Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

It's a PUP, CONDUIT, Search & Protect issue on top of ICEMAGGE

Started by anon0mouse , Dec 06 2013 11:14 AM

  • This topic is locked This topic is locked

#1
anon0mouse
Posted 06 December 2013 - 11:14 AM

anon0mouse

    Member

  • Member
  • PipPip
  • 46 posts
Trying to survive Icemaggedon 2013 down here in TX and I clicked on something last night,and knew it was not a good thing.

1)I was having trouble with Windows media player playing some new (safely acquired and paid for) music files. The files wouldn't play so I was instructed to download something like this: http://download.cnet...67.html?hlndr=1

2)I did. I know. Bad move

3)Upon opening this file, it downloaded a connect search tool bar,among other things. My Zone alarm was going crazy. It made my audio output sound now like an alien spaceship took over.

4)I ran Malwarebytes and it came up with 137+ known issues. PUP, CONDUIT and SEARCH and PROTECT Found on scan.
Removed them but problems still persist.Attached log.Attached File  mbam-log-2013-12-06 (08-27-45).txt   36.64KB   144 downloads

And there's that alien sound still present.

Any help would be appreciated. Thank you for your input. Stay warm.






OTL logfile created on: 12/6/2013 10:26:00 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cheryl\Desktop\ICEMAGGEDON VIRUS DAY 2013
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 40.96% Memory free
7.74 Gb Paging File | 5.06 Gb Available in Paging File | 65.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.45 Gb Total Space | 212.46 Gb Free Space | 74.43% Space Free | Partition Type: NTFS

Computer Name: ANNA-PC | User Name: Cheryl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/06 10:25:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cheryl\Desktop\ICEMAGGEDON VIRUS DAY 2013\OTL.exe
PRC - [2013/12/05 23:32:14 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/12/03 20:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/23 00:17:34 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/09/15 13:34:06 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/09/14 02:38:54 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/09/14 02:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/07/23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/27 13:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/03/27 12:31:18 | 000,073,832 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [1623/03/26 06:11:20 | 000,375,072 | ---- | M] (Conduit Ltd.) -- C:\Users\Cheryl\AppData\Local\NativeMessaging\CT3306061\1_0_0_4\TBMessagingHost.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/03 20:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 20:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 20:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 20:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 20:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 20:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/09/14 00:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 00:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2012/05/25 03:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/24 07:27:00 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/11/22 08:35:22 | 000,828,072 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 23:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/10/08 19:48:25 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/27 13:02:42 | 002,447,888 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/08/04 19:59:26 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/05 00:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/20 00:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 00:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 00:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 00:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 00:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/03/21 02:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/13 10:49:42 | 000,450,136 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2012/11/22 08:35:36 | 000,033,712 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/08 12:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/27 16:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/08/16 12:13:00 | 000,733,824 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 10:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/06 13:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 09:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNJ
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {2C9E41A3-F6B5-4E5B-A798-FFBABB5A6861}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNJ
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...mrud=14-10-2011

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {2C9E41A3-F6B5-4E5B-A798-FFBABB5A6861}
IE - HKCU\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...1I7TSNJ_enUS453
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{2C9E41A3-F6B5-4E5B-A798-FFBABB5A6861}: "URL" = http://search.condui...9399232691&UM=2
IE - HKCU\..\SearchScopes\{3D3268DF-7890-49ED-A57D-A29117729271}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{E740EDE2-A47B-4DB9-B849-93CFF22631AA}: "URL" = http://search.zoneal...Id=&ver=&&r=276
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3306061.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "Connect DLC 5 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Connect DLC 5 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Connect DLC 5 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...17136EE0&SSPV="
FF - prefs.js..keyword.URL: "http://search.condui...278727&UM=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013/04/23 22:03:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013/04/23 22:03:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/02 13:05:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/12 21:32:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FIREFOX\EXTENSIONS\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Users\Cheryl\AppData\Local\GreatArcadeHits\gahff.xpi

[2013/04/23 22:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheryl\AppData\Roaming\mozilla\Extensions
[2013/12/05 23:21:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions
[2013/12/05 23:21:56 | 000,000,000 | ---D | M] (Connect DLC 5) -- C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
[2013/12/05 23:26:40 | 000,001,003 | ---- | M] () -- C:\Users\Cheryl\AppData\Roaming\mozilla\firefox\profiles\jq2tr9b6.default\searchplugins\conduit.xml
[2012/06/23 20:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/13 21:25:41 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2012/08/04 19:59:27 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 16:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/28 18:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/06/14 16:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.npr.org/
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - Extension: Google Drive = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: AdBlock = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Pinterest = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\
CHR - Extension: Connect DLC 5 = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.5.510_0\
CHR - Extension: Connect DLC 5 = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.5.510_0\nativeMessaging\nmHost
CHR - Extension: Google Wallet = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0\
CHR - Extension: Gmail = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
CHR - Extension: Google Drive = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: AdBlock = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Pinterest = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\
CHR - Extension: Connect DLC 5 = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.5.510_0\
CHR - Extension: Connect DLC 5 = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.5.510_0\nativeMessaging\nmHost
CHR - Extension: Google Wallet = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0\
CHR - Extension: Gmail = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\Cheryl\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 1c366f26e1ff47d385d8d16f2a203bbb-346b299148d44860c5159de3eb809358438aa83d --CMPID 0913a File not found
O4 - HKCU..\Run: [ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil] "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Cheryl\AppData\Local\Temp\CT3306061\plugins\TBVerifier.dll",RunConduitFloatingPlugin lipgolpfajiadodbcbljdpmbmbdmfcil File not found
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [ROC_ROC_APR2013_AV] C:\Users\Cheryl\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 1c366f26e1ff47d385d8d16f2a203bbb-346b299148d44860c5159de3eb809358438aa83d --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 File not found
O4 - HKCU..\Run: [TBHostSupport] C:\Users\Cheryl\AppData\Local\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)
O4 - Startup: C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\DEL_MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59EBFE04-5FB8-42BD-A09D-7B94A1DA698F}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{80b526c5-e6aa-11e2-ab51-00266cc4d248}\Shell - "" = AutoRun
O33 - MountPoints2\{80b526c5-e6aa-11e2-ab51-00266cc4d248}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{fac44336-99fe-11e0-a834-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fac44336-99fe-11e0-a834-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AUTOPLAY.EXE id=10000015000011000011 ver=1.0.0.0
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/06 10:24:13 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\Desktop\ICEMAGGEDON VIRUS DAY 2013
[2013/12/06 10:21:47 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\TBHostSupport
[2013/12/06 01:22:04 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\ElevatedDiagnostics
[2013/12/05 23:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/12/05 23:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/12/05 23:22:52 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\NativeMessaging
[2013/12/05 23:22:48 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\Conduit
[2013/12/05 23:22:43 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\CRE
[2013/12/05 23:22:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/12/05 23:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/12/05 23:21:57 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Roaming\SearchProtect
[3 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/06 10:26:27 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/06 10:26:27 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/06 10:18:21 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cea80b50f9a4c7.job
[2013/12/06 10:18:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/06 10:18:08 | 3117,391,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/06 09:47:10 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/06 09:38:47 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA1cea80b546edb4d.job
[2013/12/06 07:38:00 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4025698951-3597766224-2063219151-1001UA.job
[2013/12/06 02:04:50 | 000,001,132 | ---- | M] () -- C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/12/06 01:46:02 | 000,090,289 | ---- | M] () -- C:\Users\Cheryl\Documents\Untitled.wma
[2013/12/05 23:30:16 | 000,000,009 | ---- | M] () -- C:\END
[2013/12/05 22:57:53 | 007,518,428 | ---- | M] () -- C:\Users\Cheryl\Desktop\Hozier - Take Me To Church E.P. - 03 Angel Of Small Death & The Codeine Scene - Copy.mp3
[2013/12/05 18:09:16 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4025698951-3597766224-2063219151-1001Core.job
[2013/11/24 07:27:12 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/24 07:27:04 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/19 23:08:50 | 000,686,456 | ---- | M] () -- C:\Users\Cheryl\Desktop\photo.JPG
[2013/11/16 20:20:43 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/11/16 20:20:43 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/16 20:20:43 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/07 15:05:00 | 000,139,574 | ---- | M] () -- C:\Users\Cheryl\Desktop\IMG_1710 (2).jpg
[2013/11/07 09:45:46 | 000,059,779 | ---- | M] () -- C:\Users\Cheryl\Desktop\cloisters.jpg
[3 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/06 01:46:02 | 000,090,289 | ---- | C] () -- C:\Users\Cheryl\Documents\Untitled.wma
[2013/12/05 23:36:01 | 000,001,132 | ---- | C] () -- C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/12/05 23:21:17 | 000,000,009 | ---- | C] () -- C:\END
[2013/12/05 23:14:11 | 007,518,428 | ---- | C] () -- C:\Users\Cheryl\Desktop\Hozier - Take Me To Church E.P. - 03 Angel Of Small Death & The Codeine Scene - Copy.mp3
[2013/11/24 07:27:12 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/24 07:27:04 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/19 23:08:49 | 000,686,456 | ---- | C] () -- C:\Users\Cheryl\Desktop\photo.JPG
[2013/11/07 15:02:50 | 000,139,574 | ---- | C] () -- C:\Users\Cheryl\Desktop\IMG_1710 (2).jpg
[2013/11/07 09:45:40 | 000,059,779 | ---- | C] () -- C:\Users\Cheryl\Desktop\cloisters.jpg
[2013/04/28 20:22:18 | 000,000,012 | ---- | C] () -- C:\windows\Brownie.ini
[2012/11/30 23:25:54 | 000,127,599 | ---- | C] () -- C:\Users\Cheryl\photo 2.JPG
[2012/11/30 23:25:54 | 000,094,395 | ---- | C] () -- C:\Users\Cheryl\photo 1.JPG
[2012/11/30 23:25:54 | 000,088,159 | ---- | C] () -- C:\Users\Cheryl\photo 3.JPG
[2012/08/15 15:40:39 | 000,000,011 | ---- | C] () -- C:\windows\BRVIDEO.INI
[2012/08/15 15:40:39 | 000,000,000 | ---- | C] () -- C:\windows\brmx2001.ini
[2012/08/15 15:40:01 | 000,000,426 | ---- | C] () -- C:\windows\BRWMARK.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/20 22:11:35 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\Ad-Aware Antivirus
[2013/04/28 03:40:37 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\AVG2013
[2012/10/29 20:43:04 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\Book Place
[2013/04/23 21:59:45 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\Check Point Software Technologies LTD
[2013/04/23 22:03:25 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\CheckPoint
[2013/09/25 21:05:04 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\InWorldz
[2013/08/18 15:30:41 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\OpenOffice
[2013/12/06 10:14:24 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\SearchProtect
[2013/09/01 17:05:44 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\SecondLife
[2013/11/03 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\Spotify
[2012/11/17 20:40:44 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\Toshiba
[2013/04/28 03:38:59 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\TuneUp Software
[2013/08/17 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Machiavelli
Posted 06 December 2013 - 11:25 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Welcome to GeeksToGo, anon0mouse

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)
  • 0

#3
anon0mouse
Posted 06 December 2013 - 11:35 AM

anon0mouse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Ok then. Just curious, where are the instructions to start this process?
  • 0

#4
Machiavelli
Posted 06 December 2013 - 11:40 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

This means my post/fixes need approval. Please wait some hours / minutes. :) Normally I'm more than one times online a day - so don't worry. ;)
  • 0

#5
anon0mouse
Posted 06 December 2013 - 01:39 PM

anon0mouse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Ok. TY.
  • 0

#6
anon0mouse
Posted 06 December 2013 - 03:21 PM

anon0mouse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Can I request another moderator to please step in here and assist?
  • 0

#7
Machiavelli
Posted 06 December 2013 - 03:21 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Why?

Edited by Machiavelli, 06 December 2013 - 03:35 PM.

  • 0

#8
anon0mouse
Posted 06 December 2013 - 03:33 PM

anon0mouse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
And I just now read your edit. Mea Culpa. It was definitely not my intent to offend.
Let's continue? And just if you could give me some feedback on some idea of time frame?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Because on the other times I have communicated on this forum, my first feedback from Forum techs have at least gotten me started.
I appreciate your being a no doubt very brilliant geek forum tech guide,(and much smarter than I) I truly do, but is there not some way to get this process going or an ETA on when directives might be forthcoming?

Unfortunately, I am getting no work done and while I understand I am not the centre of the universe and many have technical problems on this site,
gosh, it would be nice to have taken some baby steps in the direction of starting a fix.

I mean absolutely no offense at all, so please understand that. Thanks.

Edited by anon0mouse, 06 December 2013 - 03:38 PM.

  • 0

#9
Essexboy
Posted 06 December 2013 - 03:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
For your safety whilst the student is training all fixes must be confirmed by an instructor prior to him being able to post. You are getting two pairs of eyes now looking at your log :)
  • 0

#10
Machiavelli
Posted 06 December 2013 - 03:39 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
If you still ike my help, here is the fix:

Multiple Anti-Virus Software

I notice that you have multiple anti virus programs installed on your system. If more than one program is running real time protection, then there is a very high chance of conflicts being created. This could cause the programs to 'fight' against eachother and they may render the other useless, hence reducing your protection. It is very important to ensure that you are only running one anti virus program at the same time.

Please remove ZoneAlarm before we continue. If you are unsure about how to do this, a list of removal tools can be found here:

http://kb.eset.com/e...tent&id=SOLN146

Resetting Google Extensions

  • Run Google Chrome
  • Please type the command below into the Adress Box

chrome:extensions


  • A new Tab will open in Google Chrome
  • You will see an entry which is probably called Connect DLC 5
  • Next to this entry you will see a can icon - please click on that to remove the extension from your Browser
  • A confirmation dialog appears, click Remove.

Disabling Chrome Plugins

  • We need to disable some Chrome Plugins
  • Start Chrome and type this into the address bar:

chrome:plugins


  • A new tab will open with a list of your installed plugins - Please disable the plugin(s) below by clicking the word Disable.

    • Best Buy pc app Detector
  • We're done with that step! Well done!

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CreateRestorePoint]

:OTL
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...mrud=14-10-2011
IE - HKLM\..\SearchScopes,DefaultScope = {2C9E41A3-F6B5-4E5B-A798-FFBABB5A6861}
IE - HKCU\..\SearchScopes,DefaultScope = {2C9E41A3-F6B5-4E5B-A798-FFBABB5A6861}
IE - HKCU\..\SearchScopes\{2C9E41A3-F6B5-4E5B-A798-FFBABB5A6861}: "URL" = http://search.condui...9399232691&UM=2
IE - HKCU\..\SearchScopes\{E740EDE2-A47B-4DB9-B849-93CFF22631AA}: "URL" = http://search.zoneal...Id=&ver=&&r=276
FF - prefs.js..CT3306061.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "Connect DLC 5 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Connect DLC 5 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN71575211234278727&UM=2&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Connect DLC 5 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource=61&CUI=UN71575211234278727&UM=2&UP=SP3E1A2582-5D92-4DF5-B1A9-CCD417136EE0&SSPV="
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN71575211234278727&UM=2&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013/04/23 22:03:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013/04/23 22:03:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FIREFOX\EXTENSIONS\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}: C:\Users\Cheryl\AppData\Local\GreatArcadeHits\gahff.xpi
[2013/12/05 23:21:56 | 000,000,000 | ---D | M] (Connect DLC 5) -- C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
[2013/12/05 23:26:40 | 000,001,003 | ---- | M] () -- C:\Users\Cheryl\AppData\Roaming\mozilla\firefox\profiles\jq2tr9b6.default\searchplugins\conduit.xml
O4:64bit: - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\Cheryl\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 1c366f26e1ff47d385d8d16f2a203bbb-346b299148d44860c5159de3eb809358438aa83d --CMPID 0913a File not found
O4 - HKCU..\Run: [ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil] "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Cheryl\AppData\Local\Temp\CT3306061\plugins\TBVerifier.dll",RunConduitFloatingPlugin lipgolpfajiadodbcbljdpmbmbdmfcil File not found
O4 - HKCU..\Run: [ROC_ROC_APR2013_AV] C:\Users\Cheryl\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 1c366f26e1ff47d385d8d16f2a203bbb-346b299148d44860c5159de3eb809358438aa83d --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013 File not found
O4 - HKCU..\Run: [TBHostSupport] C:\Users\Cheryl\AppData\Local\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)
O4 - Startup: C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\DEL_MyPC Backup.exe (MyPCBackup.com)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O33 - MountPoints2\{80b526c5-e6aa-11e2-ab51-00266cc4d248}\Shell - "" = AutoRun
O33 - MountPoints2\{80b526c5-e6aa-11e2-ab51-00266cc4d248}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{fac44336-99fe-11e0-a834-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fac44336-99fe-11e0-a834-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AUTOPLAY.EXE id=10000015000011000011 ver=1.0.0.0
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
[2013/12/06 10:21:47 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\TBHostSupport
[2013/12/05 23:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/12/05 23:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Conduit
[2013/12/05 23:22:52 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\NativeMessaging
[2013/12/05 23:22:48 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\Conduit
[2013/12/05 23:22:43 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\CRE
[2013/12/05 23:22:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/12/05 23:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/12/05 23:21:57 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Roaming\SearchProtect
[2013/12/06 02:04:50 | 000,001,132 | ---- | M] () -- C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/12/05 23:30:16 | 000,000,009 | ---- | M] () -- C:\END


:Files
C:\ProgramData\Best Buy pc app
C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.5.510_0
C:\Users\Cheryl\AppData\Local\GreatArcadeHits
C:\Users\Cheryl\AppData\Roaming\AVG April 2013 Campaign

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.
  • Your computer will reboot - after that reboot a log will open. Please post the content of that file into your next answer.

AdwCleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1


  • Right-click on AdwCleaner.exe and select Run as administrator.
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

JRT Run

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

OTL Scan

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      qmgr.dll
      winsock.*
      /md5stop
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT

  • Open Posted Image on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      Posted Image

    • Click the box beside Scan All Users at the top of the console
    • IF you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
    • Make sure the Output box at the top is set to Standard Output.
    • Check the boxes beside LOP Checkand Purity Check.
    • Under Extra Registry please check Use Safe List.
    • Place the mouse pointer inside the Posted Image box, right click and click Paste. This will put the above script inside OTL
    • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
    • Let the scan run uninterrupted.
    • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files is also saved in the same location as OTL (it should be on your desktop).
    • Please copy the contents of these files and paste it into your reply. To do that:
    • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
[/list]Repeat for the Extras.txt file.

Question

How is the PC running? Any issues?
  • 0

Advertisements

#11
anon0mouse
Posted 06 December 2013 - 03:45 PM

anon0mouse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Machiavelli,
Moving forward as per your able and intelligent directive.
Will do as you suggest.
Grazie.
  • 0

#12
anon0mouse
Posted 06 December 2013 - 05:43 PM

anon0mouse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Machiavelli,

Here is everything you have requested, done as instructed.

Great tutorial, clear and concise. The laptop is running more smoothly and the Connect toolbar is gone.
I thank you again.

Please let me know if I have left anything off.




All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{03402f96-3dc7-4285-bc50-9e81fefafe43} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03402f96-3dc7-4285-bc50-9e81fefafe43}\ deleted successfully.
C:\Program Files (x86)\AIM Toolbar\aimtb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C9E41A3-F6B5-4E5B-A798-FFBABB5A6861}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C9E41A3-F6B5-4E5B-A798-FFBABB5A6861}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E740EDE2-A47B-4DB9-B849-93CFF22631AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E740EDE2-A47B-4DB9-B849-93CFF22631AA}\ not found.
Prefs.js: "true" removed from CT3306061.browser.search.defaultthis.engineName
Prefs.js: "Connect DLC 5 Customized Web Search" removed from browser.search.defaultenginename
Prefs.js: "Connect DLC 5 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Connect DLC 5 Customized Web Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.condui...17136EE0&SSPV=" removed from browser.startup.homepage
Prefs.js: "http://search.condui...278727&UM=2&q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0\ deleted successfully.
C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0\ deleted successfully.
File C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}\ not found.
File C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker not found.
Registry value HKEY_CURRENT_USER\software\mozilla\FIREFOX\EXTENSIONS\\{B21F5E31-B8E8-41CD-B74C-168A71A10E49} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B21F5E31-B8E8-41CD-B74C-168A71A10E49}\ not found.
File C:\Users\Cheryl\AppData\Local\GreatArcadeHits\gahff.xpi not found.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Plugins folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\modules folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\META-INF folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\lib folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\defaults\preferences folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\defaults folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\components\mam folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\components folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\mam\content folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\mam folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\sl folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\lib\jquery.jscrollpane folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\lib\jquery.alerts\images folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\lib\jquery.alerts folder moved successfully.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\lib scheduled to be moved on reboot.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\core folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\SEARCH\view\script folder moved successfully.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\SEARCH\view scheduled to be moved on reboot.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\SEARCH scheduled to be moved on reboot.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\RADIO_PLAYER scheduled to be moved on reboot.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\PRICE_GONG scheduled to be moved on reboot.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\NOTIFICATION scheduled to be moved on reboot.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\MULTI_RSS scheduled to be moved on reboot.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa scheduled to be moved on reboot.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ui\menu folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ui\gf\js folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ui\gf folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ui\dlg\ftd folder moved successfully.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ui\dlg scheduled to be moved on reboot.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ui scheduled to be moved on reboot.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\sp\spsd\images folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\sp\spsd folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\sp\spbd\images folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\sp\spbd folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\sp\js folder moved successfully.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\sp scheduled to be moved on reboot.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\options\js\resources folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\options\js folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\options\images folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\options\css folder moved successfully.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\options scheduled to be moved on reboot.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\msd folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\api folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ac\res folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ac\img folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ac\css folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ac folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\aboutBox folder moved successfully.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al scheduled to be moved on reboot.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb scheduled to be moved on reboot.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\logic\uninstall\dialog\js folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\logic\uninstall\dialog\images folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\logic\uninstall\dialog\css folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\logic\uninstall\dialog folder moved successfully.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\logic\uninstall scheduled to be moved on reboot.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\logic scheduled to be moved on reboot.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content scheduled to be moved on reboot.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061 scheduled to be moved on reboot.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} scheduled to be moved on reboot.
C:\Users\Cheryl\AppData\Roaming\mozilla\firefox\profiles\jq2tr9b6.default\searchplugins\conduit.xml moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_0913a deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_APR2013_AV deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TBHostSupport deleted successfully.
C:\Users\Cheryl\AppData\Local\TBHostSupport\TBHostSupport.dll moved successfully.
C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk moved successfully.
C:\Program Files (x86)\MyPC Backup\DEL_MyPC Backup.exe moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80b526c5-e6aa-11e2-ab51-00266cc4d248}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80b526c5-e6aa-11e2-ab51-00266cc4d248}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80b526c5-e6aa-11e2-ab51-00266cc4d248}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80b526c5-e6aa-11e2-ab51-00266cc4d248}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fac44336-99fe-11e0-a834-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fac44336-99fe-11e0-a834-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fac44336-99fe-11e0-a834-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fac44336-99fe-11e0-a834-806e6f6e6963}\ not found.
File D:\AUTOPLAY.EXE id=10000015000011000011 ver=1.0.0.0 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LaunchU3.exe -a not found.
C:\Users\Cheryl\AppData\Local\TBHostSupport folder moved successfully.
C:\Program Files (x86)\MyPC Backup\x64 folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Database folder moved successfully.
C:\Program Files (x86)\MyPC Backup folder moved successfully.
C:\ProgramData\Conduit\Multi\CT3306061 folder moved successfully.
C:\ProgramData\Conduit\Multi folder moved successfully.
C:\ProgramData\Conduit folder moved successfully.
C:\Users\Cheryl\AppData\Local\NativeMessaging\CT3306061\1_0_0_4 folder moved successfully.
C:\Users\Cheryl\AppData\Local\NativeMessaging\CT3306061 folder moved successfully.
C:\Users\Cheryl\AppData\Local\NativeMessaging folder moved successfully.
Folder C:\Users\Cheryl\AppData\Local\Conduit\ not found.
C:\Users\Cheryl\AppData\Local\CRE folder moved successfully.
Folder C:\Program Files (x86)\Conduit\ not found.
C:\Program Files (x86)\SearchProtect\bin folder moved successfully.
C:\Program Files (x86)\SearchProtect folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\SearchProtect\bin folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\SearchProtect folder moved successfully.
File C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found.
C:\END moved successfully.
========== FILES ==========
C:\ProgramData\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Icons folder moved successfully.
C:\ProgramData\Best Buy pc app\3.2.0420.05\Resources\StaticResources\Fonts folder moved successfully.
C:\ProgramData\Best Buy pc app\3.2.0420.05\Resources\StaticResources folder moved successfully.
C:\ProgramData\Best Buy pc app\3.2.0420.05\Resources\Localization\en-US\RTFs folder moved successfully.
C:\ProgramData\Best Buy pc app\3.2.0420.05\Resources\Localization\en-US folder moved successfully.
C:\ProgramData\Best Buy pc app\3.2.0420.05\Resources\Localization folder moved successfully.
C:\ProgramData\Best Buy pc app\3.2.0420.05\Resources folder moved successfully.
C:\ProgramData\Best Buy pc app\3.2.0420.05 folder moved successfully.
C:\ProgramData\Best Buy pc app folder moved successfully.
File\Folder C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.5.510_0 not found.
File\Folder C:\Users\Cheryl\AppData\Local\GreatArcadeHits not found.
File\Folder C:\Users\Cheryl\AppData\Roaming\AVG April 2013 Campaign not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anna

User: Cheryl
->Temp folder emptied: 1358491 bytes
->Temporary Internet Files folder emptied: 225836879 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 164254719 bytes
->Flash cache emptied: 58340 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40358 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 47232 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 4182019091 bytes

Total Files Cleaned = 4,362.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12062013_161327

Files\Folders moved on Reboot...
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\lib folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\wa folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ui\dlg folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\ui folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\sp folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\options folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\logic\uninstall folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\logic folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061 folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome folder moved successfully.
C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} folder moved successfully.
C:\Users\Cheryl\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v3.014 - Report created 06/12/2013 at 16:46:56
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Cheryl - ANNA-PC
# Running from : C:\Users\Cheryl\Desktop\ICEMAGGEDON VIRUS DAY 2013\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Cheryl\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Cheryl\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
File Deleted : C:\Program Files (x86)\Mozilla Firefox\nsprotector.js
File Deleted : C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v14.0.1 (en-US)

[ File : C:\Users\Cheryl\AppData\Roaming\Mozilla\Firefox\Profiles\jq2tr9b6.default\prefs.js ]

Line Deleted : user_pref("CT3306061.FF19Solved", "true");
Line Deleted : user_pref("CT3306061.UserID", "UN71575211234278727");
Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "");
Line Deleted : user_pref("CT3306061.fullUserID", "UN71575211234278727.IN.20131205232153");
Line Deleted : user_pref("CT3306061.installDate", "05/12/2013 23:21:55");
Line Deleted : user_pref("CT3306061.installSessionId", "{DF150422-4A74-4D59-8EF5-2B4AC4F40B9E}");
Line Deleted : user_pref("CT3306061.installSp", "TRUE");
Line Deleted : user_pref("CT3306061.installUsage", "05/12/2013 23:26:27");
Line Deleted : user_pref("CT3306061.installUsageEarly", "05/12/2013 23:26:27");
Line Deleted : user_pref("CT3306061.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3306061.keyword", "true");
Line Deleted : user_pref("CT3306061.originalHomepage", "about:home");
Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3306061.originalSearchEngine", "");
Line Deleted : user_pref("CT3306061.originalSearchEngineName", "");
Line Deleted : user_pref("CT3306061.searchRevert", "true");
Line Deleted : user_pref("CT3306061.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3306061.searchUserMode", "2");
Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");
Line Deleted : user_pref("CT3306061.toolbarInstallDate", "05-12-2013 23:21:53");
Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.22.5.10");
Line Deleted : user_pref("CT3306061.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN71575211234278727&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3306061&octid=CT3306061&SearchSource[...]
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN71575211234278727&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.machineId", "LZ/GH8IVE3G0FGJ+H36C5QUUPWFA+9GFTYZJUJYD9CZ3VRIS4EKW9LQGWVCO+RXOW1C4HID1XPNJ/GIDTEMF4G");
Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN71575211234278727&UM=2&SearchSource=13");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [5434 octets] - [06/12/2013 16:44:07]
AdwCleaner[S0].txt - [5261 octets] - [06/12/2013 16:46:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5321 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Cheryl on Fri 12/06/2013 at 16:58:05.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Cheryl\appdata\local\best buy pc app"
Successfully deleted: [Empty Folder] C:\Users\Cheryl\appdata\local\{0B9E83B5-C694-40FB-8871-F044436C4891}
Successfully deleted: [Empty Folder] C:\Users\Cheryl\appdata\local\{35BA8F2F-2290-44D2-B395-4D5D6FE99270}
Successfully deleted: [Empty Folder] C:\Users\Cheryl\appdata\local\{4AB17C90-8B63-4D49-8E5D-4FDBE63AF255}
Successfully deleted: [Empty Folder] C:\Users\Cheryl\appdata\local\{4C9AA2E8-2566-4720-AB6F-EA474CD13B91}
Successfully deleted: [Empty Folder] C:\Users\Cheryl\appdata\local\{8A178AA5-66AD-4C89-8732-D63CB90BA44F}
Successfully deleted: [Empty Folder] C:\Users\Cheryl\appdata\local\{8A64F17D-D896-4093-A1D2-58D4958057AC}
Successfully deleted: [Empty Folder] C:\Users\Cheryl\appdata\local\{8E16A699-325B-4676-8138-7E9421FDC431}
Successfully deleted: [Empty Folder] C:\Users\Cheryl\appdata\local\{97501825-F69B-4E75-B0EB-D3E3D7B738BF}
Successfully deleted: [Empty Folder] C:\Users\Cheryl\appdata\local\{992E451C-D4B3-4E1C-AC65-7D3B1A915AAB}
Successfully deleted: [Empty Folder] C:\Users\Cheryl\appdata\local\{A52F38CF-F86C-4D62-A58E-C2C048DA76A0}
Successfully deleted: [Empty Folder] C:\Users\Cheryl\appdata\local\{AD36D228-58B3-490C-9299-FA544D9719DD}
Successfully deleted: [Empty Folder] C:\Users\Cheryl\appdata\local\{BDA0833C-69DE-4C42-82F1-8240B74903D1}
Successfully deleted: [Empty Folder] C:\Users\Cheryl\appdata\local\{CF726998-77B6-4712-908A-59AA58C4B6F9}
Successfully deleted: [Empty Folder] C:\Users\Cheryl\appdata\local\{DE8A1BC6-C98B-4CD6-A97B-93073328FE21}
Successfully deleted: [Empty Folder] C:\Users\Cheryl\appdata\local\{E98F77D1-5D94-4D31-B98A-9C4BEB3AF55D}



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/06/2013 at 17:07:29.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL logfile created on: 12/6/2013 5:13:59 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cheryl\Desktop\ICEMAGGEDON VIRUS DAY 2013
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 55.86% Memory free
7.74 Gb Paging File | 5.50 Gb Available in Paging File | 71.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.45 Gb Total Space | 215.77 Gb Free Space | 75.59% Space Free | Partition Type: NTFS

Computer Name: ANNA-PC | User Name: Cheryl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/06 10:25:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cheryl\Desktop\ICEMAGGEDON VIRUS DAY 2013\OTL.exe
PRC - [2013/12/05 23:32:14 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/12/03 20:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/23 00:17:34 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/09/15 13:34:06 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/09/14 02:38:54 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/09/14 02:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/07/23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/02/19 03:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/03 20:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 20:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 20:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 20:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 20:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 20:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/09/14 00:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 00:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2012/05/25 03:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/24 07:27:00 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 18:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/05 23:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 16:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2013/10/08 19:48:25 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/04 19:59:26 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/06 10:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/05 00:43:42 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/20 00:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/07/20 00:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/07/20 00:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/07/20 00:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/07/01 00:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/03/21 02:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/08 12:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/27 16:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/08/16 12:13:00 | 000,733,824 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/03/10 19:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/20 10:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/06 13:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 09:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNJ
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNJ
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4025698951-3597766224-2063219151-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-4025698951-3597766224-2063219151-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4025698951-3597766224-2063219151-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-4025698951-3597766224-2063219151-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4025698951-3597766224-2063219151-1004\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...1I7TSNJ_enUS453
IE - HKU\S-1-5-21-4025698951-3597766224-2063219151-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-4025698951-3597766224-2063219151-1004\..\SearchScopes\{3D3268DF-7890-49ED-A57D-A29117729271}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-4025698951-3597766224-2063219151-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/06/02 13:05:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/12 21:32:53 | 000,000,000 | ---D | M]

[2013/04/23 22:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheryl\AppData\Roaming\mozilla\Extensions
[2013/12/06 16:19:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions
[2012/06/23 20:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/13 21:25:41 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2012/08/04 19:59:27 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/14 16:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 16:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.npr.org/
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U40 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Best Buy pc app Detector (Disabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Java Deployment Toolkit 7.0.400.43 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: AdBlock = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Pinterest = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\
CHR - Extension: Google Wallet = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0\
CHR - Extension: Gmail = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
CHR - Extension: Google Drive = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: AdBlock = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Pinterest = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0\
CHR - Extension: Google Wallet = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Send from Gmail (by Google) = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0\
CHR - Extension: Gmail = C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll File not found
O3:64bit: - HKU\S-1-5-21-4025698951-3597766224-2063219151-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4025698951-3597766224-2063219151-1004\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-4025698951-3597766224-2063219151-1004..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-4025698951-3597766224-2063219151-1004..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-4025698951-3597766224-2063219151-1004..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59EBFE04-5FB8-42BD-A09D-7B94A1DA698F}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/12/06 16:58:02 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/12/06 16:43:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/06 10:24:13 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\Desktop\ICEMAGGEDON VIRUS DAY 2013
[2013/12/06 01:22:04 | 000,000,000 | ---D | C] -- C:\Users\Cheryl\AppData\Local\ElevatedDiagnostics
[2013/11/24 07:31:18 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEUDINIT.EXE
[2013/11/24 07:27:23 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/24 07:27:23 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/11/24 07:27:16 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/11/24 07:27:16 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/11/24 07:27:15 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/24 07:27:15 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/11/24 07:27:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/24 07:27:14 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/11/24 07:27:14 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/11/24 07:27:14 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/11/24 07:27:14 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/11/24 07:27:14 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/11/24 07:27:14 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/24 07:27:13 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/11/24 07:27:12 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/11/24 07:27:12 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/11/24 07:27:12 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/11/24 07:27:12 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/11/24 07:27:12 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/11/24 07:27:12 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/11/24 07:27:12 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/11/24 07:27:12 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/11/24 07:27:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/11/24 07:27:11 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/11/24 07:27:10 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/11/24 07:27:10 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/11/24 07:27:10 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/11/24 07:27:10 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/11/24 07:27:10 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/11/24 07:27:10 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/11/24 07:27:09 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/11/24 07:27:09 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/11/24 07:27:09 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/11/24 07:27:09 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/11/24 07:27:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/11/24 07:27:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/11/24 07:27:08 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/11/24 07:27:08 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/11/24 07:27:08 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/11/24 07:27:07 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/11/24 07:27:07 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/11/24 07:27:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/11/24 07:27:06 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/24 07:27:06 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/11/24 07:27:06 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/24 07:27:06 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/11/24 07:27:06 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/11/24 07:27:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/11/24 07:27:05 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/11/24 07:27:05 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/24 07:27:04 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/11/24 07:27:04 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/11/24 07:27:04 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/11/24 07:27:04 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/11/24 07:27:04 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/11/24 07:27:04 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/11/24 07:27:04 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/11/24 07:27:04 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/11/24 07:27:04 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/11/24 07:27:04 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/11/24 07:27:03 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/11/24 07:27:03 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/11/24 07:27:02 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/11/24 07:27:02 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/11/24 07:27:02 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/11/24 07:27:02 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/11/24 07:27:02 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/11/24 07:27:02 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/11/24 07:27:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/11/24 07:27:01 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/11/24 07:27:01 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/11/24 07:27:00 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/11/24 07:27:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/11/24 07:27:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/11/24 07:27:00 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/11/24 07:27:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/11/24 07:26:59 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/11/24 07:26:59 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/11/24 07:26:59 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/11/24 07:26:59 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/11/12 20:47:25 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/11/12 20:47:19 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2013/11/12 20:47:19 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2013/11/12 20:47:19 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\credui.dll
[2013/11/12 20:47:19 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/12 20:47:19 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/12 20:47:13 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2013/11/12 20:47:13 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/11/12 20:47:13 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2013/11/12 20:47:13 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2013/11/12 20:47:13 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\secur32.dll
[2013/11/12 20:47:11 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2013/11/12 20:47:10 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\nshwfp.dll
[2013/11/12 20:47:10 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\nshwfp.dll
[2013/11/12 20:47:10 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FWPUCLNT.DLL
[2013/11/12 20:47:10 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\FWPUCLNT.DLL
[3 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/06 16:58:02 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/06 16:58:02 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/06 16:49:47 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1cea80b50f9a4c7.job
[2013/12/06 16:49:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/06 16:49:21 | 3117,391,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/06 16:47:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/06 16:38:00 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4025698951-3597766224-2063219151-1001UA.job
[2013/12/06 16:38:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA1cea80b546edb4d.job
[2013/12/06 13:38:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-4025698951-3597766224-2063219151-1001Core.job
[2013/12/06 11:08:59 | 000,182,605 | ---- | M] () -- C:\Users\Cheryl\Desktop\120613 alien speakers.m4a
[2013/12/06 01:46:02 | 000,090,289 | ---- | M] () -- C:\Users\Cheryl\Documents\Untitled.wma
[2013/12/05 22:57:53 | 007,518,428 | ---- | M] () -- C:\Users\Cheryl\Desktop\Hozier - Take Me To Church E.P. - 03 Angel Of Small Death & The Codeine Scene - Copy.mp3
[2013/11/24 07:27:23 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/24 07:27:23 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/11/24 07:27:16 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jsIntl.dll
[2013/11/24 07:27:16 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/11/24 07:27:15 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/11/24 07:27:15 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/11/24 07:27:15 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/24 07:27:14 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/11/24 07:27:14 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/11/24 07:27:14 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/11/24 07:27:14 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/11/24 07:27:14 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/11/24 07:27:14 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/24 07:27:13 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/11/24 07:27:12 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/11/24 07:27:12 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/11/24 07:27:12 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/11/24 07:27:12 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/11/24 07:27:12 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/11/24 07:27:12 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/11/24 07:27:12 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/11/24 07:27:12 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/11/24 07:27:12 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/11/24 07:27:12 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/24 07:27:11 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/11/24 07:27:10 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/11/24 07:27:10 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/11/24 07:27:10 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/11/24 07:27:10 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/11/24 07:27:10 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2013/11/24 07:27:10 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2013/11/24 07:27:09 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2013/11/24 07:27:09 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/11/24 07:27:09 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/11/24 07:27:09 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/11/24 07:27:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/11/24 07:27:09 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/11/24 07:27:08 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jsIntl.dll
[2013/11/24 07:27:08 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/11/24 07:27:08 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/11/24 07:27:07 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/11/24 07:27:07 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/11/24 07:27:07 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/11/24 07:27:06 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/11/24 07:27:06 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2013/11/24 07:27:06 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/11/24 07:27:06 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/11/24 07:27:06 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/11/24 07:27:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/11/24 07:27:05 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/11/24 07:27:05 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/24 07:27:04 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/11/24 07:27:04 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/11/24 07:27:04 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/11/24 07:27:04 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/11/24 07:27:04 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/11/24 07:27:04 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/11/24 07:27:04 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/11/24 07:27:04 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/11/24 07:27:04 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/11/24 07:27:04 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/11/24 07:27:04 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/24 07:27:03 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/11/24 07:27:03 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/11/24 07:27:02 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/11/24 07:27:02 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/11/24 07:27:02 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/11/24 07:27:02 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/11/24 07:27:02 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/11/24 07:27:02 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/11/24 07:27:02 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/11/24 07:27:01 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/11/24 07:27:01 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/11/24 07:27:00 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2013/11/24 07:27:00 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/11/24 07:27:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2013/11/24 07:27:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/11/24 07:27:00 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2013/11/24 07:26:59 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/11/24 07:26:59 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/11/24 07:26:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2013/11/24 07:26:59 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/11/19 23:08:50 | 000,686,456 | ---- | M] () -- C:\Users\Cheryl\Desktop\photo.JPG
[2013/11/16 20:20:43 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/11/16 20:20:43 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/16 20:20:43 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/07 15:05:00 | 000,139,574 | ---- | M] () -- C:\Users\Cheryl\Desktop\IMG_1710 (2).jpg
[2013/11/07 09:45:46 | 000,059,779 | ---- | M] () -- C:\Users\Cheryl\Desktop\cloisters.jpg
[3 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/06 11:08:59 | 000,182,605 | ---- | C] () -- C:\Users\Cheryl\Desktop\120613 alien speakers.m4a
[2013/12/06 01:46:02 | 000,090,289 | ---- | C] () -- C:\Users\Cheryl\Documents\Untitled.wma
[2013/12/05 23:14:11 | 007,518,428 | ---- | C] () -- C:\Users\Cheryl\Desktop\Hozier - Take Me To Church E.P. - 03 Angel Of Small Death & The Codeine Scene - Copy.mp3
[2013/11/24 07:27:12 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/11/24 07:27:04 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/11/19 23:08:49 | 000,686,456 | ---- | C] () -- C:\Users\Cheryl\Desktop\photo.JPG
[2013/11/07 15:02:50 | 000,139,574 | ---- | C] () -- C:\Users\Cheryl\Desktop\IMG_1710 (2).jpg
[2013/11/07 09:45:40 | 000,059,779 | ---- | C] () -- C:\Users\Cheryl\Desktop\cloisters.jpg
[2013/04/28 20:22:18 | 000,000,012 | ---- | C] () -- C:\windows\Brownie.ini
[2012/11/30 23:25:54 | 000,127,599 | ---- | C] () -- C:\Users\Cheryl\photo 2.JPG
[2012/11/30 23:25:54 | 000,094,395 | ---- | C] () -- C:\Users\Cheryl\photo 1.JPG
[2012/11/30 23:25:54 | 000,088,159 | ---- | C] () -- C:\Users\Cheryl\photo 3.JPG
[2012/08/15 15:40:39 | 000,000,011 | ---- | C] () -- C:\windows\BRVIDEO.INI
[2012/08/15 15:40:39 | 000,000,000 | ---- | C] () -- C:\windows\brmx2001.ini
[2012/08/15 15:40:01 | 000,000,426 | ---- | C] () -- C:\windows\BRWMARK.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/20 22:11:35 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\Ad-Aware Antivirus
[2013/04/28 03:40:37 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\AVG2013
[2012/10/29 20:43:04 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\Book Place
[2013/12/06 16:46:58 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\CheckPoint
[2013/09/25 21:05:04 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\InWorldz
[2013/08/18 15:30:41 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\OpenOffice
[2013/09/01 17:05:44 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\SecondLife
[2013/11/03 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\Spotify
[2012/11/17 20:40:44 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\Toshiba
[2013/04/28 03:38:59 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\TuneUp Software
[2013/08/17 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Cheryl\AppData\Roaming\WinBatch
[2013/05/09 18:14:22 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/05/09 18:14:22 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/26 23:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 21:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/08 23:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/08 22:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 21:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 21:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 21:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 21:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 21:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/24 19:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 21:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 21:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 21:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 21:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 21:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 21:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 21:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 21:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 21:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 21:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 21:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 21:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 21:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 21:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 21:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 21:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 21:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\windows\SysNative\qmgr.dll
[2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.ASFX >
[2012/07/27 14:52:04 | 000,002,637 | ---- | M] () MD5=016DFC4F3F133AE19338EECD1924886A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
[2012/07/27 14:52:04 | 000,002,970 | ---- | M] () MD5=05A68D76420994EF8DF33184BFA98E04 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
[2012/07/27 14:51:54 | 000,002,555 | ---- | M] () MD5=272301585AC133486E70228DA27659AC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2012/07/27 14:51:50 | 000,002,562 | ---- | M] () MD5=27CE9BD3209B549BB776B8C877455A91 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
[2012/07/27 14:51:52 | 000,002,632 | ---- | M] () MD5=2998A4AE8D0EF5122CCB985CF7E9D9D3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
[2012/07/27 14:51:52 | 000,002,545 | ---- | M] () MD5=2EEC9DDBD0B4EE5F65532322C383938A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2012/07/27 14:51:56 | 000,002,629 | ---- | M] () MD5=3A0082D76426A87FB4937D426C491C10 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2012/07/27 14:51:58 | 000,002,590 | ---- | M] () MD5=448953BD0CF26CE03D9E7CC1A7B278BC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx
[2012/07/27 14:51:42 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2012/07/27 14:51:56 | 000,002,679 | ---- | M] () MD5=5DD2704563A6A79C466E44CD966B2655 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2012/07/27 14:51:40 | 000,002,711 | ---- | M] () MD5=6B0E7B068BD530B8FCEBC04CC8844AA9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
[2012/07/27 14:52:02 | 000,002,582 | ---- | M] () MD5=797FC263D59784AD1498560C34FA7DA1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2012/07/27 14:51:38 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2012/07/27 14:51:50 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
[2012/07/27 14:51:40 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
[2012/07/27 14:52:06 | 000,002,638 | ---- | M] () MD5=C2C37202B0E55877A64ADDBDE738284E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
[2012/07/27 14:51:56 | 000,002,589 | ---- | M] () MD5=C313AD3602D4965A1918E86B9F3E84CF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2012/07/27 14:52:06 | 000,002,609 | ---- | M] () MD5=C7FA88C21103C70826F274A0E865AEDF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
[2012/07/27 14:52:08 | 000,002,576 | ---- | M] () MD5=D27D52045EB6A2EE031F7D2EA0349BC3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
[2012/07/27 14:51:46 | 000,002,560 | ---- | M] () MD5=D5642B1BFE0A70231D14C11D3D3FD60D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
[2012/07/27 14:52:00 | 000,002,588 | ---- | M] () MD5=DB216743CDE75637621E2FD39431BBD4 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
[2012/07/27 14:51:44 | 000,002,620 | ---- | M] () MD5=DCF7A8843832327386B81ABD189AC236 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2012/07/27 14:52:00 | 000,002,997 | ---- | M] () MD5=DD3F4DAF426555D8D85FF4D7C5A04F37 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
[2010/11/15 22:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx
[2012/07/27 14:51:48 | 000,002,599 | ---- | M] () MD5=F09D769A94767C3C7E7015A5C6C99A39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
[2012/07/27 14:51:46 | 000,002,628 | ---- | M] () MD5=F844D742DB53C7D671BF7ED6517414D1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
[2012/07/27 14:51:44 | 000,002,582 | ---- | M] () MD5=FED4BDA3B6A9EB9DB59C254D8C987495 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx

< MD5 for: SERVICES.ASFX1 >
[2010/11/15 22:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1

< MD5 for: SERVICES.ASFX10 >
[2010/11/15 22:02:34 | 000,000,233 | R--- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10

< MD5 for: SERVICES.ASFX11 >
[2010/11/15 22:02:26 | 000,000,227 | R--- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11

< MD5 for: SERVICES.ASFX12 >
[2010/11/15 22:02:30 | 000,000,225 | R--- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12

< MD5 for: SERVICES.ASFX13 >
[2010/11/15 22:02:30 | 000,000,228 | R--- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13

< MD5 for: SERVICES.ASFX14 >
[2010/11/15 22:02:26 | 000,000,228 | R--- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14

< MD5 for: SERVICES.ASFX15 >
[2010/11/15 22:02:26 | 000,000,231 | R--- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15

< MD5 for: SERVICES.ASFX16 >
[2010/11/15 22:02:34 | 000,000,232 | R--- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16

< MD5 for: SERVICES.ASFX17 >
[2010/11/15 22:02:34 | 000,000,230 | R--- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17

< MD5 for: SERVICES.ASFX18 >
[2010/11/15 22:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18

< MD5 for: SERVICES.ASFX19 >
[2010/11/15 22:02:26 | 000,000,225 | R--- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19

< MD5 for: SERVICES.ASFX2 >
[2010/11/15 22:02:36 | 000,000,264 | R--- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2

< MD5 for: SERVICES.ASFX20 >
[2010/11/15 22:02:38 | 000,000,231 | R--- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20

< MD5 for: SERVICES.ASFX21 >
[2010/11/15 22:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21

< MD5 for: SERVICES.ASFX22 >
[2010/11/15 22:02:24 | 000,000,231 | R--- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22

< MD5 for: SERVICES.ASFX23 >
[2010/11/15 22:02:26 | 000,000,225 | R--- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23

< MD5 for: SERVICES.ASFX24 >
[2010/11/15 22:02:32 | 000,000,229 | R--- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24

< MD5 for: SERVICES.ASFX25 >
[2010/11/15 22:02:36 | 000,000,232 | R--- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25

< MD5 for: SERVICES.ASFX3 >
[2010/11/15 22:02:34 | 000,000,229 | R--- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3

< MD5 for: SERVICES.ASFX4 >
[2010/11/15 22:02:26 | 000,000,226 | R--- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4

< MD5 for: SERVICES.ASFX5 >
[2010/11/15 22:02:34 | 000,000,233 | R--- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5

< MD5 for: SERVICES.ASFX6 >
[2010/11/15 22:02:36 | 000,000,231 | R--- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6

< MD5 for: SERVICES.ASFX7 >
[2010/11/15 22:02:34 | 000,000,245 | R--- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7

< MD5 for: SERVICES.ASFX8 >
[2010/11/15 22:02:34 | 000,000,231 | R--- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8

< MD5 for: SERVICES.ASFX9 >
[2010/11/15 22:02:30 | 000,000,234 | R--- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9

< MD5 for: SERVICES.CFG >
[2013/09/03 07:53:56 | 000,558,864 | ---- | M] () MD5=4097D9DB7F5DB4533DDA8271136C9B7B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 11:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg
[2010/11/15 22:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg

< MD5 for: SERVICES.DAT >
[2013/11/05 16:18:20 | 000,003,117 | ---- | M] () MD5=5F3B95A58780ADA3F223F004CDEE9967 -- C:\Users\Cheryl\AppData\Local\Temp\jrt\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\windows\SysNative\en-US\services.exe.mui
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
[2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2013/07/16 14:28:04 | 000,186,248 | ---- | M] () MD5=3190DA6D96EAE3A354AE533BA0D35D5F -- C:\Program Files (x86)\OpenOffice 4\program\services.rdb

< MD5 for: SERVICES.SBS >
[2013/07/16 12:21:30 | 000,034,818 | ---- | M] () MD5=E2ACBC77020C8D5CE97CA61D0D859A44 -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is TI106140W0C
Volume Serial Number is B6D9-B7F2
Directory of C:\
07/13/2009 11:08 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:08 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Cheryl
10/29/2012 05:44 PM <JUNCTION> Application Data [C:\Users\Cheryl\AppData\Roaming]
10/29/2012 05:44 PM <JUNCTION> Cookies [C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Cookies]
10/29/2012 05:44 PM <JUNCTION> Local Settings [C:\Users\Cheryl\AppData\Local]
10/29/2012 05:44 PM <JUNCTION> My Documents [C:\Users\Cheryl\Documents]
10/29/2012 05:44 PM <JUNCTION> NetHood [C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
10/29/2012 05:44 PM <JUNCTION> PrintHood [C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
10/29/2012 05:44 PM <JUNCTION> Recent [C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Recent]
10/29/2012 05:44 PM <JUNCTION> SendTo [C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\SendTo]
10/29/2012 05:44 PM <JUNCTION> Start Menu [C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Start Menu]
10/29/2012 05:44 PM <JUNCTION> Templates [C:\Users\Cheryl\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Cheryl\AppData\Local
10/29/2012 05:44 PM <JUNCTION> Application Data [C:\Users\Cheryl\AppData\Local]
10/29/2012 05:44 PM <JUNCTION> History [C:\Users\Cheryl\AppData\Local\Microsoft\Windows\History]
10/29/2012 05:44 PM <JUNCTION> Temporary Internet Files [C:\Users\Cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Cheryl\Documents
10/29/2012 05:44 PM <JUNCTION> My Music [C:\Users\Cheryl\Music]
10/29/2012 05:44 PM <JUNCTION> My Pictures [C:\Users\Cheryl\Pictures]
10/29/2012 05:44 PM <JUNCTION> My Videos [C:\Users\Cheryl\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 11:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
50 Dir(s) 231,648,899,072 bytes free

< End of report >

OTL Extras logfile created on: 12/6/2013 5:13:59 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cheryl\Desktop\ICEMAGGEDON VIRUS DAY 2013
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 55.86% Memory free
7.74 Gb Paging File | 5.50 Gb Available in Paging File | 71.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.45 Gb Total Space | 215.77 Gb Free Space | 75.59% Space Free | Partition Type: NTFS

Computer Name: ANNA-PC | User Name: Cheryl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4025698951-3597766224-2063219151-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{082292F7-F19E-4778-B972-96C8122BF36C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21DD1793-812E-410E-81CD-F35D4DD7CB55}" = lport=445 | protocol=6 | dir=in | app=system |
"{29E65203-ADC8-40C3-9345-01ACD2DFD422}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{33418E0A-FFEA-43C9-A745-33FA684DD673}" = rport=137 | protocol=17 | dir=out | app=system |
"{43134FC0-742E-4670-862D-1AC49C0E52C2}" = lport=139 | protocol=6 | dir=in | app=system |
"{49254A37-7D33-49B9-B8E0-516212AFF74D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{57DDC26D-5BA2-4302-926E-693747056193}" = lport=137 | protocol=17 | dir=in | app=system |
"{5836503B-3CF8-4DA1-A850-0504A574B39A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6ACAD163-F837-4026-AD3A-0B7AD936D809}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6F4A317E-8617-4A1C-A76E-F5B999F2B463}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7182F62E-0F81-4D33-B94D-7072383F9512}" = rport=445 | protocol=6 | dir=out | app=system |
"{9202D59A-F4E4-4D1E-A642-D3D01C881BE2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{95A9CE85-DE50-427F-A2B6-55AFEF8C028A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9874BF83-019A-4C05-A140-B71D5068DF62}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9ED89ED3-A8DF-42EB-9430-2B65E9D632DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{A0F920A0-209A-4F58-A6FA-08FFA03FB009}" = lport=138 | protocol=17 | dir=in | app=system |
"{AEF10A59-CA57-4A0A-A99A-3449429DB27A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B281EDB6-EDA2-4FB1-B07F-F039D358B387}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B8FDD19D-8681-42B5-A87A-138E71315297}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3DB3ED7-2738-4180-98F8-89E72099F45A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CCD66298-00AA-4CE9-A3AD-72BE0C288A2D}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
"{DCD9213E-219E-4D87-9363-0C68A75CB00E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E70F7BFA-F9D6-4C3A-913A-14EFEE94B482}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA962B98-0AF1-420A-97AB-FFE826B164DA}" = rport=139 | protocol=6 | dir=out | app=system |
"{F190301F-5915-4BB1-81D9-3859DAC94E3E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F31A8334-0320-4C98-B701-FD0C16E3718F}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
"{F4585D0B-6F2E-4687-BC17-070546A94C4C}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D4E6EC-B61F-460E-A36C-DFC428B4AF45}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{10BC266B-CCEC-436D-A14D-E090B9A27D1F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1C16B045-AC31-402F-B966-F74CE632ECB5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CD4CBE6-BCAC-4033-BCE2-F39063C2EF22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E979BED-C8D5-4EE2-A207-688798CC02CD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{211BC241-C07F-4A88-AA80-25345892ED76}" = protocol=1 | dir=in | [email protected],-28543 |
"{261972B4-4508-4298-83E9-1C0AE19A7A9C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{28D35F47-E603-4128-8F07-456F5A5F8235}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{36580002-CB93-4558-B403-80214FB77C20}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B3829DB-FF70-4450-B763-262688BECFCE}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{3BA4A813-4718-4319-8F42-C7339C8CF4E8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3BE83E7D-2BF3-475F-AA96-3E1A4FEFC756}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{44EBE601-4023-46D9-A041-995F94332BEF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{4ED622BB-5BE1-4CA3-84A1-D714EA895782}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5223978D-46E5-4F36-AE7C-DE24A51AEE6A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{53B9163A-FB9C-4BA4-AFA4-57CD7C215605}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{668E648E-928C-44A7-A2A5-D8277B4EA390}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6A6AEB4B-3D02-4860-88D9-C252B289CC7F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{70B41359-B8BE-4E91-869D-A956CF765E1E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{77D12CCC-9B94-4B2B-8643-BD2E44607E08}" = protocol=6 | dir=out | app=system |
"{7B5B5944-A11E-4581-A61A-ACD0DF66D76A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7DA0E85A-E208-404B-8ED0-5B04BDF95588}" = protocol=58 | dir=out | [email protected],-28546 |
"{810DCCC3-7994-4001-B001-F31BBF6250B5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8181FE64-1C02-447B-88F1-791611D2877A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{86ACFD25-9D0F-41A6-B652-4B5279150EB9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{889D5EBC-8D55-422C-876C-5704ECE727F8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{8C768B2F-2E47-4D24-BEE5-307812066C7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93D7CB7F-6876-4C6D-B713-AA9A49369B98}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{942B4BEA-6C60-40B5-B08F-EBE4C9E04B68}" = protocol=58 | dir=in | [email protected],-28545 |
"{96F61AFE-F03C-4EA2-BB42-174D143C48E0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A892B49D-0A62-452B-9CA1-95096BF01BF8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A97B7DA0-81F5-4122-A290-40CAD9BD2B9D}" = protocol=1 | dir=out | [email protected],-28544 |
"{B4FC911F-00F7-4D11-8CBC-AE177989C754}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BBFA3F40-75E7-4D7E-81BC-CF454C3356C0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{C44029D5-5509-438E-8156-334149175444}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D2930FCC-CAC0-41F2-B645-26A6BB19F97A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{D89A4659-778F-4279-9216-B023B6D4DDD6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D90B1F25-7334-4AA9-8A12-A56BE96CB1C2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{DDD4B295-0828-4FFA-B5CD-848A04B55459}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E5937064-CACE-4625-B741-D355E43571C4}" = dir=in | app=c:\users\anna\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{E5E51361-6F0E-4614-AD69-CEC93FD0D5E4}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{EA640134-CB2A-4DD9-9BCB-D76657884962}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F0F13D88-A402-47AC-8ADE-B951157D92BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF5740A0-E302-418D-B0A5-61A72E8C54D5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"TCP Query User{623AB176-0390-4E62-9C10-3DB2FE9D433A}C:\users\anna\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\anna\appdata\roaming\spotify\spotify.exe |
"TCP Query User{8DCCA91F-CE20-4D03-A62D-86F2FA837CC1}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
"TCP Query User{98E33570-639C-4397-B779-E44D76C3C7CF}C:\users\cheryl\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\cheryl\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9A6DDF1A-5C2D-43F4-A8BD-BA17B6DFC97F}C:\users\cheryl\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\cheryl\appdata\roaming\spotify\spotify.exe |
"UDP Query User{204BF775-46BF-4DCD-B3B2-8D7DAB6F0130}C:\users\cheryl\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\cheryl\appdata\roaming\spotify\spotify.exe |
"UDP Query User{553D4C5F-4F92-4E5E-8262-82A356DF3777}C:\users\cheryl\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\cheryl\appdata\roaming\spotify\spotify.exe |
"UDP Query User{A3C673B7-04F9-4468-BC04-CE24023DD348}C:\program files (x86)\secondlifeviewer\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer\slvoice.exe |
"UDP Query User{ADABBCE7-DE61-4FF1-A457-CB345AF30E62}C:\users\anna\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\anna\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E2C5655-556D-479A-A85B-CD93325E5594}" = AVG 2013
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{F55C2C4D-694F-4569-A3BC-5FB6C1FDD84C}" = AVG 2013
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{F73A118B-8271-47E2-8790-0C636B2539C5}" = iTunes
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"AVG" = AVG 2013
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIM Toolbar" = AOL Messaging Toolbar
"AIM_7" = AIM 7
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"TurboTax 2010" = TurboTax 2010
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4025698951-3597766224-2063219151-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app
"Spotify" = Spotify

< End of report >
  • 0

#13
anon0mouse
Posted 06 December 2013 - 05:50 PM

anon0mouse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
On second viewing - The http://search.condui...9341077919&UM=2 is still coming up on my laptop,

But when I go to Chrome:Extensions, it is no longer there.

And the audio output is still sounding like an override of alien sounds..Very high frequency sounds...buzzes, and squeaks and reverberating echoing non melodic noise, short staccato, then long drawn out hisses, and it's quite odd. This is without any thing playing on my music or media at all.

I went into the volume mixer out of curiosity, and unmuted the Device/ Speakers, Applications/System Sounds and Itunes. The sound is gone. But, when I unmute the Microphone Conexant CX20671 Smart Audio HD - the odd high frequency pitch noise starts again. If I keep the microphone muted, it is fine. That said, I do need to have the use of my microphone but at least I can listen to music and hopefully watch media/Netflix.


:(

Edited by anon0mouse, 06 December 2013 - 06:39 PM.

  • 0

#14
Machiavelli
Posted 07 December 2013 - 05:19 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Uninstalls

I want you to uninstall following programs (XP: Start > Control Panel > Add/Remove Programs | Vista / Win7 / Win8: Start > Control Panel > uninstall a program):

  • Best Buy pc app

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CreateRestorePoint]

:OTL
O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll File not found
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll File not found
O3 - HKU\S-1-5-21-4025698951-3597766224-2063219151-1004\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll File not found

:Files
C:\ProgramData\Best Buy pc app

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, please post the content of the file, which opened after the reboot, into your next reply.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

ESET Online Scanner

Please disable your AntiVirus before doing these steps!

  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer
  • Please download ESET Online Scanner from here

How to do this?

  • Visit this website here
  • You will see a screen like this:


    Posted Image

    • Click Run ESET Online Scanner

      Posted Image
    • A Window will open (see above) - please click on the link
    • A window will pop up - please download the file to your Desktop
    • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

      Posted Image
    • Tick the box next to YES, I accept the Terms of Use then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

      Posted Image
    • Make sure that the option Remove found threats is NOT checked.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Then click on Start
    • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

      Posted Image
    • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • I want you to uninstall following programs (XP: Start > Control Panel > Add/Remove Programs | Vista / Win7 / Win8: Start > Control Panel > uninstall a program):
    • ESET Online Scanner

Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

System Look

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :folderfind
*Conduit*

:regfind
*Conduit*

:filefind
*Conduit*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#15
anon0mouse
Posted 07 December 2013 - 01:36 PM

anon0mouse

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Thank you Machiavelli.

I did everything according to your instructions. Thank you for the guidance.

A few things I wanted to share, do not know if this is helpful -

1) This laptop was originally my daughter's. She had her own identity as a user on here. I believe it is still on the laptop and would show as ANNA PC or MIKE PC. And there are programs that open under her identity. I believe she was the one who added the Best Buy application. Also, I noticed that AVAST showed up in some searches as being on the laptop thought I was unable to find it in the uninstall programs list. Again, I am a layperson so I do not know if this is important. I have attached the error message that occurred when I tried to remove (again) Best Buy.

2)Conduit is still on the laptop,when I restarted the machine, it opens as one of the tabs that comes up along with my CNN, Facebook, Google tabs that I have set to open when I open Chrome browser.

3) I have had what I now realize may be a part of a previous virus issue maybe? The Java update alert flashes probably every time I am on my laptop. Sometimes I click update other times I ignore it but it only now crosses my mind that this is unusual.It is a repetitive alert that happens at least 2 to three times when I am on my computer. I have taken a screen shot and attached the file (Java update alert)

4) Also, the high pitched frequency noise coming over the speakers is still on my laptop. I mute the microphone and it stops but it is still there.

5) Additionally ESET showed a message that it found other antivirus software on the machine even though I don't know where the AVAST program is loaded, I don't use it and I did turn off AVG before I did the ESET scan as you instructed. (Attached screen shot)

Cutting and pasting as you requested:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0cda128-b425-4eef-a174-61a11ac5dbf8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{61539ecd-cc67-4437-a03c-9aaccbd14326} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ecd-cc67-4437-a03c-9aaccbd14326}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4025698951-3597766224-2063219151-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326}\ not found.
========== FILES ==========
File\Folder C:\ProgramData\Best Buy pc app not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anna

User: Cheryl
->Temp folder emptied: 2223958 bytes
->Temporary Internet Files folder emptied: 1610988 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 218590071 bytes
->Flash cache emptied: 643 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2134 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 212.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12072013_083910

Files\Folders moved on Reboot...
C:\Users\Cheryl\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R0SS2P7P\index[1].htm moved successfully.
C:\Users\Cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HLO0ALFH\i[1] moved successfully.
C:\Users\Cheryl\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.07.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
Cheryl :: ANNA-PC [administrator]

Protection: Enabled

12/7/2013 8:51:32 AM
mbam-log-2013-12-07 (08-51-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243537
Time elapsed: 7 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1560899f8cdf324bbc7445dae30d75b9
# engine=16178
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-07 06:08:39
# local_time=2013-12-07 12:08:39 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 33 1 18745445 18745445 0 0
# compatibility_mode=1043 16777213 100 87 0 72630503 0 0
# compatibility_mode=5893 16776574 100 94 12608958 137983169 0 0
# scanned=153122
# found=9
# cleaned=0
# scan_time=8964
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mozilla Firefox\nsprotector.js.vir"
sh=145D4E038E2F1D7F3121804FE23C667103813C78 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM118.zip"
sh=03D480C325AD7DA1B907BAFDEB974FA30B0D866C ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM158.zip"
sh=90D17D2E2281BD4EF4C0F2E21D98F8F60777AC7C ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM212.zip"
sh=F315D7C7672C0ACD97058DA40000AB1FAB8019F0 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\SweetIM35.zip"
sh=145D4E038E2F1D7F3121804FE23C667103813C78 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM118.zip"
sh=03D480C325AD7DA1B907BAFDEB974FA30B0D866C ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM158.zip"
sh=90D17D2E2281BD4EF4C0F2E21D98F8F60777AC7C ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM212.zip"
sh=F315D7C7672C0ACD97058DA40000AB1FAB8019F0 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\SweetIM35.zip"


Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2013
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java™ 6 Update 17
Java 7 Update 40
Java version out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader 10.1.8 Adobe Reader out of Date!
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
Cheryl Desktop ICEMAGGEDON VIRUS DAY 2013 SecurityCheck.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 10%
````````````````````End of Log``````````````````````


SystemLook 30.07.11 by jpshortstuff
Log created at 12:49 on 07/12/2013 by Cheryl
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== folderfind ==========

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\Cheryl\AppData\LocalLow\Conduit d------ [22:46 06/12/2013]
C:\_OTL\MovedFiles\12062013_161327\C_ProgramData\Conduit d------ [05:23 06/12/2013]

========== regfind ==========

Searching for "*Conduit*"
No data found.

========== filefind ==========

Searching for "*Conduit*"
C:\AdwCleaner\Quarantine\C\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal.vir --a---- 3608 bytes [05:26 06/12/2013] [21:56 06/12/2013] 88F7B48045270F3F19FA3C5323EA6AFE
C:\AdwCleaner\Quarantine\C\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage.vir --a---- 3072 bytes [05:26 06/12/2013] [21:56 06/12/2013] 4E7B6A1CC174A4911D16E2A913C3A9E6
C:\AdwCleaner\Quarantine\C\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage-journal.vir --a---- 3608 bytes [06:27 06/12/2013] [06:27 06/12/2013] DDA5E9DF25C4D7F1D9E6705187F9BC15
C:\AdwCleaner\Quarantine\C\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.conduit.com_0.localstorage.vir --a---- 3072 bytes [06:27 06/12/2013] [06:27 06/12/2013] 3989ED30112E3E1E0B3B674710E2B6D0
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206600 bytes [14:11 07/09/2013] [14:11 07/09/2013] D30AECBCF91165E95F31B19BF4987454
C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage --a---- 3072 bytes [05:27 06/12/2013] [21:56 06/12/2013] 7E17313592F2955354DFE3D2BB2A7725
C:\Users\Cheryl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_cap1.conduit-apps.com_0.localstorage-journal --a---- 3608 bytes [05:27 06/12/2013] [21:56 06/12/2013] 0FF127E502569144FE5A97821051F49D
C:\_OTL\MovedFiles\12062013_161327\C_Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\ConduitAbstractionLayer.js --a---- 36524 bytes [21:43 20/11/2013] [21:43 20/11/2013] 085324A976807D7A28BF1C38ABAD0F4D
C:\_OTL\MovedFiles\12062013_161327\C_Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\ConduitAbstractionLayerBack.js --a---- 36524 bytes [21:43 20/11/2013] [21:43 20/11/2013] 085324A976807D7A28BF1C38ABAD0F4D
C:\_OTL\MovedFiles\12062013_161327\C_Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\ConduitAbstractionLayerFront.js --a---- 36524 bytes [21:43 20/11/2013] [21:43 20/11/2013] 085324A976807D7A28BF1C38ABAD0F4D
C:\_OTL\MovedFiles\12062013_161327\C_Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\aboutBox\images\conduit-logo-OLD.png --a---- 1305 bytes [21:43 20/11/2013] [21:43 20/11/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\_OTL\MovedFiles\12062013_161327\C_Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\aboutBox\images\conduit-logo.png --a---- 3926 bytes [21:43 20/11/2013] [21:43 20/11/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\_OTL\MovedFiles\12062013_161327\C_Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Chrome\CT3306061\content\tb\al\options\images\conduit-logo.png --a---- 3926 bytes [21:43 20/11/2013] [21:43 20/11/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\_OTL\MovedFiles\12062013_161327\C_Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\lib\log4conduit.jsm --a---- 760 bytes [21:43 20/11/2013] [21:43 20/11/2013] 93898FE6A232C5FCD838D8168F65D802
C:\_OTL\MovedFiles\12062013_161327\C_Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}\Plugins\npConduitFirefoxPlugin.dll --a---- 206624 bytes [21:43 20/11/2013] [21:43 20/11/2013] 72473F5229516838E3410EC27114B701
C:\_OTL\MovedFiles\12062013_161327\C_Users\Cheryl\AppData\Roaming\mozilla\Firefox\Profiles\jq2tr9b6.default\searchplugins\conduit.xml --a---- 1003 bytes [05:21 06/12/2013] [05:26 06/12/2013] E6CB09E7AE2A6674905280545009DC1F

-= EOF =-


120713 102 pm continuing java update alert always pops upUNTITLED.png

Attached Thumbnails

  • 120713 1256 pmconduit connect search still on compter separate tab Untitled.png
  • 120713 Remove Best By pc ERROR msg Untitled.png
  • eset 120713 found antivirus window 928 am Untitled.png

Edited by anon0mouse, 07 December 2013 - 01:45 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP