Computer needs constant rebooting, issues... [Solved]
Started by
Faithsa
, Oct 29 2013 10:42 AM
This topic is locked
#31
Posted 07 November 2013 - 08:34 PM
Faithsa
- Topic Starter
-
- Member
-
- 190 posts
Member
#32
Posted 07 November 2013 - 08:37 PM
pystryker
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
I started the Oyl fix and it has been on: killing processes. DO NOT interrupt... for well over an hour now with a blue screen behind it??
Ok, close OTL by clicking the X in the top right corner of it's control panel. Check and make sure that any anti-virus programs are disabled, restart OTL, and try running the fix again.
#33
Posted 07 November 2013 - 08:44 PM
Faithsa
- Topic Starter
-
- Member
-
- 190 posts
Member
It isn't closing... and since I uninstalled Norton I haven't put anything else on the system for antivirus.
#34
Posted 07 November 2013 - 08:47 PM
pystryker
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
It isn't closing... and since I uninstalled Norton I haven't put anything else on the system for antivirus.
Ok, reboot the machine and then restart OTL and try the fix again. Let's see if that will solve the issue.
#35
Posted 07 November 2013 - 09:02 PM
Faithsa
- Topic Starter
-
- Member
-
- 190 posts
Member
It seems to be stuck again...
#36
Posted 07 November 2013 - 09:08 PM
pystryker
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
It seems to be stuck again...
Try one more thing for me and let's see. Delete the current copy you have of OTL, download a fresh copy, and try the fix again. Give it about 30 minutes if it seems to be hung again and let me know. If it hangs again, I will have to consult with my teacher and see what he says.
Download OTL to your desktop by clicking here. If for some reason, that link is not working, please click here for a secondary site.
#37
Posted 07 November 2013 - 09:19 PM
Faithsa
- Topic Starter
-
- Member
-
- 190 posts
Member
OK will do. I also am getting a pop up upon start up.
Trying to delete Otl now.
Trying to delete Otl now.
#38
Posted 07 November 2013 - 09:21 PM
pystryker
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
Ok, that popup is one of the things that we'll be killing with these steps. No worries, we'll get this whipped.
#39
Posted 07 November 2013 - 09:21 PM
Faithsa
- Topic Starter
-
- Member
-
- 190 posts
Member
What do I need to do to delete it??
#40
Posted 07 November 2013 - 09:23 PM
pystryker
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
What do I need to do to delete it??
To delete OTL, click the Clean Up button on OTL's control panel and it will clean out it's quarantine folder and delete itself. Then you can download the fresh copy.
#41
Posted 07 November 2013 - 09:35 PM
Faithsa
- Topic Starter
-
- Member
-
- 190 posts
Member
Ok, I just started the Oyl fix again and am getting the same screen. I'll let you know if it doesn't change.
#42
Posted 07 November 2013 - 09:36 PM
pystryker
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
Ok, thank you.Ok, I just started the Oyl fix again and am getting the same screen. I'll let you know if it doesn't change.
#43
Posted 07 November 2013 - 10:30 PM
Faithsa
- Topic Starter
-
- Member
-
- 190 posts
Member
I just rebooted the PC again. It got stuck again.
#44
Posted 08 November 2013 - 09:11 AM
pystryker
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
Ok, I believe we have a solution to the problem. We need to uninstall Malwarebytes Anti Malware for the duration of the OTL run.
Please follow the instructions below then proceed with the steps starting with the OTL fix.
Uninstall Malwarebytes
Click Start, click Control Panel, and then double-click Add or Remove Programs.
In the Currently installed programs box select Malwarebytes Anti Malware to remove, and then click Remove.
If you are prompted to confirm the removal of the program, click Yes.
Please follow the instructions below then proceed with the steps starting with the OTL fix.
Uninstall Malwarebytes
Click Start, click Control Panel, and then double-click Add or Remove Programs.
In the Currently installed programs box select Malwarebytes Anti Malware to remove, and then click Remove.
If you are prompted to confirm the removal of the program, click Yes.
#45
Posted 08 November 2013 - 03:46 PM
Faithsa
- Topic Starter
-
- Member
-
- 190 posts
Member
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\URLSearchHooks\\{5f520d40-805b-4169-bb2b-40e37ee57701} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f520d40-805b-4169-bb2b-40e37ee57701}\
deleted successfully.
C:\Program Files\WhiteSmoke_New_V.13\prxtbWhit.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set
successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\SearchScopes\{AFAA0202-BB69-461E-8C6B-3DA780223E12}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFAA0202-BB69-461E-8C6B-3DA780223E12}\
not found.
Prefs.js: "true" removed from CT3317127.browser.search.defaultthis.engineName
Prefs.js: "WhiteSmoke New V.13 Customized Web Search" removed from
browser.search.defaultenginename
Prefs.js: "WhiteSmoke New V.13 Customized Web Search" removed from
browser.search.defaultthis.engineName
Prefs.js:
"http://search.condui...UM=2
ce=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "WhiteSmoke New V.13 Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "" removed from browser.search.order.1
Prefs.js: "WhiteSmoke New V.13 Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "" removed from browser.search.useDBForOrder
Prefs.js:
"http://search.condui...247660596091313
3&UM=2&UP=SP54B98927-2D01-4EFB-99F0-48D9212C4706&SSPV=" removed from browser.startup.homepage
Prefs.js: idvaultaddin%40whitesky:1.13.820.2 removed from extensions.enabledAddons
Prefs.js:
"http://search.condui...76605960913133
UM=2&q=" removed from keyword.URL
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Plugins folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
modules folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
META-INF folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
lib folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
defaults\preferences folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
defaults folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
components folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\sl folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\lib\jquery.jscrollpane folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\lib\jquery.alerts folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\lib folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\core folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\WEATHER folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\TWITTER folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\Optimizer folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\menu\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\menu\img folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\menu\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\menu folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\gf\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\gf\img folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\gf\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\gf folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\dlg folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\sp\spsd\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\sp\spsd folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\sp\spbd\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\sp\spbd folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\sp\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\sp folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\options\js\resources folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\options\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\options\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\options\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\options folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\msd folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\api folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ac\res folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ac\img folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ac\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ac folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\aboutBox\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\aboutBox\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\aboutBox folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\logic\uninstall\dialog\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\logic\uninstall\dialog\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\logic\uninstall\dialog\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\logic\uninstall\dialog folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\logic\uninstall folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\logic folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127 folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}
folder moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User
Data\Default\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp\10.22.0.588_0 not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User
Data\Default\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp\10.22.0.588_0\nativeMessaging\nmHost not
found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User
Data\Default\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp\10.22.0.88_0 not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User
Data\Default\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp\10.22.0.88_0\nativeMessaging\nmHost not
found.
File C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll not found.
File C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{5f520d40-805b-4169-bb2b-40e37ee57701}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f520d40-805b-4169-bb2b-40e37ee57701}\
not found.
File C:\Program Files\WhiteSmoke_New_V.13\prxtbWhit.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}\
deleted successfully.
C:\Documents and Settings\All Users\Application Data\White Sky, Inc\ID
Vault\IEBHO1.13.820.2\NativeBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Toolbar\\{5f520d40-805b-4169-bb2b-40e37ee57701} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f520d40-805b-4169-bb2b-40e37ee57701}\
not found.
File C:\Program Files\WhiteSmoke_New_V.13\prxtbWhit.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll
not found.
File C:\Program Files\SearchProtect\bin\cltmng.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeguard
not found.
File C:\Program Files\Browsersafeguard\Browsersafeguard.exe not found.
Registry value
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_hgeaklkcio
lgbejekedbdphhbjbiaamp not found.
C:\Program Files\Conduit\CT3317127\plugins\TBVerifier.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro not
found.
File C:\Program Files\Optimizer Pro\OptProLauncher.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not
found.
File C:\Documents and Settings\Owner\Application Data\SearchProtect\bin\cltmng.exe not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Constant Guard.lnk moved
successfully.
C:\Program Files\Constant Guard Protection Suite\IDVault.exe moved successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk moved successfully.
C:\Program Files\MyPC Backup\MyPC Backup.exe moved successfully.
C:\Documents and Settings\Owner\My Documents\Optimizer Pro folder moved successfully.
Folder C:\Documents and Settings\Owner\Application Data\Optimizer Pro\ not found.
C:\Documents and Settings\Owner\Start Menu\Programs\MyPC Backup folder moved successfully.
C:\Program Files\MyPC Backup\x86 folder moved successfully.
C:\Program Files\MyPC Backup\x64 folder moved successfully.
C:\Program Files\MyPC Backup\Database folder moved successfully.
C:\Program Files\MyPC Backup folder moved successfully.
Folder C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro v3.2\ not found.
Folder C:\Program Files\Optimizer Pro\ not found.
C:\Documents and Settings\Owner\Application Data\SwvUpdater folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Repository\conduit_CT3317127_en\ToolbarTranslation folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Repository\conduit_CT3317127_en folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Repository\conduit_CT3317127_CT3317127\ToolbarSettings folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Repository\conduit_CT3317127_CT3317127\ToolbarLogin folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Repository\conduit_CT3317127_CT3317127\DynamicDialogs folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Repository\conduit_CT3317127_CT3317127\AppsMetaData folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Repository\conduit_CT3317127_CT3317127 folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13\Repository
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13\RadioPlayer
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12 folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B} folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13\plugins
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13\MyStuffApps
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13\Logs folder
moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\ExternalComponent folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13\EmailNotifier
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\UntrustedAppPendingDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\UntrustedAppApprovalDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\UntrustedAddedAppDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\ToolbarFirstTimeDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\SearchProtectorRetakeoverDialog\Images folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\SearchProtectorRetakeoverDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\SearchProtectorDialog\Images folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\SearchProtectorDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\SearchProtectorBubbleDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\NewSearchProtectorDialog\images folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\NewSearchProtectorDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\EngineFirstTimeDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\DetectedAppDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\DefualtImages folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\AddedAppDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13\Dialogs
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13\CacheIcons
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13 folder moved
successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3317127 folder moved
successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Conduit folder moved successfully.
C:\Program Files\WhiteSmoke_New_V.13 folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\NativeMessaging\CT3317127\1_0_0_2
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\NativeMessaging\CT3317127 folder
moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\NativeMessaging folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\CRE folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\Conduit\localStorage\appsFiles\2d2f2f16-9432-4890-9f93-624a84cf6261 folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\localStorage\appsFiles
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\localStorage folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\CT3317127 folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Log
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community
Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Feeds
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community
Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community
Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community
Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community
Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts folder
moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\Conduit\ChromeExtData\hgeaklkciolgbejekedbdphhbjbiaamp\Repository folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\Conduit\ChromeExtData\hgeaklkciolgbejekedbdphhbjbiaamp folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\ChromeExtData folder
moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit folder moved
successfully.
C:\Program Files\Conduit\CT3317127\plugins folder moved successfully.
C:\Program Files\Conduit\CT3317127 folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
Folder C:\Program Files\SearchProtect\ not found.
Folder C:\Documents and Settings\Owner\Application Data\SearchProtect\ not found.
Folder C:\Program Files\Browsersafeguard\ not found.
Folder C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard\ not found.
C:\Documents and Settings\Owner\Desktop\MyPC Backup.lnk moved successfully.
File C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
File C:\Documents and Settings\Owner\Desktop\Optimizer Pro.lnk not found.
C:\END moved successfully.
File C:\WINDOWS\tasks\BrowserSafeguard Update Task.job not found.
File C:\Documents and Settings\Owner\Desktop\MyPC Backup.lnk not found.
File C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
File C:\Documents and Settings\Owner\Desktop\Optimizer Pro.lnk not found.
C:\WINDOWS\tasks\AmiUpdXp.job moved successfully.
File C:\END not found.
File C:\WINDOWS\tasks\BrowserSafeguard Update Task.job not found.
Folder C:\Documents and Settings\All Users\Application Data\Conduit\ not found.
Folder C:\Documents and Settings\Owner\Application Data\Optimizer Pro\ not found.
Folder C:\Documents and Settings\Owner\Application Data\SearchProtect\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Owner
->Temp folder emptied: 146400752 bytes
->Temporary Internet Files folder emptied: 149550106 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 19171975 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 729111 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder
emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 301.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11082013_131226
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Junkware...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Owner on Fri 11/08/2013 at 13:26:13.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3317127
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\pricegong"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\browsersafeguard"
~~~ FireFox
Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"
Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\0zyzye2a.default\searchplugins\conduit.xml
Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\0zyzye2a.default\prefs.js
user_pref("CT3317127.smartbar.homepage", "true");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("smartbar.addressBarOwnerCTID", "CT3317127");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3317127&CUI=UN72476605960913133&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3317127&oct
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317127&SearchSource=2&CUI=UN72476605960913133&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3317127");
user_pref("smartbar.homePageOwnerCTID", "CT3317127");
user_pref("smartbar.machineId", "NZZCPQ7ZBJQZXA2X2C4OEVQ/8RJFEL+6JTUBLN0OR15QTISB7WZNNAHCV5BLBTBSBFY6U9SOASVZH1SNRMNWGG");
user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3317127&CUI=UN72476605960913133&UM=2&SearchSource=13");
Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\0zyzye2a.default\minidumps [54 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
I can't locate the adware log??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/08/2013 at 13:30:34.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL quick scan...
OTL logfile created on: 11/8/2013 1:31:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.23 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 60.96% Memory free
4.31 Gb Paging File | 3.50 Gb Available in Paging File | 81.13% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 764.67 Gb Free Space | 82.09% Space Free | Partition Type: NTFS
Computer Name: OWNER-5F64AFAA0 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/11/07 22:30:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/08/20 15:52:16 | 000,040,512 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2013/07/11 20:28:45 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/12/23 00:47:28 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2012/11/20 15:30:38 | 001,653,760 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2012/09/02 12:15:12 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/04/08 15:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
PRC - [2010/04/08 15:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2010/04/08 15:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009/08/28 15:33:28 | 000,116,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
PRC - [2009/02/10 02:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
PRC - [2003/05/15 00:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/08 19:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 19:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/08 19:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 19:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/06/14 12:44:17 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll
MOD - [2012/06/14 12:44:11 | 017,919,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll
MOD - [2012/06/14 12:43:46 | 001,159,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll
MOD - [2012/06/14 12:43:41 | 001,065,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9eac876f58a3ebca8878b8654efdc817\System.IdentityModel.ni.dll
MOD - [2012/06/14 12:41:48 | 001,011,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/06/14 12:41:46 | 000,142,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll
MOD - [2012/06/14 12:41:45 | 002,625,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
MOD - [2012/06/14 12:41:41 | 001,776,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2012/06/14 12:17:53 | 017,629,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
MOD - [2012/06/14 12:17:32 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2012/06/14 12:17:18 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/06/14 12:17:07 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/06/14 12:17:04 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/06/14 12:16:58 | 000,973,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
MOD - [2012/06/14 12:16:54 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/06/14 12:16:44 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2012/02/14 18:37:52 | 011,796,096 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\SanDisk\My Vaults\dmBackup.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/02/10 02:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2008/04/14 07:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Services (SafeList) ==========
SRV - [2013/10/08 22:27:56 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/20 15:52:16 | 000,040,512 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2013/07/10 20:36:51 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/03 15:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/09/02 12:15:12 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/09/27 14:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/04/08 15:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2010/04/08 15:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2010/04/08 15:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/28 15:33:28 | 000,116,032 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2009/02/10 02:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/12/07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\jbridgep.sys -- (jbridgep)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AVGIDSShim.Sys -- (AVGIDSShim)
DRV - [2013/09/17 16:59:51 | 000,080,104 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2013/07/24 10:25:24 | 000,024,520 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyCrypt32.sys -- (keycrypt)
DRV - [2012/10/30 18:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2011/09/02 01:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 01:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 01:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 01:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/09/02 01:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/09/02 01:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/08/05 11:27:40 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/03/12 14:53:46 | 001,550,613 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2001/04/09 13:11:00 | 000,024,424 | ---- | M] (ADMtek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NET8511.SYS -- (ADM8511)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {AFAA0202-BB69-461E-8C6B-3DA780223E12}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 7B 3E 4E 4B D8 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B156CE15-8648-4CE0-8E98-2A424CE71429}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/11 20:30:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/11 20:30:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/08 22:26:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/30 11:41:32 | 000,000,000 | ---D | M]
[2013/10/30 10:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/11/06 18:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions
[2012/12/01 00:29:42 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/09/28 22:47:17 | 000,000,000 | ---D | M] (foof) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected]
[2013/07/15 14:37:37 | 000,000,000 | ---D | M] (XFINITY Constant Guard Protection Suite) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\idvaultaddin@whitesky
[2013/01/04 13:39:39 | 000,013,345 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013/10/30 10:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/10 20:35:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/10 20:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/10 20:35:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/10 20:36:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/06/27 16:36:55 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013/07/11 20:29:00 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://mail.google....0/?shva=1#inbox
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: npAPI Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\npTNT2.dll
CHR - plugin: npAPI Ghost Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\npTNT2ghost.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: JavaScript Popup Blocker = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol\1.2.4_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/10/30 11:05:41 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [E2A6CA641BD771C06D3776C293639FEB79099F12._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1279485110015 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.1.66.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43252356-6AC6-4445-909D-D73C3DC47A47}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/18 14:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/11/08 13:23:41 | 001,034,531 | ---- | C] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT_NEW.exe
[2013/11/07 22:32:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/07 22:30:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/11/02 23:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/11/02 22:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2013/11/02 22:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/11/02 22:28:24 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.75.0.1300.exe
[2013/10/30 11:40:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/30 11:40:15 | 001,033,335 | ---- | C] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2013/10/30 11:11:46 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/11/08 13:27:06 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/08 13:14:20 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2013/11/08 13:14:19 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2013/11/08 13:14:19 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2013/11/08 13:14:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/08 13:14:05 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/08 13:14:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/08 12:46:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/07 22:30:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/11/07 22:27:31 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/11/06 18:22:15 | 000,891,184 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2013/11/06 18:20:32 | 000,475,966 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/06 18:20:32 | 000,076,622 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/11/05 17:36:18 | 001,034,531 | ---- | M] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT_NEW.exe
[2013/11/05 12:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/11/02 22:28:33 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/01 21:53:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2013/11/01 08:41:07 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2013/10/30 11:40:20 | 001,033,335 | ---- | M] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2013/10/30 11:11:25 | 001,060,070 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2013/10/30 11:05:41 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/10/29 11:51:42 | 001,893,983 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Nickelodeon character templates.pdf
[2013/10/29 11:47:46 | 000,097,287 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Diego template.pdf
[2013/10/28 19:47:35 | 000,019,025 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Dora stensil.pdf
[2013/10/28 19:37:51 | 000,115,295 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Pirate ship stensil.pdf
[2013/10/25 09:51:34 | 000,084,980 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bat costume.jpg
[2013/10/23 12:11:10 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2013/10/19 06:38:39 | 000,218,616 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WTH MMFCU.pdf
[2013/10/15 23:58:50 | 000,768,360 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\10-building-blocks-for-biz-success.pdf
[2013/10/15 11:51:30 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/11/06 18:22:07 | 000,891,184 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2013/11/01 08:41:07 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2013/10/30 11:11:22 | 001,060,070 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2013/10/29 11:51:42 | 001,893,983 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Nickelodeon character templates.pdf
[2013/10/29 11:47:37 | 000,097,287 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Diego template.pdf
[2013/10/28 19:47:34 | 000,019,025 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Dora stensil.pdf
[2013/10/28 19:37:35 | 000,115,295 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Pirate ship stensil.pdf
[2013/10/25 09:51:34 | 000,084,980 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bat costume.jpg
[2013/10/19 06:38:29 | 000,218,616 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\WTH MMFCU.pdf
[2013/10/15 23:58:49 | 000,768,360 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\10-building-blocks-for-biz-success.pdf
[2013/06/27 21:18:38 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/26 22:58:15 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/26 22:58:14 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/03/30 08:36:15 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2012/12/23 00:59:02 | 000,501,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/23 00:46:33 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\.backup.dm
[2012/06/29 12:52:18 | 001,767,766 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1482476501-412668190-1417001333-1003-0.dat
[2012/06/29 12:52:09 | 000,328,622 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/18 16:49:20 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/21 10:31:00 | 767,354,880 | ---- | C] () -- C:\Program Files\SW_DVD5_Office_Professional_Plus_2010_W32_English_MLF_X16-52536.ISO
========== ZeroAccess Check ==========
[2012/12/23 00:54:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 11:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/10/08 22:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/07/28 23:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/08/18 11:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/01/08 14:08:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/09/30 19:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/07/27 09:38:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2013/10/16 08:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/07/27 10:46:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/07/27 10:42:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2013/01/12 05:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Casual Arts
[2012/12/23 00:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2010/09/28 20:03:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/06/08 14:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2011/11/04 15:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2010/09/28 19:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/01/20 16:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/18 15:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2013/06/08 14:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2012/11/26 13:03:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/03/30 08:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F7367F58-5836-4168-962C-6EE09FA340B5}
[2010/09/28 21:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/08/22 05:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2012/12/22 01:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Brabl
[2012/11/03 12:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2010/07/27 09:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX
[2013/01/12 05:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Casual Arts
[2011/06/14 15:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Catalina Marketing Corp
[2012/12/07 23:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.Rhapsody.RhapsodyCloudSync
[2012/11/14 15:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivoGames
[2012/06/14 14:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Garmin
[2013/11/08 11:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ID Vault
[2012/02/11 20:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/08/18 11:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2013/07/07 00:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PandoraRecovery
[2013/11/02 23:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk
[2012/12/23 00:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk SecureAccess
[2013/07/31 10:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stamps.com Internet Postage
[2012/09/20 14:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ThreeDays2
[2011/06/27 12:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
[2012/11/18 15:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2012/12/23 08:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug
========== Purity Check ==========
< End of report >
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\URLSearchHooks\\{5f520d40-805b-4169-bb2b-40e37ee57701} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f520d40-805b-4169-bb2b-40e37ee57701}\
deleted successfully.
C:\Program Files\WhiteSmoke_New_V.13\prxtbWhit.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set
successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet
Explorer\SearchScopes\{AFAA0202-BB69-461E-8C6B-3DA780223E12}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFAA0202-BB69-461E-8C6B-3DA780223E12}\
not found.
Prefs.js: "true" removed from CT3317127.browser.search.defaultthis.engineName
Prefs.js: "WhiteSmoke New V.13 Customized Web Search" removed from
browser.search.defaultenginename
Prefs.js: "WhiteSmoke New V.13 Customized Web Search" removed from
browser.search.defaultthis.engineName
Prefs.js:
"http://search.condui...UM=2
ce=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "WhiteSmoke New V.13 Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "" removed from browser.search.order.1
Prefs.js: "WhiteSmoke New V.13 Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "" removed from browser.search.useDBForOrder
Prefs.js:
"http://search.condui...247660596091313
3&UM=2&UP=SP54B98927-2D01-4EFB-99F0-48D9212C4706&SSPV=" removed from browser.startup.homepage
Prefs.js: idvaultaddin%40whitesky:1.13.820.2 removed from extensions.enabledAddons
Prefs.js:
"http://search.condui...76605960913133
UM=2&q=" removed from keyword.URL
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Plugins folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
modules folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
META-INF folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
lib folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
defaults\preferences folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
defaults folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
components folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\sl folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\lib\jquery.jscrollpane folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\lib\jquery.alerts folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\lib folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\core folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\WEATHER folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\TWITTER folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\SEARCH folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\Optimizer folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\wa folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\menu\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\menu\img folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\menu\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\menu folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\gf\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\gf\img folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\gf\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\gf folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui\dlg folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ui folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\sp\spsd\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\sp\spsd folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\sp\spbd\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\sp\spbd folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\sp\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\sp folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\options\js\resources folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\options\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\options\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\options\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\options folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\msd folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\api folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ac\res folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ac\img folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ac\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\ac folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\aboutBox\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\aboutBox\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al\aboutBox folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb\al folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\tb folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\logic\uninstall\dialog\js folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\logic\uninstall\dialog\images folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\logic\uninstall\dialog\css folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\logic\uninstall\dialog folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\logic\uninstall folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content\logic folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127\content folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome\CT3317127 folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}\
Chrome folder moved successfully.
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{5f520d40-805b-4169-bb2b-40e37ee57701}
folder moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User
Data\Default\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp\10.22.0.588_0 not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User
Data\Default\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp\10.22.0.588_0\nativeMessaging\nmHost not
found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User
Data\Default\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp\10.22.0.88_0 not found.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User
Data\Default\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp\10.22.0.88_0\nativeMessaging\nmHost not
found.
File C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll not found.
File C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{5f520d40-805b-4169-bb2b-40e37ee57701}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f520d40-805b-4169-bb2b-40e37ee57701}\
not found.
File C:\Program Files\WhiteSmoke_New_V.13\prxtbWhit.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}\
deleted successfully.
C:\Documents and Settings\All Users\Application Data\White Sky, Inc\ID
Vault\IEBHO1.13.820.2\NativeBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Toolbar\\{5f520d40-805b-4169-bb2b-40e37ee57701} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f520d40-805b-4169-bb2b-40e37ee57701}\
not found.
File C:\Program Files\WhiteSmoke_New_V.13\prxtbWhit.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll
not found.
File C:\Program Files\SearchProtect\bin\cltmng.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeguard
not found.
File C:\Program Files\Browsersafeguard\Browsersafeguard.exe not found.
Registry value
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_hgeaklkcio
lgbejekedbdphhbjbiaamp not found.
C:\Program Files\Conduit\CT3317127\plugins\TBVerifier.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro not
found.
File C:\Program Files\Optimizer Pro\OptProLauncher.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect not
found.
File C:\Documents and Settings\Owner\Application Data\SearchProtect\bin\cltmng.exe not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Constant Guard.lnk moved
successfully.
C:\Program Files\Constant Guard Protection Suite\IDVault.exe moved successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk moved successfully.
C:\Program Files\MyPC Backup\MyPC Backup.exe moved successfully.
C:\Documents and Settings\Owner\My Documents\Optimizer Pro folder moved successfully.
Folder C:\Documents and Settings\Owner\Application Data\Optimizer Pro\ not found.
C:\Documents and Settings\Owner\Start Menu\Programs\MyPC Backup folder moved successfully.
C:\Program Files\MyPC Backup\x86 folder moved successfully.
C:\Program Files\MyPC Backup\x64 folder moved successfully.
C:\Program Files\MyPC Backup\Database folder moved successfully.
C:\Program Files\MyPC Backup folder moved successfully.
Folder C:\Documents and Settings\All Users\Start Menu\Programs\Optimizer Pro v3.2\ not found.
Folder C:\Program Files\Optimizer Pro\ not found.
C:\Documents and Settings\Owner\Application Data\SwvUpdater folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Repository\conduit_CT3317127_en\ToolbarTranslation folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Repository\conduit_CT3317127_en folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Repository\conduit_CT3317127_CT3317127\ToolbarSettings folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Repository\conduit_CT3317127_CT3317127\ToolbarLogin folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Repository\conduit_CT3317127_CT3317127\DynamicDialogs folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Repository\conduit_CT3317127_CT3317127\AppsMetaData folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Repository\conduit_CT3317127_CT3317127 folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13\Repository
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13\RadioPlayer
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12 folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B} folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13\plugins
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13\MyStuffApps
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13\Logs folder
moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\ExternalComponent folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13\EmailNotifier
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\UntrustedAppPendingDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\UntrustedAppApprovalDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\UntrustedAddedAppDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\ToolbarUntrustedAppsApprovalDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\ToolbarFirstTimeDialog\images folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\ToolbarFirstTimeDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\SearchProtectorRetakeoverDialog\Images folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\SearchProtectorRetakeoverDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\SearchProtectorDialog\Images folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\SearchProtectorDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\SearchProtectorBubbleDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\NewSearchProtectorDialog\images folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\NewSearchProtectorDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\EngineFirstTimeDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\DetectedAppDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\DefualtImages folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\WhiteSmoke_New_V.13\Dialogs\AddedAppDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13\Dialogs
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13\CacheIcons
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\WhiteSmoke_New_V.13 folder moved
successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3317127 folder moved
successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Conduit folder moved successfully.
C:\Program Files\WhiteSmoke_New_V.13 folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\NativeMessaging\CT3317127\1_0_0_2
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\NativeMessaging\CT3317127 folder
moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\NativeMessaging folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\CRE folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\Conduit\localStorage\appsFiles\2d2f2f16-9432-4890-9f93-624a84cf6261 folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\localStorage\appsFiles
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\localStorage folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\CT3317127 folder moved
successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Log
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community
Alerts\LanguagePacks folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Feeds
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community
Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community
Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community
Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community
Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts\Dialogs
folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\Community Alerts folder
moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\Conduit\ChromeExtData\hgeaklkciolgbejekedbdphhbjbiaamp\Repository folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application
Data\Conduit\ChromeExtData\hgeaklkciolgbejekedbdphhbjbiaamp folder moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit\ChromeExtData folder
moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit folder moved
successfully.
C:\Program Files\Conduit\CT3317127\plugins folder moved successfully.
C:\Program Files\Conduit\CT3317127 folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
Folder C:\Program Files\SearchProtect\ not found.
Folder C:\Documents and Settings\Owner\Application Data\SearchProtect\ not found.
Folder C:\Program Files\Browsersafeguard\ not found.
Folder C:\Documents and Settings\All Users\Start Menu\Programs\BrowserSafeguard\ not found.
C:\Documents and Settings\Owner\Desktop\MyPC Backup.lnk moved successfully.
File C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
File C:\Documents and Settings\Owner\Desktop\Optimizer Pro.lnk not found.
C:\END moved successfully.
File C:\WINDOWS\tasks\BrowserSafeguard Update Task.job not found.
File C:\Documents and Settings\Owner\Desktop\MyPC Backup.lnk not found.
File C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
File C:\Documents and Settings\Owner\Desktop\Optimizer Pro.lnk not found.
C:\WINDOWS\tasks\AmiUpdXp.job moved successfully.
File C:\END not found.
File C:\WINDOWS\tasks\BrowserSafeguard Update Task.job not found.
Folder C:\Documents and Settings\All Users\Application Data\Conduit\ not found.
Folder C:\Documents and Settings\Owner\Application Data\Optimizer Pro\ not found.
Folder C:\Documents and Settings\Owner\Application Data\SearchProtect\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Owner
->Temp folder emptied: 146400752 bytes
->Temporary Internet Files folder emptied: 149550106 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 19171975 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 729111 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder
emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 301.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 11082013_131226
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Junkware...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Owner on Fri 11/08/2013 at 13:26:13.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] backupstack
Successfully deleted: [Service] backupstack
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mypc backup
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3317127
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\pricegong"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\browsersafeguard"
~~~ FireFox
Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"
Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\0zyzye2a.default\searchplugins\conduit.xml
Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\0zyzye2a.default\prefs.js
user_pref("CT3317127.smartbar.homepage", "true");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("smartbar.addressBarOwnerCTID", "CT3317127");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3317127&CUI=UN72476605960913133&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3317127&oct
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317127&SearchSource=2&CUI=UN72476605960913133&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3317127");
user_pref("smartbar.homePageOwnerCTID", "CT3317127");
user_pref("smartbar.machineId", "NZZCPQ7ZBJQZXA2X2C4OEVQ/8RJFEL+6JTUBLN0OR15QTISB7WZNNAHCV5BLBTBSBFY6U9SOASVZH1SNRMNWGG");
user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3317127&CUI=UN72476605960913133&UM=2&SearchSource=13");
Emptied folder: C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\0zyzye2a.default\minidumps [54 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
I can't locate the adware log??
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/08/2013 at 13:30:34.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL quick scan...
OTL logfile created on: 11/8/2013 1:31:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.23 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 60.96% Memory free
4.31 Gb Paging File | 3.50 Gb Available in Paging File | 81.13% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 764.67 Gb Free Space | 82.09% Space Free | Partition Type: NTFS
Computer Name: OWNER-5F64AFAA0 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/11/07 22:30:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/08/20 15:52:16 | 000,040,512 | ---- | M] (White Sky, Inc.) -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2013/07/11 20:28:45 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/12/23 00:47:28 | 030,705,792 | ---- | M] (Gemalto N.V.) -- C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe
PRC - [2012/11/20 15:30:38 | 001,653,760 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2012/09/02 12:15:12 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/04/08 15:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
PRC - [2010/04/08 15:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2010/04/08 15:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009/08/28 15:33:28 | 000,116,032 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe
PRC - [2009/02/10 02:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe
PRC - [2003/05/15 00:19:50 | 000,217,193 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/08 19:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 19:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/08 19:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 19:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
MOD - [2012/06/14 12:44:17 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll
MOD - [2012/06/14 12:44:11 | 017,919,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\250b525aa8c17327216e102569c0d766\System.ServiceModel.ni.dll
MOD - [2012/06/14 12:43:46 | 001,159,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll
MOD - [2012/06/14 12:43:41 | 001,065,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9eac876f58a3ebca8878b8654efdc817\System.IdentityModel.ni.dll
MOD - [2012/06/14 12:41:48 | 001,011,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\f3989d3e9cb8904e4edf23ede5adb6c1\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/06/14 12:41:46 | 000,142,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\4d2a51c03b27e615ff9f1c430f2014ba\SMDiagnostics.ni.dll
MOD - [2012/06/14 12:41:45 | 002,625,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\e9f8a45b1063d6c6a62718c88a5623d1\System.Runtime.Serialization.ni.dll
MOD - [2012/06/14 12:41:41 | 001,776,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2012/06/14 12:17:53 | 017,629,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7f91eecda3ff7ce478146b6458580c98\PresentationFramework.ni.dll
MOD - [2012/06/14 12:17:32 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2012/06/14 12:17:18 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/06/14 12:17:07 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/06/14 12:17:04 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/06/14 12:16:58 | 000,973,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
MOD - [2012/06/14 12:16:54 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/06/14 12:16:44 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2012/02/14 18:37:52 | 011,796,096 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\SanDisk\My Vaults\dmBackup.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/02/10 02:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2008/04/14 07:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Services (SafeList) ==========
SRV - [2013/10/08 22:27:56 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/20 15:52:16 | 000,040,512 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2013/07/10 20:36:51 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/03 15:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/09/02 12:15:12 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/11/12 11:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/09/27 14:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/04/08 15:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2010/04/08 15:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2010/04/08 15:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/28 15:33:28 | 000,116,032 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe -- (DLPWD)
SRV - [2009/02/10 02:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2006/12/07 16:52:14 | 000,140,184 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe -- (DLSDB)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Owner\LOCALS~1\Temp\jbridgep.sys -- (jbridgep)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\AVGIDSShim.Sys -- (AVGIDSShim)
DRV - [2013/09/17 16:59:51 | 000,080,104 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2013/07/24 10:25:24 | 000,024,520 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KeyCrypt32.sys -- (keycrypt)
DRV - [2012/10/30 18:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2011/09/02 01:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 01:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 01:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 01:31:10 | 000,042,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2011/09/02 01:31:10 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2011/09/02 01:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2011/08/05 11:27:40 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2009/12/18 12:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/03/12 14:53:46 | 001,550,613 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2001/04/09 13:11:00 | 000,024,424 | ---- | M] (ADMtek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NET8511.SYS -- (ADM8511)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {AFAA0202-BB69-461E-8C6B-3DA780223E12}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C 7B 3E 4E 4B D8 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B156CE15-8648-4CE0-8E98-2A424CE71429}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/07/11 20:30:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/11 20:30:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/08 22:26:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/30 11:41:32 | 000,000,000 | ---D | M]
[2013/10/30 10:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/11/06 18:24:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions
[2012/12/01 00:29:42 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/09/28 22:47:17 | 000,000,000 | ---D | M] (foof) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\[email protected]
[2013/07/15 14:37:37 | 000,000,000 | ---D | M] (XFINITY Constant Guard Protection Suite) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\idvaultaddin@whitesky
[2013/01/04 13:39:39 | 000,013,345 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\0zyzye2a.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013/10/30 10:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/07/10 20:35:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/10 20:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/10 20:35:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/07/10 20:36:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/06/27 16:36:55 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013/07/11 20:29:00 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://mail.google....0/?shva=1#inbox
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: npAPI Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\npTNT2.dll
CHR - plugin: npAPI Ghost Plugin (Enabled) = C:\Documents and Settings\Owner\Local Settings\Application Data\TNT2\2.0.0.1378\npTNT2ghost.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Docs = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: JavaScript Popup Blocker = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol\1.2.4_0\
CHR - Extension: RealDownloader = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/10/30 11:05:41 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [E2A6CA641BD771C06D3776C293639FEB79099F12._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [SanDiskSecureAccess_Manager.exe] C:\Documents and Settings\Owner\Application Data\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1279485110015 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.1.66.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43252356-6AC6-4445-909D-D73C3DC47A47}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/18 14:24:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/11/08 13:23:41 | 001,034,531 | ---- | C] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT_NEW.exe
[2013/11/07 22:32:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/07 22:30:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/11/02 23:19:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/11/02 22:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2013/11/02 22:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/11/02 22:28:24 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.75.0.1300.exe
[2013/10/30 11:40:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/30 11:40:15 | 001,033,335 | ---- | C] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2013/10/30 11:11:46 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/11/08 13:27:06 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/08 13:14:20 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2013/11/08 13:14:19 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2013/11/08 13:14:19 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2013/11/08 13:14:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/08 13:14:05 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/08 13:14:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/08 12:46:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/07 22:30:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/11/07 22:27:31 | 000,293,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/11/06 18:22:15 | 000,891,184 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2013/11/06 18:20:32 | 000,475,966 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/06 18:20:32 | 000,076,622 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/11/05 17:36:18 | 001,034,531 | ---- | M] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT_NEW.exe
[2013/11/05 12:13:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/11/02 22:28:33 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.75.0.1300.exe
[2013/11/01 21:53:02 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-412668190-1417001333-1003.job
[2013/11/01 08:41:07 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2013/10/30 11:40:20 | 001,033,335 | ---- | M] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2013/10/30 11:11:25 | 001,060,070 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2013/10/30 11:05:41 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/10/29 11:51:42 | 001,893,983 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Nickelodeon character templates.pdf
[2013/10/29 11:47:46 | 000,097,287 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Diego template.pdf
[2013/10/28 19:47:35 | 000,019,025 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Dora stensil.pdf
[2013/10/28 19:37:51 | 000,115,295 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Pirate ship stensil.pdf
[2013/10/25 09:51:34 | 000,084,980 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bat costume.jpg
[2013/10/23 12:11:10 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\f9t.dat
[2013/10/19 06:38:39 | 000,218,616 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\WTH MMFCU.pdf
[2013/10/15 23:58:50 | 000,768,360 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\10-building-blocks-for-biz-success.pdf
[2013/10/15 11:51:30 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/11/06 18:22:07 | 000,891,184 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SecurityCheck.exe
[2013/11/01 08:41:07 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2013/10/30 11:11:22 | 001,060,070 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
[2013/10/29 11:51:42 | 001,893,983 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Nickelodeon character templates.pdf
[2013/10/29 11:47:37 | 000,097,287 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Diego template.pdf
[2013/10/28 19:47:34 | 000,019,025 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Dora stensil.pdf
[2013/10/28 19:37:35 | 000,115,295 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Pirate ship stensil.pdf
[2013/10/25 09:51:34 | 000,084,980 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bat costume.jpg
[2013/10/19 06:38:29 | 000,218,616 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\WTH MMFCU.pdf
[2013/10/15 23:58:49 | 000,768,360 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\10-building-blocks-for-biz-success.pdf
[2013/06/27 21:18:38 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys.sum
[2013/06/26 22:58:15 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSnx.sys.sum
[2013/06/26 22:58:14 | 000,000,175 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswSP.sys.sum
[2013/03/30 08:36:15 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2012/12/23 00:59:02 | 000,501,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/23 00:46:33 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\.backup.dm
[2012/06/29 12:52:18 | 001,767,766 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1482476501-412668190-1417001333-1003-0.dat
[2012/06/29 12:52:09 | 000,328,622 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/01/18 16:49:20 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/21 10:31:00 | 767,354,880 | ---- | C] () -- C:\Program Files\SW_DVD5_Office_Professional_Plus_2010_W32_English_MLF_X16-52536.ISO
========== ZeroAccess Check ==========
[2012/12/23 00:54:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/04/16 11:09:07 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/10/08 22:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/07/28 23:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2010/08/18 11:14:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/01/08 14:08:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013/09/30 19:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJ
[2010/07/27 09:38:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2013/10/16 08:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/07/27 10:46:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/07/27 10:42:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2013/01/12 05:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Casual Arts
[2012/12/23 00:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2010/09/28 20:03:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/06/08 14:18:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2011/11/04 15:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2010/09/28 19:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/01/20 16:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/11/18 15:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2013/06/08 14:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\White Sky, Inc
[2012/11/26 13:03:34 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/03/30 08:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{F7367F58-5836-4168-962C-6EE09FA340B5}
[2010/09/28 21:09:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/08/22 05:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG9
[2012/12/22 01:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Brabl
[2012/11/03 12:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon
[2010/07/27 09:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canon Easy-WebPrint EX
[2013/01/12 05:29:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Casual Arts
[2011/06/14 15:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Catalina Marketing Corp
[2012/12/07 23:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.Rhapsody.RhapsodyCloudSync
[2012/11/14 15:27:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DivoGames
[2012/06/14 14:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Garmin
[2013/11/08 11:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ID Vault
[2012/02/11 20:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/08/18 11:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2013/07/07 00:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PandoraRecovery
[2013/11/02 23:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk
[2012/12/23 00:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SanDisk SecureAccess
[2013/07/31 10:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stamps.com Internet Postage
[2012/09/20 14:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ThreeDays2
[2011/06/27 12:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Tific
[2012/11/18 15:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2012/12/23 08:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WeatherBug
========== Purity Check ==========
< End of report >
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
