Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to restart computer - or install antivirus [Closed]


  • This topic is locked This topic is locked

#1
clubber

clubber

    Member

  • Member
  • PipPip
  • 13 posts
My computer is experiencing a number of issues. The most critical one is that whenever I shut down, it logs off then says a message similar to "Preparing for Windows update, do not turn off your computer." But it stays with that message indefinitely (well at least overnight) without ever logging off. I tried to install AVG antivirus to clean up my computer. However, the installation was not able to complete due to the inability to completely log off and log on successfully.

Yesterday I noticed Sendori in my startup list and seemed to uninstall it and another piece of malware that supposedly prevents hijacking of my default browser search (Conduit?). I also saw a setwallpaper.cmd in my startup list that now seems to be successfully uninstalled.

I get a security warning when I try to log in to tumblr and I am unable to reset my password.

Other problems - occasionally the clock randomly resets to a date and time in 2008. The utility to reset the time to the internet time freezes before the internal clock can update.

Attached Files

  • Attached File  OTL.Txt   92.68KB   94 downloads

  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,909 posts
Hi clubber, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Privet Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you which requires time as both teachers and helpers are volunteers here. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face. :)

 

Never attach or put logs inside quote/code boxes unless told otherwise. Post the Extras.txt located in C:\Users\Dave\Downloads

Regards,
Valinorum
  • 0

#3
clubber

clubber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for the response. Here is the output of the diagnostic tool, posted in the body rather than as an attachment.

OTL logfile created on: 12/27/2013 11:44:03 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.79 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 46.21% Memory free
7.59 Gb Paging File | 5.33 Gb Available in Paging File | 70.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 278.04 Gb Free Space | 61.63% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/27 11:40:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Downloads\OTL (1).exe
PRC - [2013/12/08 19:33:42 | 001,771,544 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
PRC - [2013/12/08 19:33:42 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
PRC - [2013/08/14 10:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/24 16:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/30 09:52:37 | 001,592,160 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mikogo 4\M4-Capture.exe
PRC - [2012/01/16 02:04:46 | 001,007,472 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mikogo 4\M4-Service.exe
PRC - [2010/03/17 12:54:36 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/01/04 16:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/12/10 00:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/12/10 00:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/11/24 12:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/11/09 18:20:36 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/10/26 19:29:32 | 006,998,656 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2009/10/26 09:10:42 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009/09/30 18:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 18:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/19 19:31:48 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009/07/31 09:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/06/24 11:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/06/19 09:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 09:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 16:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/22 16:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/03/31 01:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 10:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/03 18:48:04 | 000,399,312 | ---- | M] () -- C:\Users\Dave\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 18:48:03 | 013,586,896 | ---- | M] () -- C:\Users\Dave\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 18:48:02 | 004,055,504 | ---- | M] () -- C:\Users\Dave\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 18:47:11 | 000,702,416 | ---- | M] () -- C:\Users\Dave\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 18:47:11 | 000,099,792 | ---- | M] () -- C:\Users\Dave\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 18:47:08 | 001,619,408 | ---- | M] () -- C:\Users\Dave\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/03/13 12:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 15:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/08/28 13:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/08/21 22:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/06/24 19:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 19:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/04 16:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/24 12:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2007/11/30 10:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/06/15 09:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/01 16:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/12/09 17:30:34 | 000,017,416 | ---- | M] (Microsoft Corporation) [Auto | Stop_Pending] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/12/07 15:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/12/13 15:22:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/08 19:33:42 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/14 10:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/01/16 02:04:46 | 001,007,472 | ---- | M] () [Auto | Running] -- C:\Users\Dave\AppData\Roaming\Mikogo 4\M4-Service.exe -- (M4-Service)
SRV - [2010/03/18 10:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/12/10 00:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009/11/09 18:20:36 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/09/30 18:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 18:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/15 16:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/03/31 01:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/17 12:41:35 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 22:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/22 12:44:12 | 000,020,752 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2011/03/10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/25 17:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/17 12:54:27 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/12/03 18:17:37 | 000,107,120 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2009/11/26 13:15:13 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/11/02 19:06:35 | 000,087,552 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2009/11/02 19:06:35 | 000,014,592 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2009/10/29 18:50:03 | 000,704,512 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/10/25 20:39:43 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/15 01:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/10/04 17:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/18 00:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/08/06 13:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 01:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 15:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/18 11:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 12:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 02:16:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/05/13 08:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/12/08 16:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/05/23 16:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 16:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {3f842035-47f4-4f10-846b-6199b07f09b8} - C:\Program Files (x86)\KeyBar_2.3\prxtbKeyB.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {B175CEA6-6FEA-4D2A-BFFA-3A219E913143}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1291161175-1035773750-1270197159-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-1291161175-1035773750-1270197159-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1291161175-1035773750-1270197159-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...8E55BFADD&SSPV=
IE - HKU\S-1-5-21-1291161175-1035773750-1270197159-1001\..\URLSearchHook: {3f842035-47f4-4f10-846b-6199b07f09b8} - C:\Program Files (x86)\KeyBar_2.3\prxtbKeyB.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1291161175-1035773750-1270197159-1001\..\SearchScopes,DefaultScope = {B175CEA6-6FEA-4D2A-BFFA-3A219E913143}
IE - HKU\S-1-5-21-1291161175-1035773750-1270197159-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....sa&d=2013-09-04 15:13:38&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1291161175-1035773750-1270197159-1001\..\SearchScopes\{B175CEA6-6FEA-4D2A-BFFA-3A219E913143}: "URL" = http://search.condui...4673168214&UM=2
IE - HKU\S-1-5-21-1291161175-1035773750-1270197159-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1291161175-1035773750-1270197159-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.2.0.38 [2013/12/08 19:34:01 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://mysearch.avg....sa&d=2013-09-04 15:13:38&v=15.5.0.2&pid=safeguard&sg=0&sap=hp
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: AVG SiteSafety plugin (Disabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Entanglement Web App = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: Free Cuckold Community at CuckoldPlace.com = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjoecghhfcanibacbkoiocemnledjaaj\2012.10.25.49867_0\
CHR - Extension: KeyBar 2.3 = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\
CHR - Extension: KeyBar 2.3 = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\nativeMessaging\nmHost
CHR - Extension: Skype Click to Call = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.11.0.13348_0\
CHR - Extension: Poppit = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: AT_ChristopheLopez-Huici = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\mldcndgjaaommbfoppackndancebpjhn\3\
CHR - Extension: AVG SafeGuard = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\
CHR - Extension: Google Wallet = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (KeyBar 2.3 Toolbar) - {3f842035-47f4-4f10-846b-6199b07f09b8} - C:\Program Files (x86)\KeyBar_2.3\prxtbKeyB.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (KeyBar 2.3 Toolbar) - {3f842035-47f4-4f10-846b-6199b07f09b8} - C:\Program Files (x86)\KeyBar_2.3\prxtbKeyB.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1291161175-1035773750-1270197159-1001\..\Toolbar\WebBrowser: (KeyBar 2.3 Toolbar) - {3F842035-47F4-4F10-846B-6199B07F09B8} - C:\Program Files (x86)\KeyBar_2.3\prxtbKeyB.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1291161175-1035773750-1270197159-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" File not found
O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1291161175-1035773750-1270197159-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....k_sys_ctrl3.cab (asusTek_sysctrl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{273C6BD6-7A02-448C-9872-1B37C5CD781D}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4943ACF8-BD78-4907-A05E-2B7220A1D5E3}: DhcpNameServer = 192.168.0.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66750B01-AD42-4EEC-BD04-F944C41A68BC}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cea63e49-774c-11e1-9974-485b3926b731}\Shell - "" = AutoRun
O33 - MountPoints2\{cea63e49-774c-11e1-9974-485b3926b731}\Shell\AutoRun\command - "" = D:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/27 11:42:55 | 005,158,590 | ---- | C] (Swearware) -- C:\Users\Dave\Desktop\ComboFix.exe
[2013/12/24 13:38:40 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\Casey
[2013/12/22 17:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2013/12/20 18:24:18 | 000,000,000 | ---D | C] -- C:\Users\Dave\.matplotlib
[2013/12/20 18:24:15 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Slice
[2013/12/20 18:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\evplusplus
[2013/12/20 18:23:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\evplusplus
[2013/12/18 12:58:24 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\fahad
[2013/12/15 02:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/11/27 17:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultimate Gaming
[2013/11/27 17:09:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ultimate Gaming
[2008/08/11 20:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[12 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/27 11:43:24 | 005,158,590 | ---- | M] (Swearware) -- C:\Users\Dave\Desktop\ComboFix.exe
[2013/12/27 11:14:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/27 11:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/27 10:54:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1291161175-1035773750-1270197159-1001UA.job
[2013/12/27 10:39:14 | 003,643,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/27 10:39:14 | 001,163,504 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/27 10:39:14 | 000,005,152 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/27 10:35:17 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013/12/27 10:34:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/27 10:34:37 | 3054,903,296 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/27 04:08:36 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/27 04:08:36 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/18 13:55:21 | 000,001,124 | ---- | M] () -- C:\Users\Dave\Desktop\Continue Zip Opener Installation.lnk
[2013/12/13 15:20:53 | 000,001,324 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013/12/08 12:33:04 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1291161175-1035773750-1270197159-1001Core.job
[2013/12/02 10:37:26 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/12/01 03:01:16 | 615,997,913 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/29 17:11:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/29 17:10:48 | 000,359,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/27 17:09:54 | 000,001,161 | ---- | M] () -- C:\Users\Public\Desktop\Ultimate Poker.lnk
[12 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/18 13:55:21 | 000,001,124 | ---- | C] () -- C:\Users\Dave\Desktop\Continue Zip Opener Installation.lnk
[2013/11/27 17:09:54 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Poker.lnk
[2013/11/27 17:09:54 | 000,001,161 | ---- | C] () -- C:\Users\Public\Desktop\Ultimate Poker.lnk
[2012/10/23 20:08:29 | 000,000,096 | ---- | C] () -- C:\Users\Dave\.asadminpass
[2012/02/26 18:23:45 | 000,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/02/26 18:23:45 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/02/26 18:23:06 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/02/26 18:20:27 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/02/26 18:20:27 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/12/01 17:06:43 | 000,000,000 | ---- | C] () -- C:\Users\Dave\AppData\Local\{5751AEC2-B581-4415-95C8-7ADEC958C9D4}
[2011/12/01 16:50:12 | 000,000,000 | ---- | C] () -- C:\Users\Dave\AppData\Local\{E9A0AB36-39DF-4B17-BAFB-4FC630B3223F}
[2010/12/13 06:10:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/21 21:59:06 | 000,005,077 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2009/04/08 09:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 07:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/28 23:25:27 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\apn
[2012/11/06 13:13:26 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
[2010/11/21 23:11:33 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/12/27 10:36:30 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Dropbox
[2011/10/12 01:51:28 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\FileZilla
[2012/04/30 09:52:44 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Mikogo 4
[2013/11/02 19:24:01 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\OpenCandy
[2013/11/02 19:30:51 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SearchProtect
[2013/11/02 19:50:05 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\TuneUpMedia
[2012/10/23 20:06:40 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\updatetool
[2013/10/28 07:55:14 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\WSOP.com

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker:MID
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker 2.0:MID

< End of report >
  • 0

#4
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,909 posts
Thank you but this is the OTL.txt. I am looking for the Extras.txt which is generated by OTL.exe on its first run and is located in the same location as OTL.exe. If you still have it, post it or merely acknowledge that it is not present and we will move into next step. :)
  • 0

#5
clubber

clubber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here you go

OTL Extras logfile created on: 12/27/2013 11:15:09 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.79 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 51.16% Memory free
7.59 Gb Paging File | 5.24 Gb Available in Paging File | 69.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 278.02 Gb Free Space | 61.63% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07D84B00-15FA-4FAC-A120-55C58247B08D}" = lport=137 | protocol=17 | dir=in | app=system |
"{120B75D7-EFBD-429C-ACC5-9095E1BC82BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{127357C0-0349-4382-85A5-419C8496A9F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{233DF4FC-0E2B-45C9-972C-3D608424EBF6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25F4CD6E-06FC-416D-AE61-B35984D1DB72}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{27375133-2E9C-4867-B618-06D7D18B59A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3909F714-5E2C-4710-B0BD-D75489C02595}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{4514DF4E-3794-49D0-B648-3BA7A718A81B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A6F8FFD-5D6F-412C-A83B-BC6BE6522A48}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{571B0FA2-3ABC-495F-8E94-91A228B68DA5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{57BFAE65-AAF3-4DAF-9BE4-D02DD5BC3C67}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{63178C79-1250-483A-88F6-22703906EF08}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{67D79124-3B9C-43AA-A79C-218193BE0857}" = lport=138 | protocol=17 | dir=in | app=system |
"{76006CFD-FCAF-4740-948D-E0BB209A9028}" = rport=137 | protocol=17 | dir=out | app=system |
"{790B7125-58A9-4BFB-822C-E1A9D547183A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8370139D-62E6-495D-B05C-DFA9BC94FDED}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A42E4146-5DFE-4B7B-8CF5-52D7EA526F20}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A4D3EAC8-FD56-4407-9EB1-A7063C63EACB}" = rport=138 | protocol=17 | dir=out | app=system |
"{A64931C5-F218-40C6-AA79-B86E1067B9DE}" = lport=445 | protocol=6 | dir=in | app=system |
"{A8781D97-922E-4A20-AEF1-7339EAF0EC71}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B0A63660-8E76-44C5-8717-BCB22A4775C9}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BBCF8B39-D370-4410-A406-3EFC25824065}" = rport=139 | protocol=6 | dir=out | app=system |
"{D2BEAB73-82B2-4502-B0DD-4C7D3D3A72F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9695F67-70E2-4FE6-9A67-F9A1306D7897}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E06D68BF-7352-4E7B-B184-F258A5BE1621}" = lport=139 | protocol=6 | dir=in | app=system |
"{E3568E62-DC22-43E4-85BA-5E9EAFC8B53A}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F3DEF8-372F-4059-92BC-26B829D0F0CA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{083E9C63-3C51-4565-8C71-3C0381C5508D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0B88E427-7617-4D9D-924E-D573576B2C01}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{0C4633C4-D8DF-4482-B444-12EC5C28EB5D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{11988A53-6415-4BD5-9898-29D53F5F701E}" = protocol=17 | dir=in | app=c:\users\dave\appdata\roaming\dropbox\bin\dropbox.exe |
"{167B5F5C-B972-42F6-B74F-8A4A5B4E30EB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1DDF7844-A266-4F26-849A-CC566C99C408}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{2194D507-1FFB-4A8E-92F3-98AA6F563E0B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{242664D9-925A-49AE-987F-00B837C7F1CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A613447-65D7-43ED-B3EF-C7680686EC61}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2DCD22BB-F4C9-4FCF-834A-EF7AF339C3F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E4C594B-00BA-4F99-8C06-2C48936A8CD1}" = protocol=1 | dir=in | [email protected],-28543 |
"{3E780807-F489-463D-84B6-B13C5ECEF939}" = protocol=58 | dir=in | [email protected],-28545 |
"{3F1A4B28-85F1-4280-A962-48E7E41622BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49BD4DA9-B199-49EC-99F5-16553409942D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4E2EEC99-30CB-4EEA-92F8-1A982E492098}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{58972486-F901-4A20-8AD3-A5310A6FF112}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5E0E3CB5-E75B-4260-A305-D0842053E2F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{656D02DC-B7F3-46CB-BA64-1470363399AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6DA39B41-4D7A-4F77-B64E-B8068813B2AE}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{6FB2E470-CDB2-47B2-AA95-7591CA434008}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{72E26CCF-8D6F-465B-82AE-71E485F2096B}" = protocol=58 | dir=out | [email protected],-28546 |
"{7892C115-93F0-4863-A899-5981DA71F1CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{79C1819C-5EAB-453D-BF44-88CE1780B23F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CC44297-8665-4CA8-A563-272A2D1C9D3A}" = protocol=6 | dir=in | app=c:\program files (x86)\cake poker 2.0\pokerclient.exe |
"{884C521E-A0EB-45AF-866C-AF56384C9FB5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8D293762-0A82-4CB9-B106-D9C34D0EF41C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9F800E86-C9E0-4AE7-8415-CD9DF96DDB1D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{AB778F18-A7DA-47BD-89B9-CF2229C94C57}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{ABA0BFAA-8719-487A-9AD2-32271316F57A}" = protocol=6 | dir=out | app=system |
"{AE49E8A3-7D64-4DB5-9647-D20B1E88F067}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B03CF24B-7B74-4653-B254-CA9804C7EEDB}" = protocol=6 | dir=in | app=c:\users\dave\appdata\roaming\dropbox\bin\dropbox.exe |
"{B89EDC99-F7FB-46C9-9DCA-2ABEB72C78D6}" = protocol=17 | dir=in | app=c:\program files (x86)\cake poker 2.0\pokerclient.exe |
"{BE14A5E0-1255-4DCF-9FA0-9C0E38D424F7}" = protocol=1 | dir=out | [email protected],-28544 |
"{D0DD1ED0-9B50-4300-8A5A-6038BAB13C17}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D4D99BCE-6C2C-469B-89A3-9867D418679A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DCD34915-589F-469E-8BAA-002C2BCCE5B8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{DD361099-9182-4017-BC80-109EF7C8477A}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"TCP Query User{442D839A-722A-4014-AE72-149070BC7404}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{525EEC24-7916-4015-B042-C33CAFA5E8B8}C:\glassfish3\jdk\bin\java.exe" = protocol=6 | dir=in | app=c:\glassfish3\jdk\bin\java.exe |
"TCP Query User{55226EF5-E604-4B39-BA94-7ED51D7E9157}C:\eclipse-java-juno-sr1\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\eclipse-java-juno-sr1\eclipse\eclipse.exe |
"TCP Query User{5DEB4730-0E94-4036-AA50-ED168EEB42AB}C:\eclipse-java-juno-sr1\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\eclipse-java-juno-sr1\eclipse\eclipse.exe |
"TCP Query User{7E9F0826-955C-499D-A1D3-0B579F13D1B4}C:\users\dave\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8ECC48D4-0E9A-4BC7-91F5-683073FB77C4}C:\eclipse\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\eclipse\eclipse\eclipse.exe |
"TCP Query User{94A5D745-F350-40F1-B19C-0600538FAB00}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{CAABEBD6-DC78-41F4-B3C6-89C7F021B43A}C:\users\dave\appdata\local\temp\java_ee_sdk-6u4-jdk-windows-x64.exe2\jdk\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\local\temp\java_ee_sdk-6u4-jdk-windows-x64.exe2\jdk\jre\bin\javaw.exe |
"UDP Query User{194E2A87-7C59-417F-BF46-402AA996C235}C:\glassfish3\jdk\bin\java.exe" = protocol=17 | dir=in | app=c:\glassfish3\jdk\bin\java.exe |
"UDP Query User{3BF4A851-3310-4545-AEAE-AD2EA6BF0119}C:\users\dave\appdata\local\temp\java_ee_sdk-6u4-jdk-windows-x64.exe2\jdk\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\local\temp\java_ee_sdk-6u4-jdk-windows-x64.exe2\jdk\jre\bin\javaw.exe |
"UDP Query User{47D5D01A-9394-4842-BCB8-BACDE5D5B3B0}C:\eclipse-java-juno-sr1\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\eclipse-java-juno-sr1\eclipse\eclipse.exe |
"UDP Query User{55EA209A-0529-4A68-A018-1FB256975071}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{B2DF0246-E594-46E6-A456-5CF6A219EBDD}C:\eclipse\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\eclipse\eclipse\eclipse.exe |
"UDP Query User{CE9BCEF3-A098-430B-9D34-C0B57C248286}C:\users\dave\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D91CB860-23D7-4FDE-A8DF-E4AB40F5159E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{DF5BB86C-533C-460C-9845-657657FCC4EC}C:\eclipse-java-juno-sr1\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\eclipse-java-juno-sr1\eclipse\eclipse.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{48B0F24F-B828-4B1A-A22E-C65454B32A7A}" = Windows Live Family Safety
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3FAE73B-4474-4A1D-A343-2FE248F05265}" = EasyTether
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{38EABA30-2E6D-4D84-B89F-C93216A440D4}" = Ultimate Poker
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}" = Brother MFL-Pro Suite MFC-J615W
"{86D09F48-CDAB-4B4C-8806-F6C16F17935A}" = PokerStrategy.com Equilab
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A00B6300-4810-19EE-F306-7F4C0C2A27CC}" = Balsamiq Mockups For Desktop
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Roxio Burn
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E7192336-2052-4F4C-9AA1-74E87879B602}_is1" = Slice 1.5.2
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS_U_Series_Screensaver" = ASUS_U_Series_Screensaver
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1" = Balsamiq Mockups For Desktop
"Cake Poker 2.0" = Cake Poker 2.0
"FileZilla Client" = FileZilla Client 3.5.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IECT3313051" = KeyBar 2.3 Toolbar for IE
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"STANDARDR" = Microsoft Office Standard 2007
"TuneUpMedia" = TuneUp 3.0.5.1
"Veetle TV" = Veetle TV
"WinLiveSuite_Wave3" = Windows Live Essentials
"WSOP.com" = WSOP.com
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Mikogo 4" = Mikogo 4

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2013 2:51:40 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5491

Error - 12/27/2013 2:51:40 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5491

Error - 12/27/2013 8:08:20 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/27/2013 8:08:20 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19005757

Error - 12/27/2013 8:08:20 AM | Computer Name = Dave-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19005757

Error - 12/27/2013 9:16:11 AM | Computer Name = Dave-PC | Source = VSS | ID = 8193
Description =

Error - 12/27/2013 9:26:11 AM | Computer Name = Dave-PC | Source = System Restore | ID = 8193
Description =

Error - 12/27/2013 9:36:57 AM | Computer Name = Dave-PC | Source = System Restore | ID = 8193
Description =

Error - 12/27/2013 2:39:10 PM | Computer Name = Dave-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 12/27/2013 2:39:10 PM | Computer Name = Dave-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

[ SendoriLogs Events ]
Error - 12/1/2013 5:59:15 AM | Computer Name = Dave-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 12/25/2013 5:33:23 PM | Computer Name = Dave-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

Error - 12/25/2013 5:38:23 PM | Computer Name = Dave-PC | Source = SendoriLog | ID = 99
Description = On EnableObject reference not set to an instance of an object.

[ System Events ]
Error - 12/26/2013 10:39:05 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7031
Description = The Service Sendori service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/27/2013 2:40:24 AM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7031
Description = The Service Sendori service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/27/2013 8:08:35 AM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7031
Description = The Service Sendori service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 12/27/2013 9:15:18 AM | Computer Name = Dave-PC | Source = DCOM | ID = 10010
Description =

Error - 12/27/2013 2:32:16 PM | Computer Name = Dave-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x4), Please contact your system vendor for technical assistance.

Error - 12/27/2013 2:32:16 PM | Computer Name = Dave-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation
Region (0x4), Please contact your system vendor for technical assistance.

Error - 12/27/2013 2:34:43 PM | Computer Name = Dave-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:33:20 AM on ?12/?27/?2013 was unexpected.

Error - 12/27/2013 2:34:46 PM | Computer Name = DAVE-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 12/27/2013 2:34:48 PM | Computer Name = DAVE-PC | Source = Microsoft Antimalware | ID = 5101
Description = %%861 grace period has expired. Protection against viruses, spyware,
and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration
Date (UTC): ?1/?1/?1601 12:00:00 AM Error Code: 0x80092003 Error Description: An
error occurred while reading or writing to a file.

Error - 12/27/2013 2:40:32 PM | Computer Name = Dave-PC | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

#6
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,909 posts
Hi clubber, :)

Combofix is a tool that should not be run without expert guidance. Post the log located in C:\Combofix.txt. Also, I see you have various Poker applications in your system. In recent years there have been many malware issues with Poker sites. Please, acknowledge yourself the infected sites listed here and play safely.

 

Please follow the automatically reset Windows Update components by going here. Do not try the Manual process.

  • Step #1 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
  • Best Buy pc app
  • AVG SafeGuard toolbar
  • KeyBar 2.3 Toolbar for IE
  • Yahoo! Toolbar

 

  • Step #2 Fix with OTL
  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

    :Commands
    [createrestorepoint]

    :OTL
    SRV - [2013/12/08 19:33:42 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
    IE - HKLM\..\URLSearchHook: {3f842035-47f4-4f10-846b-6199b07f09b8} - C:\Program Files (x86)\KeyBar_2.3\prxtbKeyB.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1291161175-1035773750-1270197159-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...8E55BFADD&SSPV=
    IE - HKU\S-1-5-21-1291161175-1035773750-1270197159-1001\..\URLSearchHook: {3f842035-47f4-4f10-846b-6199b07f09b8} - C:\Program Files (x86)\KeyBar_2.3\prxtbKeyB.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1291161175-1035773750-1270197159-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....sa&d=2013-09-04 15:13:38&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-1291161175-1035773750-1270197159-1001\..\SearchScopes\{B175CEA6-6FEA-4D2A-BFFA-3A219E913143}: "URL" = http://search.condui...4673168214&UM=2
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.2.0.38 [2013/12/08 19:34:01 | 000,000,000 | ---D | M]
    CHR - homepage: http://mysearch.avg....sa&d=2013-09-04 15:13:38&v=15.5.0.2&pid=safeguard&sg=0&sap=hp
    CHR - plugin: AVG SiteSafety plugin (Disabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll
    CHR - Extension: KeyBar 2.3 = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\
    CHR - Extension: KeyBar 2.3 = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\nativeMessaging\nmHost
    CHR - Extension: AVG SafeGuard = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O2 - BHO: (KeyBar 2.3 Toolbar) - {3f842035-47f4-4f10-846b-6199b07f09b8} - C:\Program Files (x86)\KeyBar_2.3\prxtbKeyB.dll (Conduit Ltd.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (KeyBar 2.3 Toolbar) - {3f842035-47f4-4f10-846b-6199b07f09b8} - C:\Program Files (x86)\KeyBar_2.3\prxtbKeyB.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-1291161175-1035773750-1270197159-1001\..\Toolbar\WebBrowser: (KeyBar 2.3 Toolbar) - {3F842035-47F4-4F10-846B-6199B07F09B8} - C:\Program Files (x86)\KeyBar_2.3\prxtbKeyB.dll (Conduit Ltd.)
    O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" File not found
    O4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
    [2013/11/02 19:30:51 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SearchProtect

    :Commands
    [resethosts]
    [emptytemp]

  • Click on "Run Fix" and let the program run unhindered;
  • Your PC will reboot automatically and a log will be opened;
  • Please post it in your next reply.

 

  • Step #3 Fix with AdwCleaner
    Download : ADWCleaner to your desktop.

    NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

    Close all programs and click on the AdwCleaner icon.

    Posted Image

    Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

    The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

 

  • Step #4 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
  • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
  • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
  • Please be patient as the tool cleans your system;
  • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
  • Copy and Paste the contents of the log in your next reply.

 

  • Required Log(s):
  • ComboFix Log;
  • OTL Fix Log;
  • AdwCleaner Log;
  • Junkware Removal Tool Log

Regards,
Valinorum

Edited by Valinorum, 30 December 2013 - 12:58 AM.

  • 0

#7
clubber

clubber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for the instructions. I haven't run the combofix tool so I don't have a log. I only downloaded it as I was searching to fix my issues. I do not see the Best Buy pc app in my list of applications to uninstall. I am going to proceed and work on step 2 now.
  • 0

#8
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,909 posts

I haven't run the combofix tool so I don't have a log.

Good move. Proceed with the steps.
  • 0

#9
clubber

clubber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
So I had an issue with step 2. I ran OTL. After it completed running, my computer went to reboot. It closed all the programs and said Logging Off, but it never completed logging off. I let the computer alone for over 7 hours and when I came back it still said Logging off. I eventually removed the battery, unmplugged it and forced a restart.

Since it did not complete step 2 completely, I don't know if I should proceed to step 3 or if the plan changes.

Here is the log from OTL:


All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Service vToolbarUpdater17.2.0 stopped successfully!
Service vToolbarUpdater17.2.0 deleted successfully!
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{3f842035-47f4-4f10-846b-6199b07f09b8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f842035-47f4-4f10-846b-6199b07f09b8}\ not found.
File C:\Program Files (x86)\KeyBar_2.3\prxtbKeyB.dll not found.
HKU\S-1-5-21-1291161175-1035773750-1270197159-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1291161175-1035773750-1270197159-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{3f842035-47f4-4f10-846b-6199b07f09b8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f842035-47f4-4f10-846b-6199b07f09b8}\ not found.
File C:\Program Files (x86)\KeyBar_2.3\prxtbKeyB.dll not found.
Registry key HKEY_USERS\S-1-5-21-1291161175-1035773750-1270197159-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1291161175-1035773750-1270197159-1001\Software\Microsoft\Internet Explorer\SearchScopes\{B175CEA6-6FEA-4D2A-BFFA-3A219E913143}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B175CEA6-6FEA-4D2A-BFFA-3A219E913143}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully.
File move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] deleted successfully.
File C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.2.0.38 not found.
Use Chrome's Settings page to change the HomePage.
File move failed. C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll scheduled to be moved on reboot.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\_locales\en folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\_locales folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\TBHostSupport folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\sl folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\lib\jquery.jscrollpane folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\lib\jquery.alerts\images folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\lib\jquery.alerts folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\lib folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\core folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\WEATHER folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\TWITTER folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\SEARCH folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\Optimizer folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\wa folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ui\menu\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ui\menu\img folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ui\menu\css folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ui\menu folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ui\gf\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ui\gf\img folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ui\gf\css folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ui\gf folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ui\dlg folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ui folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\sp\spsd\images folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\sp\spsd folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\sp\spbd\images folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\sp\spbd folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\sp\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\sp folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\options\js\resources folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\options\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\options\images folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\options\css folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\options folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\msd folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\api folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ac\res folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ac\img folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ac\css folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\ac folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\aboutBox\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\aboutBox\images folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al\aboutBox folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb\al folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\tb folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\Search\NewTabPages\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\Search\NewTabPages\img folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\Search\NewTabPages\html folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\Search\NewTabPages\css folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\Search\NewTabPages\API folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\Search\NewTabPages folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\Search\html folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\Search folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\plugins folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\nativeMessaging folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\mam\scripts\contentScripts folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\mam\scripts folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\mam folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\js\toolbarAPI folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\js\tabs\back folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\js\tabs folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\js\options folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\js\lib folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0 folder moved successfully.
File C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael\10.23.0.822_0\nativeMessaging\nmHost not found.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\zh_TW folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\zh_CN folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\tr folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\sr folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\sk folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\ru folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\pt_PT folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\pt_BR folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\pl folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\nl folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\ko folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\ja folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\it folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\id folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\hu folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\fr folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\es_419 folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\es folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\en folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\de folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\da folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales\cs folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\_locales folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\content\tabs folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\content\lib folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\content\js folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\content\icons\search_box folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\content\icons\dnt_disabled folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\content\icons folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\content\css folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0\content folder moved successfully.
C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.2.0.38_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f842035-47f4-4f10-846b-6199b07f09b8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f842035-47f4-4f10-846b-6199b07f09b8}\ not found.
File C:\Program Files (x86)\KeyBar_2.3\prxtbKeyB.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3f842035-47f4-4f10-846b-6199b07f09b8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f842035-47f4-4f10-846b-6199b07f09b8}\ not found.
File C:\Program Files (x86)\KeyBar_2.3\prxtbKeyB.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG SafeGuard toolbar\17.2.0.38\AVG SafeGuard toolbar_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll not found.
Registry value HKEY_USERS\S-1-5-21-1291161175-1035773750-1270197159-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3F842035-47F4-4F10-846B-6199B07F09B8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F842035-47F4-4F10-846B-6199B07F09B8}\ not found.
File C:\Program Files (x86)\KeyBar_2.3\prxtbKeyB.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
Invalid CLSID key: C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll not found.
C:\Users\Dave\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository folder moved successfully.
C:\Users\Dave\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images folder moved successfully.
C:\Users\Dave\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd folder moved successfully.
C:\Users\Dave\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images folder moved successfully.
C:\Users\Dave\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd folder moved successfully.
C:\Users\Dave\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib folder moved successfully.
C:\Users\Dave\AppData\Roaming\SearchProtect\ffprotect\Dialogs folder moved successfully.
C:\Users\Dave\AppData\Roaming\SearchProtect\ffprotect folder moved successfully.
C:\Users\Dave\AppData\Roaming\SearchProtect\Dialogs\spsd\images folder moved successfully.
C:\Users\Dave\AppData\Roaming\SearchProtect\Dialogs\spsd folder moved successfully.
C:\Users\Dave\AppData\Roaming\SearchProtect\Dialogs\spbd\images folder moved successfully.
C:\Users\Dave\AppData\Roaming\SearchProtect\Dialogs\spbd folder moved successfully.
C:\Users\Dave\AppData\Roaming\SearchProtect\Dialogs\lib folder moved successfully.
C:\Users\Dave\AppData\Roaming\SearchProtect\Dialogs folder moved successfully.
C:\Users\Dave\AppData\Roaming\SearchProtect\bin folder moved successfully.
C:\Users\Dave\AppData\Roaming\SearchProtect folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Dave
->Temp folder emptied: 3210580185 bytes
->Temporary Internet Files folder emptied: 602603280 bytes
->Google Chrome cache emptied: 323433447 bytes
->Flash cache emptied: 168690 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 84103 bytes
->Temporary Internet Files folder emptied: 467619 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Tim
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 806203168 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 7450520824 bytes

Total Files Cleaned = 11,820.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12302013_010826

Files\Folders moved on Reboot...
File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll not found!
File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll not found!
C:\Users\Dave\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#10
clubber

clubber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I did a quick test and I am now able to log off and log on without having to force the restart by removing the battery! This is great! I will still wait for confirmation before moving to step 3.
  • 0

Advertisements


#11
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,909 posts
Proceed. :)
  • 0

#12
clubber

clubber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
So my computer seemed to be working close to normally today, but when I came back tonight, the clock had reset to a date in 2009, and as when it has happened previously, the clock application froze when I tried to connect to internet time to update it. I then logged out. When I tried to log back in, it stalled and said "This is not a valid copy of Windows 2007" which is not the case.
  • 0

#13
clubber

clubber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I ran the AdwCleaner tool. On the scan, the window remained empty even though I let it run overnight. When I clicked clean, the program ran. During the reboot process, the user was logged off and the message "System is preparing to configure Windows. Do not turn off your computer." was displayed. It stayed in this state for over 30 minutes with no changes, so I did a hard reboot by removing the battery and unplugging the laptop. Here is the log:

# AdwCleaner v3.016 - Report created 31/12/2013 at 10:05:31
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Dave - DAVE-PC
# Running from : C:\Users\Dave\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Dave\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Dave\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Dave\AppData\Local\Conduit
Folder Deleted : C:\Users\Dave\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Dave\AppData\Local\PackageAware
Folder Deleted : C:\Users\Dave\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Dave\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dave\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Dave\AppData\Roaming\apn
Folder Deleted : C:\Users\Dave\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael
File Deleted : C:\END
File Deleted : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bnkkfcoajiakgkgooblnilgdgcimmael
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASUS_U_Series_Screensaver
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3313051
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16450


-\\ Google Chrome v

[ File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8796 octets] - [30/12/2013 13:08:23]
AdwCleaner[R1].txt - [8854 octets] - [30/12/2013 14:29:44]
AdwCleaner[R2].txt - [8914 octets] - [30/12/2013 16:20:10]
AdwCleaner[R3].txt - [8311 octets] - [31/12/2013 02:27:18]
AdwCleaner[S0].txt - [8252 octets] - [31/12/2013 10:05:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8312 octets] ##########
  • 0

#14
clubber

clubber

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Completed step 4

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Dave on Tue 12/31/2013 at 10:50:53.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mconduitinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\mconduitinstaller_RASMANCS



~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Dave\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Users\Dave\appdata\local\cre"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/31/2013 at 11:06:00.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by clubber, 31 December 2013 - 02:15 PM.

  • 0

#15
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,909 posts
Did you reset the Windows Update as mentioned in post#6?
Do you still have the "This is not a valid copy of Windows 2007" message?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP