 17:59:51 | 000,080,104 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2013/08/28 22:01:44 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131028.038\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/08/28 22:01:44 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131028.038\NAVENG.SYS -- (NAVENG)
DRV - [2013/08/26 21:42:13 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/08/26 21:42:13 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/07/24 11:25:24 | 000,024,520 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyCrypt32.sys -- (keycrypt)
DRV - [2013/07/16 11:36:09 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/05/23 01:25:28 | 000,934,488 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symefa.sys -- (SymEFA)
DRV - [2013/05/21 01:02:00 | 000,367,704 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symds.sys -- (SymDS)
DRV - [2013/05/16 01:02:14 | 000,603,224 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)
DRV - [2013/04/24 20:43:56 | 000,396,760 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\symtdi.sys -- (SYMTDI)
DRV - [2013/04/15 22:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/03/04 21:21:36 | 000,032,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)
DRV - [2012/10/30 19:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/07/27 23:05:22 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1404000.028\ironx86.sys -- (SymIRON)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 02:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/09/02 02:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/09/02 02:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/08/05 12:27:40 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/12/18 13:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/03/12 15:53:46 | 001,550,613 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2001/04/09 14:11:00 | 000,024,424 | ---- | M] (ADMtek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NET8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {535ae879-ef3b-449c-8726-e1e644ae2290} - C:\Program Files\NewFreeScreensavers\prxtbNew2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3185678
IE - HKCU\..\SearchScopes\{B156CE15-8648-4CE0-8E98-2A424CE71429}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3185678.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: idvaultaddin%40whitesky:1.13.624.1
FF - prefs.js..extensions.enabledAddons: tidynetwork%40tidynetwork:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.8
FF - prefs.js..keyword.URL: "http://dts.search-re...&o=APN10645&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoDownloadConverter_4z.com/Plugin: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin: C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\npTNT2.dll (Search.Us.com)
FF - HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin: C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\npTNT2ghost.dll (Search.Us.com)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]bsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2011/11/07 17:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]_4z.com: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin [2012/11/18 15:59:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/11 21:30:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/10/29 12:00:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/11 21:30:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013/10/09 12:19:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/08 23:26:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/08 23:26:57 | 000,000,000 | ---D | M]

[2013/03/05 18:09:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/08/12 14:27:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions
[2013/07/07 01:32:54 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
[2012/12/01 01:29:42 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/03/05 18:09:47 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}
[2013/03/21 00:03:10 | 000,000,000 | ---D | M] (VideoDownloadConverter) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected]_4z.com
[2010/09/28 23:47:17 | 000,000,000 | ---D | M] (foof) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected]
[2013/07/15 15:37:37 | 000,000,000 | ---D | M] (XFINITY Constant Guard Protection Suite) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected]
[2011/11/07 17:26:31 | 000,000,000 | ---D | M] (My Web Search) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected]
[2013/07/14 13:35:30 | 000,018,166 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected]
[2013/10/29 12:01:02 | 000,003,634 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected]
[2013/01/04 14:39:39 | 000,013,345 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2012/11/18 15:30:43 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\searchplugins\newfreescreensavers-customized-web-search.xml
[2013/03/05 18:09:31 | 000,002,687 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\searchplugins\Search_Results.xml
[2013/07/10 21:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/10 21:35:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/10 21:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/10 21:35:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/10 21:36:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/05 18:09:54 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2011/06/27 17:36:55 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2012/02/13 13:26:53 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/13 13:26:54 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2013/07/11 21:29:00 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2013/03/05 18:09:31 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

O1 HOSTS File: ([2008/04/14 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Toolbar BHO) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O2 - BHO: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (NewFreeScreensavers Toolbar) - {535ae879-ef3b-449c-8726-e1e644ae2290} - C:\Program Files\NewFreeScreensavers\prxtbNew2.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Documents and Settings\Owner\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Documents and Settings\All Users\Application Data\White Sky, Inc\ID Vault\IEBHO1.13.820.2\NativeBHO.dll (WhiteSky)
O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (Search Assistant BHO) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (no name) - {3E2DEBED-55FF-41F1-A5CB-E0AD4DCADB14} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (NewFreeScreensavers Toolbar) - {535ae879-ef3b-449c-8726-e1e644ae2290} - C:\Program Files\NewFreeScreensavers\prxtbNew2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3:HKU - HKCU\..\Toolbar\WebBrowser: (m VLCapp.com Search.us.com Toolbar) - {3E2DEBED-55FF-41F1-A5CB-E0AD4DCADB14} - C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\passport.dll (Search.Us.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (VideoDownloadConverter) - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (NewFreeScreensavers Toolbar) - {535AE879-EF3B-449C-8726-E1E644AE2290} - C:\Program Files\NewFreeScreensavers\prxtbNew2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VideoDownloadConverter Search Scope Monitor] C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (MindSpark)
O4 - HKCU..\Run: [E2A6CA641BD771C06D3776C293639FEB79099F12._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [RDReminder] C:\Program Files\RegClean Pro\RegCleanPro.exe (Systweak Inc)
O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKCU..\Run: [SearchProtect] C:\Documents and Settings\Owner\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [TidyNetwork.com] C:\Documents and Settings\Owner\Local Settings\Application Data\TidyNetwork.com\tidynetwork008.exe (Tidy Network)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Constant Guard.lnk = C:\Program Files\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.video...2012111815&cv=2 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1279485110015 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.1.66.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43252356-6AC6-4445-909D-D73C3DC47A47}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KEYCRY~1\KEYCRY~4.DLL) - C:\Program Files\KeyCryptSDK\KeyCrypt32(2).dll (Zemana Ltd.)
O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/18 15:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/08 23:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/10/08 23:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/08 23:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/08 23:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/10/08 23:28:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/08 23:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/10/08 23:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/29 12:27:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/29 12:13:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/10/29 12:06:50 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\TopArcadeHits.job
[2013/10/29 12:02:02 | 000,001,298 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Clean Registry for Free!.lnk
[2013/10/29 12:01:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2013/10/29 12:00:33 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/29 12:00:29 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2013/10/29 11:59:31 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/29 11:59:29 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2013/10/29 11:59:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/29 06:46:20 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/28 20:47:35 | 000,019,025 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Dora stensil.pdf
[2013/10/28 20:37:51 | 000,115,295 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Pirate ship stensil.pdf
[2013/10/28 15:02:27 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job
[2013/10/25 22:53:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2013/10/25 10:51:34 | 000,084,980 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bat costume.jpg
[2013/10/24 09:54:07 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_UPDATES.job
[2013/10/23 13:11:10 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2013/10/19 07:38:39 | 000,218,616 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WTH MMFCU.pdf
[2013/10/16 00:58:50 | 000,768,360 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\10-building-blocks-for-biz-success.pdf
[2013/10/15 12:51:30 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/10/08 23:36:02 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/10/08 23:26:41 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/10/03 23:46:36 | 001,319,148 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Dharma Fiber Reactive Procion Dyes.pdf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/28 20:47:34 | 000,019,025 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Dora stensil.pdf
[2013/10/28 20:37:35 | 000,115,295 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Pirate ship stensil.pdf
[2013/10/25 10:51:34 | 000,084,980 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bat costume.jpg
[2013/10/19 07:38:29 | 000,218,616 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\WTH MMFCU.pdf
[2013/10/16 00:58:49 | 000,768,360 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\10-building-blocks-for-biz-success.pdf
[2013/10/08 23:36:02 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/10/08 23:26:40 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/10/03 23:46:33 | 001,319,148 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Dharma Fiber Reactive Procion Dyes.pdf
[2013/06/27 22:18:38 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/26 23:58:15 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/26 23:58:14 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/03/30 09:36:15 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2012/12/23 01:46:33 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\.backup.dm
[2010/12/21 11:31:00 | 767,354,880 | ---- | C] () -- C:\Program Files\SW_DVD5_Office_Professional_Plus_2010_W32_English_MLF_X16-52536.ISO

========== ZeroAccess Check ==========

[2012/12/23 01:54:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 12:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/08 23:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/07/29 00:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/08/18 12:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/09/20 11:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2013/03/05 18:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/01/08 15:08:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/09/30 20:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/07/27 10:38:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2013/10/16 09:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/07/27 11:46:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/07/27 11:42:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2013/01/12 06:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Casual Arts
[2012/12/23 01:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2010/09/28 21:03:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/06/08 15:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2011/11/04 16:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2010/09/28 20:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/12/23 09:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/01/20 17:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/18 16:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2013/06/08 15:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2013/03/05 18:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wincert
[2012/11/26 14:03:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/03/30 09:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F7367F58-5836-4168-962C-6EE09FA340B5}
[2010/09/28 22:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/08/22 06:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2012/12/22 02:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Brabl
[2012/11/03 13:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2010/07/27 10:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX
[2013/01/12 06:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Casual Arts
[2011/06/14 16:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Catalina Marketing Corp
[2012/12/08 00:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.Rhapsody.RhapsodyCloudSync
[2012/11/14 16:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivoGames
[2012/06/14 15:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Garmin
[2013/10/29 12:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ID Vault
[2013/06/10 15:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ilividtoolbargaw
[2012/02/11 21:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2012/11/18 16:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2010/08/18 12:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2013/07/07 01:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PandoraRecovery
[2013/10/19 20:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PriceGong
[2013/10/29 12:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk
[2012/12/23 01:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk SecureAccess
[2013/07/10 21:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SearchProtect
[2013/06/10 14:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\searchresultstb
[2013/07/31 11:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stamps.com Internet Postage
[2013/07/10 21:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Systweak
[2012/09/20 15:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ThreeDays2
[2011/06/27 13:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
[2012/11/18 16:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2013/01/06 08:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VideoDownloadConverter_4z
[2012/12/23 09:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08DB8D99
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBAB74CB
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D987CB43
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A0561F3
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F65A2273
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBCF5924
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D1C258F
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEECF2C8
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6764D965
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71AEFFEB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A82449
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:699BDADB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1A3680D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5539129F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C84C408C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30DA8392
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B36361EE
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BC173E4
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB03533D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AED9359
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6401C7FF
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F6F85C
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512E1728
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E49FF93
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2342AE46
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3559A02E
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0459F5AC

< End of report >


Here is the Extras.Txt-notepad:

OTL Extras logfile created on: 10/29/2013 12:27:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.23 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 28.56% Memory free
4.31 Gb Paging File | 2.26 Gb Available in Paging File | 52.47% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 759.52 Gb Free Space | 81.54% Space Free | Partition Type: NTFS
Drive E: | 3.80 Gb Total Space | 2.72 Gb Free Space | 71.65% Space Free | Partition Type: FAT32

Computer Name: OWNER-5F64AFAA0 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe" = C:\Program Files\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe:*:Enabled:Sid Meier's Civilization V -- (Firaxis Games)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Complete -- (Firaxis Games)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4: Warlords -- (Firaxis Games)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Complete\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4: Beyond the Sword -- (Firaxis Games)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization -- (Firaxis Games)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell Printer Software
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III
"{2437DF07-D3CB-4D85-8397-ED8AE9ED26D5}" = LeapFrog Tag Junior Plugin
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B8811DB-64BA-4F9A-8E0F-481D5583F1E5}" = Living Marine Aquarium 2 Animated Wallpaper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1" = AntiLogger SDK version 1.6.6.247
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 6.10
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A92919B8-EE3B-6EF9-422D-0381D4658827}" = Rhapsody Cloud Sync
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B2B7CAD5-6032-416A-9049-1E9C2721CBF6}" = Lightning Storm
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B5336D19-B526-47CC-8F56-67DF30FECC70}" = Winbond Desktop SI/O with Consumer IR support
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel® Network Connections 15.3.68.0
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{E05D82D8-FE70-4228-B073-B0C07FE27595}" = iTunes
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"BFG-3 Days - Amulet Secret" = 3 Days - Amulet Secret
"BFG-3 Days - Zoo Mystery" = 3 Days: Zoo Mystery
"BFG-Adventure Chronicles - The Search for Lost Treasure" = Adventure Chronicles: The Search for Lost Treasure
"BFG-Alice's Magical Mahjong" = Alice's Magical Mahjong
"BFG-Be Richest!" = Be Richest!
"BFG-Be Richest! Strategy Guide" = Be Richest! Strategy Guide
"BFG-Bob the Builder - Can Do Carnival" = Bob the Builder: Can Do Carnival
"BFG-Bob the Builder - Can Do Zoo" = Bob the Builder - Can Do Zoo
"BFG-Brain Training for Dummies" = Brain Training for Dummies
"BFGC" = Big Fish Games: Game Manager
"BFG-Christmas Stories - Nutcracker Collector's Edition" = Christmas Stories: Nutcracker Collector's Edition
"BFG-Christmas Tales - Fellina's Journey" = Christmas Tales: Fellina's Journey
"BFG-Christmas Wonderland" = Christmas Wonderland
"BFG-Christmas Wonderland 2" = Christmas Wonderland 2
"BFG-Christmasville" = Christmasville
"BFG-Clutter" = Clutter
"BFG-Clutter II - He Said She Said" = Clutter II: He Said, She Said
"BFG-Diego Dinosaur Rescue" = Diego Dinosaur Rescue
"BFG-Diego`s Dinosaur Adventure" = Diego`s Dinosaur Adventure
"BFG-Diego`s Safari Adventure" = Diego`s Safari Adventure
"BFG-Family Feud - Battle of the Sexes" = Family Feud: Battle of the Sexes
"BFG-Gardenscapes - Mansion Makeover" = Gardenscapes: Mansion Makeover™
"BFG-Go Diego Go Ultimate Rescue League" = Go Diego Go Ultimate Rescue League
"BFG-I SPY - Treasure Hunt" = I SPY: Treasure Hunt
"BFG-I SPY™ Fun House" = I SPY™ Fun House
"BFG-Monopoly" = Monopoly &reg;
"BFG-Nick Jr. Bingo" = Nick Jr. Bingo
"BFG-Risk" = Risk™
"BFG-Tales of Lagoona - Orphans of the Ocean" = Tales of Lagoona: Orphans of the Ocean
"BFG-The Game of Life" = The Game of Life &reg;
"BFG-The Price is Right 2010" = The Price is Right 2010
"BFG-Treasure Seekers - The Time Has Come" = Treasure Seekers: The Time Has Come
"BFG-Ultimate Dominoes" = Ultimate Dominoes
"BFG-Where's Waldo - The Fantastic Journey" = Where's Waldo: The Fantastic Journey
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Cars2_MissionImpossible_Screensaver" = Cars2_MissionImpossible_Screensaver
"com.Rhapsody.RhapsodyCloudSync" = Rhapsody Cloud Sync
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"FairPoint DSL Security Improvement Upgrade_is1" = FairPoint DSL Security Improvement Upgrade
"Fire Place 3D New Free Screensaver_is1" = NewFreeScreensaver nfsFirePlace3D
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"ID Vault" = Constant Guard Protection Suite
"ie8" = Windows Internet Explorer 8
"iLivid" = iLivid
"ilividtoolbargaw" = Search-Results Toolbar
"InstallShield_{2157961D-0507-44A8-BCF2-1EE2D439E8DF}" = Civilization III
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyWebSearch bar Uninstall" = My Web Search (Popular Screensavers)
"N360" = Norton Security Suite
"NewFreeScreensavers Toolbar" = NewFreeScreensavers Toolbar
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PandoraRecovery" = PandoraRecovery (Remove Only)
"RealPlayer 16.0" = RealPlayer
"RegClean Pro_is1" = RegClean Pro
"SearchProtect" = Search Protect by conduit
"sp6" = Logitech SetPoint 6.32
"Stamps.com" = Stamps.com
"Steam App 8930" = Sid Meier's Civilization V
"TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
"Under Water 18 New Free Screensaver_is1" = NewFreeScreensaver nfsUnderWater18
"UPCShell" = LeapFrog Connect
"VDC_is1" = Video Download Converter version 1.0.0.0
"VideoDownloadConverter_4zbar Uninstall" = VideoDownloadConverter Toolbar
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Winter Train 3D Screensaver_is1" = Winter Train 3D Screensaver 1.2.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@[email protected]@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"{C1C3E833-420E-4D78-9BA7-86AEBB272384}" = TopArcadeHits
"TidyNetwork.com" = TidyNetwork.com

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2013 6:57:24 AM | Computer Name = OWNER-5F64AFAA0 | Source = .NET Runtime | ID = 1026
Description = Application: IDVaultSvc.exe Framework Version: v4.0.30319 Description:
The process was terminated due to an unhandled exception. Exception Info: System.OutOfMemoryException
Stack:

at System.Threading.Thread.StartInternal(System.Security.Principal.IPrincipal,
System.Threading.StackCrawlMark ByRef) at System.Threading.Thread.Start(System.Threading.StackCrawlMark
ByRef) at System.Threading.Thread.Start() at GuardId.IdVaultCore.Tracking.TrackingService+GenericTrackingService.SubmitHeartbeat(System.Object)

at System.Threading._TimerCallback.TimerCallback_Context(System.Object) at
System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback,
System.Object, Boolean) at System.Threading._TimerCallback.PerformTimerCallback(System.Object)


Error - 10/24/2013 6:57:47 AM | Computer Name = OWNER-5F64AFAA0 | Source = .NET Runtime | ID = 1026
Description =

Error - 10/25/2013 9:05:59 AM | Computer Name = OWNER-5F64AFAA0 | Source = Application Error | ID = 1000
Description = Faulting application updater.exe, version 0.0.0.0, faulting module
updater.exe, version 0.0.0.0, fault address 0x000021b7.

Error - 10/25/2013 5:07:31 PM | Computer Name = OWNER-5F64AFAA0 | Source = Microsoft Office 14 | ID = 5000
Description = EventType officelifeboathang, P1 outlook.exe, P2 14.0.6109.5005, P3
ntdll.dll, P4 5.1.2600.6055, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 10/25/2013 5:08:48 PM | Computer Name = OWNER-5F64AFAA0 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 14.0.6109.5005, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/25/2013 5:22:28 PM | Computer Name = OWNER-5F64AFAA0 | Source = Microsoft Office 14 | ID = 2001
Description = Microsoft Outlook: Rejected Safe Mode action : Outlook experienced
a serious problem with the 'norton antispam outlook plugin' add-in. If you have
seen this message multiple times, you should disable this add-in and check to see
if an update is available. Do you want to disable this add-in?.

Error - 10/26/2013 6:06:41 AM | Computer Name = OWNER-5F64AFAA0 | Source = Application Error | ID = 1000
Description = Faulting application updater.exe, version 0.0.0.0, faulting module
updater.exe, version 0.0.0.0, fault address 0x000021b7.

Error - 10/26/2013 8:55:14 AM | Computer Name = OWNER-5F64AFAA0 | Source = .NET Runtime | ID = 1026
Description =

Error - 10/26/2013 8:55:15 AM | Computer Name = OWNER-5F64AFAA0 | Source = .NET Runtime | ID = 1026
Description = Application: IDVaultSvc.exe Framework Version: v4.0.30319 Description:
The process was terminated due to an unhandled exception. Exception Info: System.OutOfMemoryException
Stack:

at System.Threading.Thread.StartInternal(System.Security.Principal.IPrincipal,
System.Threading.StackCrawlMark ByRef) at System.Threading.Thread.Start(System.Threading.StackCrawlMark
ByRef) at System.Threading.Thread.Start() at GuardId.IdVaultCore.Tracking.TrackingService+GenericTrackingService.SubmitHeartbeat(System.Object)

at System.Threading._TimerCallback.TimerCallback_Context(System.Object) at
System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback,
System.Object, Boolean) at System.Threading._TimerCallback.PerformTimerCallback(System.Object)


Error - 10/27/2013 6:34:38 AM | Computer Name = OWNER-5F64AFAA0 | Source = .NET Runtime | ID = 1026
Description =

[ System Events ]
Error - 10/29/2013 10:16:30 AM | Computer Name = OWNER-5F64AFAA0 | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 10/29/2013 10:28:30 AM | Computer Name = OWNER-5F64AFAA0 | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 10/29/2013 10:40:30 AM | Computer Name = OWNER-5F64AFAA0 | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 10/29/2013 10:52:30 AM | Computer Name = OWNER-5F64AFAA0 | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 10/29/2013 11:04:30 AM | Computer Name = OWNER-5F64AFAA0 | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 10/29/2013 11:16:30 AM | Computer Name = OWNER-5F64AFAA0 | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 10/29/2013 11:28:30 AM | Computer Name = OWNER-5F64AFAA0 | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 10/29/2013 11:40:30 AM | Computer Name = OWNER-5F64AFAA0 | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 10/29/2013 11:52:30 AM | Computer Name = OWNER-5F64AFAA0 | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 10/29/2013 12:00:25 PM | Computer Name = OWNER-5F64AFAA0 | Source = System Error | ID = 1003
Description = Error code c000021a, parameter1 e10d2c08, parameter2 c0000006, parameter3
00000000, parameter4 00000000.


< End of report >

Edited by Faithsa, 29 October 2013 - 10:56 AM.

  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.

  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:

I'm currently working on a fix for your machine and will post it as soon as my teacher gives me the ok. :)
  • 0

#3
Faithsa

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts
Thank you, I am eager to get started :)
  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :) Lots of work to do, so let's get started.

I'll lay all of this out in a step by step format. Take your time with each step, and if you have any questions, please don't hesitate to ask. :)

Please disable your anti-virus protection for the duration of my instructions. Don't forget to re-enable them after we are done.


Step 1: Warnings and Uninstalls


Registry Cleaner Warning

There were signs of multiple programs that are either currently or have been previously installed on your computer that contain registry cleaners.A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable. At Geeks to Go we strongly advise that people stay away from any of the registry cleaners out there. Go here to get more information about why registry cleaners aren't needed. Technet blog also discusses this issue as well as Ed Bott.


Program Uninstalls

Please uinstall the following programs from your computer by following the instructions below:


  • RegClean Pro
  • Search-Results Toolbar
  • iLivid
  • My Web Search (Popular Screensavers)
  • NewFreeScreensavers Toolbar
  • Search Protect by conduit
  • Video Download Converter version 1.0.0.0
  • VideoDownloadConverter Toolbar


  • Click Start, click Control Panel, and then double-click Add or Remove Programs.
  • In the Currently installed programs box, click the program that you want to remove, and then click Remove.
  • If you are prompted to confirm the removal of the program, click Yes.

If a program is not listed in the installed programs box, don't worry about it, and move to the next one. :)


Firefox Plugins and Extensions to Uninstall

Please deactivate the following plugins in Firefox by following the instructions below:

  • Anything with Search.Us.com
  • Tightrope Interactive
  • Tnt2ghost
  • Newfreescreensavers

  • Click on Tools, then Add-Ons and then Plugins.
  • Click the menu bar to the right of each plugin and select Never Activate.

When you are done with the plugins, click on Extensions and remove the following extensions from Firefox:

  • TopArcadeHits
  • Search-Results Toolbar
  • MyWebSearch
  • VideoDownloadConverter
  • Yontoo
  • TidyNetwork




Step 2: OTL Fix

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the dektop and icons, they will return on reboot.

Run OTL

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {535ae879-ef3b-449c-8726-e1e644ae2290} - C:\Program Files\NewFreeScreensavers\prxtbNew2.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {93a3111f-4f74-4ed8-895e-d9708497629e} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3185678
FF - prefs.js..CT3185678.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: tidynetwork%40tidynetwork:1.0
FF - prefs.js..keyword.URL: "http://dts.search-re...&o=APN10645&q="
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin: C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\npTNT2.dll (Search.Us.com)
FF - HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin: C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\npTNT2ghost.dll (Search.Us.com)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin [2011/11/07 17:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]_4z.com: C:\Program Files\VideoDownloadConverter_4z\bar\1.bin [2012/11/18 15:59:54 | 000,000,000 | ---D | M]
[2013/07/07 01:32:54 | 000,000,000 | ---D | M] (TopArcadeHits) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}
[2013/03/05 18:09:47 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}
[2013/03/21 00:03:10 | 000,000,000 | ---D | M] (VideoDownloadConverter) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected]_4z.com
[2013/07/14 13:35:30 | 000,018,166 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected]
[2013/10/29 12:01:02 | 000,003,634 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected]
[2012/11/18 15:30:43 | 000,001,068 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\searchplugins\newfreescreensavers-customized-web-search.xml
[2013/03/05 18:09:31 | 000,002,687 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\searchplugins\Search_Results.xml
[2013/03/05 18:09:54 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2013/03/05 18:09:31 | 000,002,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (Toolbar BHO) - {312f84fb-8970-4fd3-bddb-7012eac4afc9} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O2 - BHO: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O2 - BHO: (NewFreeScreensavers Toolbar) - {535ae879-ef3b-449c-8726-e1e644ae2290} - C:\Program Files\NewFreeScreensavers\prxtbNew2.dll (Conduit Ltd.)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Documents and Settings\Owner\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll ()
O2 - BHO: (DataMngr) - {C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} - C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media Inc)
O2 - BHO: (Search Assistant BHO) - {c547c6c2-561b-4169-a2a5-20ba771ca93b} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (MindSpark)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (no name) - {3E2DEBED-55FF-41F1-A5CB-E0AD4DCADB14} - No CLSID value found.
O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (NewFreeScreensavers Toolbar) - {535ae879-ef3b-449c-8726-e1e644ae2290} - C:\Program Files\NewFreeScreensavers\prxtbNew2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3:HKU - HKCU\..\Toolbar\WebBrowser: (m VLCapp.com Search.us.com Toolbar) - {3E2DEBED-55FF-41F1-A5CB-E0AD4DCADB14} - C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\Profiles\10295\passport.dll (Search.Us.com)
O3 - HKCU\..\Toolbar\WebBrowser: (VideoDownloadConverter) - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (MindSpark)
O3 - HKCU\..\Toolbar\WebBrowser: (NewFreeScreensavers Toolbar) - {535AE879-EF3B-449C-8726-E1E644AE2290} - C:\Program Files\NewFreeScreensavers\prxtbNew2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [VideoDownloadConverter Search Scope Monitor] C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (MindSpark)
O4 - HKCU..\Run: [RDReminder] C:\Program Files\RegClean Pro\RegCleanPro.exe (Systweak Inc)
O4 - HKCU..\Run: [SearchProtect] C:\Documents and Settings\Owner\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [TidyNetwork.com] C:\Documents and Settings\Owner\Local Settings\Application Data\TidyNetwork.com\tidynetwork008.exe (Tidy Network)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = File not found
O8 - Extra context menu item: &Search - http://tbedits.video...2012111815&cv=2 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O20 - AppInit_DLLs: (C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll ()
[2013/10/29 12:06:50 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\TopArcadeHits.job
[2013/10/29 12:02:02 | 000,001,298 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Clean Registry for Free!.lnk
[2013/10/28 15:02:27 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job
[2013/10/24 09:54:07 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\RegClean Pro_UPDATES.job
[2012/11/18 16:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2013/07/10 21:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SearchProtect
[2013/06/10 14:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\searchresultstb
[2013/01/06 08:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VideoDownloadConverter_4z
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08DB8D99
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CBAB74CB
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D987CB43
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3A0561F3
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F65A2273
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBCF5924
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7D1C258F
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEECF2C8
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6764D965
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71AEFFEB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D3A82449
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:699BDADB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1A3680D
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5539129F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C84C408C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30DA8392
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B36361EE
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3BC173E4
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB03533D
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8AED9359
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6401C7FF
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F6F85C
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:512E1728
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2E49FF93
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2342AE46
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3559A02E
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0459F5AC

:Files
C:\Program Files\Search Results Toolbar
C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll

:Commands
[emptytemp]
[resethosts]



  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.



Step 3: AdwCleaner



Download ADWcleaner by clicking here. Please save it to your Desktop


Posted Image

  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt


Step 4: Junkware Removal Tool


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Step 5: OTL Quick Scan


  • Open OTL and click the Quick Scan button.
  • Once finished, OTL will produce a log. Please post that log in your next reply.



  • Things I need to see in your next post:
  • OTL Fix Log
  • AdwCleaner Log
  • Junkware Removal Tool Log
  • OTL Quick Scan Log

  • 0

#5
Faithsa

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts
How do I disable Norton? Uninstall??
  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
My apologies for not including the instructions for that.

 Put your mouse cursor on the Norton icon in the system tray and right-click.

A list of options should appear above the icon.

Left-click on "disable antivirus". A small user interface window should then open giving length-of-time options for the disabling.

Choose your preferred length of time. Reverse the process when you are finished running the programs. :)
  • 0

#7
Faithsa

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts
Thank you. I was impatient and uninstalled it :/

I'm currently on step three and about to download the ADWcleaner.
  • 0

#8
Faithsa

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts
The ADWcleaner seems to be stuck on
Pending. Please uncheck elements you don't want to remove.
  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
You should be able to just click the Clean button, and it should go ahead and start cleaning. Do not uncheck anything that it found.
  • 0

#10
Faithsa

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{535ae879-ef3b-449c-8726-e1e644ae2290} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{535ae879-ef3b-449c-8726-e1e644ae2290}\ not found.
File C:\Program Files\NewFreeScreensavers\prxtbNew2.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{93a3111f-4f74-4ed8-895e-d9708497629e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: true removed from CT3185678.browser.search.defaultthis.engineName
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "Search Results" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://www.searchnu.com/406" removed from browser.startup.homepage
Prefs.js: tidynetwork%40tidynetwork:1.0 removed from extensions.enabledAddons
Prefs.js: "http://dts.search-re...&o=APN10645&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mywebsearch.com/Plugin\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tightropeinteractive.com/Plugin\ deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\npTNT2.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tnt2ghost.com/Plugin\ deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\npTNT2ghost.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtb[email protected] not found.
File C:\Program Files\MyWebSearch\bar\1.bin not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]_4z.com not found.
File C:\Program Files\VideoDownloadConverter_4z\bar\1.bin not found.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\skin folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome\content folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3}\chrome folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{0113D088-8ED1-468C-B225-585A9C53B5E3} folder moved successfully.
Folder C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{377e5d4d-77e5-476a-8716-7e70a9272da0}\ not found.
Folder C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected]_4z.com\ not found.
File C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected] not found.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected] moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\searchplugins\newfreescreensavers-customized-web-search.xml moved successfully.
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\searchplugins\Search_Results.xml moved successfully.
Folder C:\PROGRAM FILES\SEARCH RESULTS TOOLBAR\DATAMNGR\FIREFOXEXTENSION\ not found.
C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312f84fb-8970-4fd3-bddb-7012eac4afc9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9}\ not found.
File C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377e5d4d-77e5-476a-8716-7e70a9272da0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0}\ deleted successfully.
File C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{535ae879-ef3b-449c-8726-e1e644ae2290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{535ae879-ef3b-449c-8726-e1e644ae2290}\ not found.
File C:\Program Files\NewFreeScreensavers\prxtbNew2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}\ deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TopArcadeHits\Toparcadehits.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}\ not found.
File C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c547c6c2-561b-4169-a2a5-20ba771ca93b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b}\ not found.
File C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{377e5d4d-77e5-476a-8716-7e70a9272da0} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0}\ not found.
File C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3E2DEBED-55FF-41F1-A5CB-E0AD4DCADB14} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E2DEBED-55FF-41F1-A5CB-E0AD4DCADB14}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{3E2DEBED-55FF-41F1-A5CB-E0AD4DCADB14}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{48586425-6bb7-4f51-8dc6-38c88e3ebb58} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}\ not found.
File C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{535ae879-ef3b-449c-8726-e1e644ae2290} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{535ae879-ef3b-449c-8726-e1e644ae2290}\ not found.
File C:\Program Files\NewFreeScreensavers\prxtbNew2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
File C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{48586425-6BB7-4F51-8DC6-38C88E3EBB58} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48586425-6BB7-4F51-8DC6-38C88E3EBB58}\ not found.
File C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{535AE879-EF3B-449C-8726-E1E644AE2290} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{535AE879-EF3B-449C-8726-E1E644AE2290}\ not found.
File C:\Program Files\NewFreeScreensavers\prxtbNew2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
File C:\Program Files\Search Results Toolbar\Datamngr\datamngrUI.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar Search Scope Monitor not found.
File C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll not found.
File C:\Program Files\SearchProtect\bin\cltmng.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VideoDownloadConverter Search Scope Monitor not found.
File C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RDReminder not found.
File C:\Program Files\RegClean Pro\RegCleanPro.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not found.
File C:\Documents and Settings\Owner\Application Data\SearchProtect\bin\cltmng.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TidyNetwork.com deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\TidyNetwork.com\tidynetwork008.exe moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll deleted successfully.
File C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll not found.
C:\WINDOWS\tasks\TopArcadeHits.job moved successfully.
File C:\Documents and Settings\Owner\Desktop\Clean Registry for Free!.lnk not found.
File C:\WINDOWS\tasks\RegClean Pro_DEFAULT.job not found.
File C:\WINDOWS\tasks\RegClean Pro_UPDATES.job not found.
C:\Documents and Settings\Owner\Application Data\OpenCandy\OpenCandy_D5917FE8A0FD4A63A5D710FCAE267E56 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\OpenCandy\OpenCandy_94B8CF1043724E598B45AD653A150C5B folder moved successfully.
C:\Documents and Settings\Owner\Application Data\OpenCandy\D5917FE8A0FD4A63A5D710FCAE267E56 folder moved successfully.
C:\Documents and Settings\Owner\Application Data\OpenCandy\94B8CF1043724E598B45AD653A150C5B folder moved successfully.
C:\Documents and Settings\Owner\Application Data\OpenCandy folder moved successfully.
Folder C:\Documents and Settings\Owner\Application Data\SearchProtect\ not found.
C:\Documents and Settings\Owner\Application Data\searchresultstb folder moved successfully.
Folder C:\Documents and Settings\Owner\Application Data\VideoDownloadConverter_4z\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:08DB8D99 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CBAB74CB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D987CB43 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3A0561F3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F65A2273 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EBCF5924 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7D1C258F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FEECF2C8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EF5B3572 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6764D965 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:71AEFFEB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D3A82449 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:699BDADB deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1A3680D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5539129F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C84C408C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:30DA8392 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7B52659E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B36361EE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3BC173E4 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AB03533D deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8AED9359 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6401C7FF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98F6F85C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:512E1728 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2E49FF93 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2342AE46 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3559A02E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0459F5AC deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\Search Results Toolbar not found.
File\Folder C:\Documents and Settings\All Users\Application Data\Wincert\win32cert.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 57472 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 271220774 bytes

User: Owner
->Temp folder emptied: 41574004 bytes
->Temporary Internet Files folder emptied: 7291985 bytes
->Java cache emptied: 943337 bytes
->FireFox cache emptied: 78175400 bytes
->Google Chrome cache emptied: 468195039 bytes
->Flash cache emptied: 19783534 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 5018885 bytes
%systemroot%\System32 .tmp files removed: 1262609 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 963 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 481393159 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4171619390 bytes

Total Files Cleaned = 5,290.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 10302013_120401

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



# AdwCleaner v3.010 - Report created 30/10/2013 at 12:35:07
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - OWNER-5F64AFAA0
# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\TidyNetwork.com
Folder Deleted : C:\Documents and Settings\Owner\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Systweak
Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\Smartbar
[!] Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bjlphnoikfkmgpkacbjbgfjohahcfmno
File Deleted : C:\END
File Deleted : C:\WINDOWS\system32\roboot.exe
File Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\bjlphnoikfkmgpkacbjbgfjohahcfmno
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bjlphnoikfkmgpkacbjbgfjohahcfmno
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3185678
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E720452-B472-4954-B7AA-33069EB53906}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93A3111F-4F74-4ED8-895E-D9708497629E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Fun Web Products
Key Deleted : HKCU\Software\FunWebProducts
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\MyWebSearch
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\smartbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\Software\MyWebSearch
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\prefs.js ]

Line Deleted : user_pref("CT3185678.1000082.isDisplayHidden", "true");
Line Deleted : user_pref("CT3185678.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3185678.1000234.TWC_TMP_city", "HYDE PARK");
Line Deleted : user_pref("CT3185678.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3185678.1000234.TWC_locId", "GYXX0017");
Line Deleted : user_pref("CT3185678.1000234.TWC_location", "Hyde Park, Guyana");
Line Deleted : user_pref("CT3185678.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3185678.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3185678.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3185678.129727399016246925.isToggled_item0_12", "true");
Line Deleted : user_pref("CT3185678.CBOpenMAMSettings.enc", "MA==");
Line Deleted : user_pref("CT3185678.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3185678.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3185678.FirstTime", "true");
Line Deleted : user_pref("CT3185678.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3185678.LoginRevertSettingsEnabled", false);
Line Deleted : user_pref("CT3185678.RevertSettingsEnabled", false);
Line Deleted : user_pref("CT3185678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3185678&SearchSource=2&q=");
Line Deleted : user_pref("CT3185678.UserID", "UN31906088676382174");
Line Deleted : user_pref("CT3185678.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3185678.autoDisableScopes", -1);
Line Deleted : user_pref("CT3185678.browser.search.defaultthis.engineName", "");
Line Deleted : user_pref("CT3185678.cbcountry_001.enc", "VVM=");
Line Deleted : user_pref("CT3185678.cbfirsttime.enc", "U3VuIE5vdiAxOCAyMDEyIDE0OjMwOjU0IEdNVC0wNTAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3185678.defaultSearch", "true");
Line Deleted : user_pref("CT3185678.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":[...]
Line Deleted : user_pref("CT3185678.enableAlerts", "always");
Line Deleted : user_pref("CT3185678.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3185678.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3185678.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3185678.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3185678.fixUrls", true);
Line Deleted : user_pref("CT3185678.installId", "conduitinstaller.exe");
Line Deleted : user_pref("CT3185678.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3185678.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3185678.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3185678.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3185678.isNewTabEnabled", true);
Line Deleted : user_pref("CT3185678.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3185678.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3185678.keyword", true);
Line Deleted : user_pref("CT3185678.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3185678.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://NewFreeScreensavers.OurT[...]
Line Deleted : user_pref("CT3185678.openThankYouPage", "false");
Line Deleted : user_pref("CT3185678.openUninstallPage", "true");
Line Deleted : user_pref("CT3185678.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"11\\\\/18\\\\/2012 22\\\"}\"}");
Line Deleted : user_pref("CT3185678.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3185678.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3185678.search.searchAppId", "10000002");
Line Deleted : user_pref("CT3185678.search.searchCount", "0");
Line Deleted : user_pref("CT3185678.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3185678.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3185678.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3185678.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3185678.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3185678\"}");
Line Deleted : user_pref("CT3185678.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://NewFreeScreensavers.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3185678.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"NewFreeScreensavers\"}");
Line Deleted : user_pref("CT3185678.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3185678.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1353267043231");
Line Deleted : user_pref("CT3185678.serviceLayer_services_appsMetadata_lastUpdate", "1353267043261");
Line Deleted : user_pref("CT3185678.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353267045651");
Line Deleted : user_pref("CT3185678.serviceLayer_services_login_10.13.40.15_lastUpdate", "1353267045194");
Line Deleted : user_pref("CT3185678.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353267045603");
Line Deleted : user_pref("CT3185678.serviceLayer_services_searchAPI_lastUpdate", "1353267042229");
Line Deleted : user_pref("CT3185678.serviceLayer_services_serviceMap_lastUpdate", "1353267041925");
Line Deleted : user_pref("CT3185678.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353267045733");
Line Deleted : user_pref("CT3185678.serviceLayer_services_toolbarSettings_lastUpdate", "1353267042101");
Line Deleted : user_pref("CT3185678.serviceLayer_services_translation_lastUpdate", "1353267043182");
Line Deleted : user_pref("CT3185678.serviceLayer_services_userApps_lastUpdate", "1353267051114");
Line Deleted : user_pref("CT3185678.settingsINI", true);
Line Deleted : user_pref("CT3185678.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3185678.smartbar.CTID", "CT3185678");
Line Deleted : user_pref("CT3185678.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3185678.smartbar.homepage", true);
Line Deleted : user_pref("CT3185678.smartbar.toolbarName", "NewFreeScreensavers ");
Line Deleted : user_pref("CT3185678.toolbarBornServerTime", "18-11-2012");
Line Deleted : user_pref("CT3185678.toolbarCurrentServerTime", "18-11-2012");
Line Deleted : user_pref("CT3185678.toolbarDisabled", "true");
Line Deleted : user_pref("CT3185678_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1353267040894,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3185678&SearchSource=13&CUI=SB_CUI");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "NewFreeScreensavers Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3185678&SearchSource=2&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3185678");
Line Deleted : user_pref("dom.ipc.plugins.enabled.npmywebs.dll", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=59C92D54-3773-4DFB-BC43-164642D2B772&n=77ee63c6&ptnrS=HJxdm017YYus&si=pconverter");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2012111814");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "HJxdm017YYus");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconverter");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "59C92D54-3773-4DFB-BC43-164642D2B772");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1353532345611");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "04011");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "7b93b7fc-05b3-4874-8cf6-14a2813eb6b9");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3185678&SearchSource=13&CUI=SB_CUI");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3185678&SearchSource=2&q=");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.facebook.com/");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Line Deleted : user_pref("smartbar.originalSearchEngine", false);

-\\ Google Chrome v30.0.1599.101

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [18351 octets] - [30/10/2013 12:13:15]
AdwCleaner[S0].txt - [18638 octets] - [30/10/2013 12:35:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18699 octets] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Owner on Wed 10/30/2013 at 12:40:57.06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\big fish games"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\toparcadehits"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\w3i, llc"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\start menu\programs\toparcadehits"



~~~ FireFox

Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"
Successfully deleted: [Folder] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\0zyzye2a.default\extensions\staged
Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\0zyzye2a.default\minidumps [54 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp
Successfully deleted: [Folder] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/30/2013 at 12:45:27.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




OTL logfile created on: 10/30/2013 12:47:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.23 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 75.02% Memory free
4.31 Gb Paging File | 3.69 Gb Available in Paging File | 85.66% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 765.11 Gb Free Space | 82.14% Space Free | Partition Type: NTFS
Drive E: | 3.80 Gb Total Space | 2.72 Gb Free Space | 71.65% Space Free | Partition Type: FAT32

Computer Name: OWNER-5F64AFAA0 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/29 12:27:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2013/08/20 16:52:16 | 000,040,512 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2013/08/20 16:52:13 | 003,857,984 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVault.exe
PRC - [2013/07/11 21:28:45 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/12/23 01:47:28 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2012/11/20 16:30:38 | 001,653,760 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2012/09/02 13:15:12 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/04/08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
PRC - [2010/04/08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2010/04/08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009/08/28 16:33:28 | 000,116,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
PRC - [2009/02/10 03:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/07 17:52:14 | 000,140,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
PRC - [2003/05/15 01:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/20 16:52:19 | 000,549,272 | ---- | M] () -- C:\Program Files\Constant Guard Protection Suite\sqlite3.dll
MOD - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/06/14 13:44:22 | 001,828,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\87e09dfbe3a44d6b00d3a5895f5a21a6\System.Web.Services.ni.dll
MOD - [2012/06/14 13:44:17 | 000,365,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\76a5d670ce969c0c65a905b7303d4bbf\System.ServiceModel.Routing.ni.dll
MOD - [2012/06/14 13:44:17 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll
MOD - [2012/06/14 13:44:16 | 001,127,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\dbf07cb14b4dcc210cdf8b5d90a12a56\System.ServiceModel.Discovery.ni.dll
MOD - [2012/06/14 13:44:14 | 001,388,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\52481fccddb053768631c640d5059d4b\System.ServiceModel.Activities.ni.dll
MOD - [2012/06/14 13:44:14 | 000,082,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c3831eb95ccf3904bab81a97a9b08ed3\System.ServiceModel.Channels.ni.dll
MOD - [2012/06/14 13:44:11 | 017,919,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll
MOD - [2012/06/14 13:43:46 | 001,159,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll
MOD - [2012/06/14 13:43:41 | 001,065,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9eac876f58a3ebca8878b8654efdc817\System.IdentityModel.ni.dll
MOD - [2012/06/14 13:41:49 | 000,645,632 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\dd9dbf82e44454689976a49a9e4ddb6d\System.Transactions.ni.dll
MOD - [2012/06/14 13:41:48 | 001,011,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/06/14 13:41:46 | 000,142,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll
MOD - [2012/06/14 13:41:45 | 002,625,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
MOD - [2012/06/14 13:41:41 | 001,776,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2012/06/14 13:17:53 | 017,629,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
MOD - [2012/06/14 13:17:40 | 013,006,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2012/06/14 13:17:32 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2012/06/14 13:17:20 | 006,754,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\92cccedc7cda413ff6fc6492cb256b58\System.Data.ni.dll
MOD - [2012/06/14 13:17:18 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/06/14 13:17:13 | 001,651,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2012/06/14 13:17:07 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/06/14 13:17:04 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/06/14 13:16:58 | 000,973,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
MOD - [2012/06/14 13:16:56 | 000,283,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\f5e029e2215c95ab38a1eefef7b32ac9\PresentationFramework.Classic.ni.dll
MOD - [2012/06/14 13:16:54 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/06/14 13:16:45 | 000,144,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\b07f0d26a34ad53fc369248f289d1126\System.Numerics.ni.dll
MOD - [2012/06/14 13:16:44 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2012/02/14 19:37:52 | 011,796,096 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\SanDisk\My Vaults\dmBackup.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/02/10 03:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2008/04/14 08:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - [2013/10/08 23:27:56 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/20 16:52:16 | 000,040,512 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2013/07/10 21:36:51 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/09/02 13:15:12 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/09/27 15:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/04/08 16:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2010/04/08 16:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2010/04/08 16:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/28 16:33:28 | 000,116,032 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2009/02/10 03:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/12/07 17:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\jbridgep.sys -- (jbridgep)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AVGIDSShim.Sys -- (AVGIDSShim)
DRV - [2013/09/17 17:59:51 | 000,080,104 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2013/07/24 11:25:24 | 000,024,520 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyCrypt32.sys -- (keycrypt)
DRV - [2012/10/30 19:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2011/09/02 02:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 02:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 02:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 02:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/09/02 02:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/09/02 02:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/08/05 12:27:40 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/12/18 13:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/03/12 15:53:46 | 001,550,613 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2001/04/09 14:11:00 | 000,024,424 | ---- | M] (ADMtek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NET8511.SYS -- (ADM8511)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B156CE15-8648-4CE0-8E98-2A424CE71429}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B0113D088-8ED1-468C-B225-585A9C53B5E3%7D:1.0
FF - prefs.js..extensions.enabledAddons: idvaultaddin%40whitesky:1.13.820.2
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.8
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVG\AVG10\Toolbar\Firefox\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/11 21:30:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/11 21:30:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/08 23:26:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/30 12:41:32 | 000,000,000 | ---D | M]

[2013/10/30 11:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/10/30 12:44:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions
[2012/12/01 01:29:42 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/09/28 23:47:17 | 000,000,000 | ---D | M] (foof) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected]
[2013/07/15 15:37:37 | 000,000,000 | ---D | M] (XFINITY Constant Guard Protection Suite) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected]
[2013/01/04 14:39:39 | 000,013,345 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013/10/30 11:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/10 21:35:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/10 21:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/10 21:35:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/10 21:36:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/06/27 17:36:55 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013/07/11 21:29:00 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: npAPI Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\npTNT2.dll
CHR - plugin: npAPI Ghost Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\npTNT2ghost.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: JavaScript Popup Blocker = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol\1.2.4_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/10/30 12:05:41 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Documents and Settings\All Users\Application Data\White Sky, Inc\ID Vault\IEBHO1.13.820.2\NativeBHO.dll (WhiteSky)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3E2DEBED-55FF-41F1-A5CB-E0AD4DCADB14} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [E2A6CA641BD771C06D3776C293639FEB79099F12._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Constant Guard.lnk = C:\Program Files\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1279485110015 (WUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.1.66.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43252356-6AC6-4445-909D-D73C3DC47A47}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KEYCRY~1\KEYCRY~4.DLL) - C:\Program Files\KeyCryptSDK\KeyCrypt32(2).dll (Zemana Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/18 15:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/30 12:40:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/30 12:40:15 | 001,033,335 | ---- | C] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2013/10/30 12:11:46 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/30 12:04:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/29 12:27:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/10/08 23:36:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/10/08 23:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/08 23:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/08 23:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/10/08 23:28:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/08 23:26:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2013/10/08 23:26:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/30 12:46:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/30 12:40:20 | 001,033,335 | ---- | M] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2013/10/30 12:37:12 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2013/10/30 12:37:11 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/30 12:37:09 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2013/10/30 12:36:54 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/30 12:36:54 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2013/10/30 12:36:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/30 12:27:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/10/30 12:11:25 | 001,060,070 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2013/10/30 12:05:41 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/10/29 12:51:42 | 001,893,983 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Nickelodeon character templates.pdf
[2013/10/29 12:47:46 | 000,097,287 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Diego template.pdf
[2013/10/29 12:27:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/10/29 12:13:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/10/28 20:47:35 | 000,019,025 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Dora stensil.pdf
[2013/10/28 20:37:51 | 000,115,295 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Pirate ship stensil.pdf
[2013/10/25 22:53:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2013/10/25 10:51:34 | 000,084,980 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bat costume.jpg
[2013/10/23 13:11:10 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2013/10/19 07:38:39 | 000,218,616 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WTH MMFCU.pdf
[2013/10/16 00:58:50 | 000,768,360 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\10-building-blocks-for-biz-success.pdf
[2013/10/15 12:51:30 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/10/08 23:36:02 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/10/08 23:26:41 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/10/03 23:46:36 | 001,319,148 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Dharma Fiber Reactive Procion Dyes.pdf
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/30 12:11:22 | 001,060,070 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2013/10/29 12:51:42 | 001,893,983 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Nickelodeon character templates.pdf
[2013/10/29 12:47:37 | 000,097,287 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Diego template.pdf
[2013/10/28 20:47:34 | 000,019,025 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Dora stensil.pdf
[2013/10/28 20:37:35 | 000,115,295 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Pirate ship stensil.pdf
[2013/10/25 10:51:34 | 000,084,980 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bat costume.jpg
[2013/10/19 07:38:29 | 000,218,616 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\WTH MMFCU.pdf
[2013/10/16 00:58:49 | 000,768,360 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\10-building-blocks-for-biz-success.pdf
[2013/10/08 23:36:02 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/10/08 23:26:40 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2013/10/03 23:46:33 | 001,319,148 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Dharma Fiber Reactive Procion Dyes.pdf
[2013/06/27 22:18:38 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/26 23:58:15 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/26 23:58:14 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/03/30 09:36:15 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2012/12/23 01:59:02 | 000,334,704 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/23 01:46:33 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\.backup.dm
[2012/06/29 13:52:18 | 001,439,422 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1482476501-412668190-1417001333-1003-0.dat
[2012/06/29 13:52:09 | 000,328,622 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/18 17:49:20 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/21 11:31:00 | 767,354,880 | ---- | C] () -- C:\Program Files\SW_DVD5_Office_Professional_Plus_2010_W32_English_MLF_X16-52536.ISO

========== ZeroAccess Check ==========

[2012/12/23 01:54:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 12:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/08 23:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/07/29 00:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/08/18 12:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/01/08 15:08:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/09/30 20:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/07/27 10:38:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2013/10/16 09:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/07/27 11:46:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/07/27 11:42:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2013/01/12 06:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Casual Arts
[2012/12/23 01:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2010/09/28 21:03:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/06/08 15:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2011/11/04 16:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2010/09/28 20:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/01/20 17:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/18 16:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2013/06/08 15:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2012/11/26 14:03:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/03/30 09:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F7367F58-5836-4168-962C-6EE09FA340B5}
[2010/09/28 22:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/08/22 06:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2012/12/22 02:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Brabl
[2012/11/03 13:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2010/07/27 10:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX
[2013/01/12 06:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Casual Arts
[2011/06/14 16:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Catalina Marketing Corp
[2012/12/08 00:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.Rhapsody.RhapsodyCloudSync
[2012/11/14 16:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivoGames
[2012/06/14 15:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Garmin
[2013/10/30 12:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ID Vault
[2012/02/11 21:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/08/18 12:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2013/07/07 01:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PandoraRecovery
[2013/10/30 10:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk
[2012/12/23 01:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk SecureAccess
[2013/07/31 11:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stamps.com Internet Postage
[2012/09/20 15:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ThreeDays2
[2011/06/27 13:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
[2012/11/18 16:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2012/12/23 09:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#11
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi, your logs are looking good, but we have a bit to go yet. :)



Step 1: Change Chrome's Homepage

Your Chrome browser is still set to a malware/adware related site, and we need to change that.

  • Click the Chrome menu button Posted Image on the browser toolbar.
  • Select Settings
  • Set your homepage
  • If the "Show Home button" checkbox is selected, there will be a web address below it. If it is not checked, check it and it will show the browser's homepage.
  • Click the Change and then type any address you would like into the bar.
  • Once you have typed in your new homepage, click the Ok button and then close the browser.


Step 2: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the dektop and icons, they will return on reboot.

Run OTL

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3E2DEBED-55FF-41F1-A5CB-E0AD4DCADB14} - No CLSID value found.

:Files
C:\Program Files\MyWebSearch
C:\Program Files\VideoDownloadConverter_4z

:Commands
[reboot]



Step 3: aswMBR Scan

  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Posted Image

  • Click the Scan button to begin the scan.
Posted Image
  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit


  • Things I need to see in your next post:
  • OTL Fix Log
  • aswMBR Log
  • How is the machine running?

  • 0

#12
Faithsa

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts
For some reason, it didn't give me a fix log?? I can't find it anyway?

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-31 21:58:58
-----------------------------
21:58:58.281 OS Version: Windows 5.1.2600 Service Pack 3
21:58:58.281 Number of processors: 2 586 0xF0D
21:58:58.281 ComputerName: OWNER-5F64AFAA0 UserName: Owner
21:59:00.859 Initialize success
22:01:35.093 AVAST engine defs: 13103101
22:01:38.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-10
22:01:38.312 Disk 0 Vendor: ST31000340NS SN05 Size: 953869MB BusType: 3
22:01:38.390 Disk 0 MBR read successfully
22:01:38.390 Disk 0 MBR scan
22:01:38.421 Disk 0 Windows XP default MBR code
22:01:38.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 953859 MB offset 63
22:01:38.421 Disk 0 scanning sectors +1953504000
22:01:38.484 Disk 0 scanning C:\WINDOWS\system32\drivers
22:01:43.953 Service scanning
22:01:58.031 Modules scanning
22:02:00.796 Disk 0 trace - called modules:
22:02:00.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:02:00.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a783ab8]
22:02:00.812 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000067[0x8a76b9e8]
22:02:00.812 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-10[0x8a769b00]
22:02:03.031 AVAST engine scan C:\WINDOWS
22:02:16.406 AVAST engine scan C:\WINDOWS\system32
22:05:28.296 AVAST engine scan C:\WINDOWS\system32\drivers
22:06:11.906 AVAST engine scan C:\Documents and Settings\Owner
22:37:58.015 AVAST engine scan C:\Documents and Settings\All Users
22:42:19.593 Scan finished successfully
09:41:07.953 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
09:41:07.953 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

It seems to be loading this better and not crashing chrome like it was.
  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Try looking in here for the fix log. OTL saves a copy of the log in that directory.

 C:\_OTL\MovedFiles


Glad to hear the machine is running better. We're almost there, just a few more things to do. :)
  • 0

#14
Faithsa

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts
I think this is it:

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3E2DEBED-55FF-41F1-A5CB-E0AD4DCADB14} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E2DEBED-55FF-41F1-A5CB-E0AD4DCADB14}\ not found.
========== FILES ==========
File\Folder C:\Program Files\MyWebSearch not found.
File\Folder C:\Program Files\VideoDownloadConverter_4z not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 10312013_215402
  • 0

#15
Faithsa

Faithsa

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 190 posts
And just so you know, I have no problem whatsoever ditching Norton completely if another antivirus is a better option :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP