Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

audio virus, redirected web searches, false warnings [Closed] [Solved]


  • This topic is locked This topic is locked

#1
audreymaye

audreymaye

    Member

  • Member
  • PipPip
  • 23 posts
My computer is infected with malware or a virus that Superantispyware, Avast Anti-virus, and AdFender cannot detect. I believe it to be the audio virus. I am not sure how it was acquired, although symptoms started soon after my son started playing on Minecraft servers and have continue for the past couple of weeks.

Audio clips play on the computer even when no windows are open and no programs are running. Many of these are commercials, but there are random sounds like cars honking. The sounds are frequent and unpredictable...sometimes playing consistently (several a couple a minute for hours) and sometimes not playing at all for an hour. Also, when we try to visit websites, the address we enter is sometimes redirected to a different page, or we see a screen that says the page cannot be displayed and there are a couple of ads for how to fix your computer. There are frequent ads saying our computer is about to crash and gives us a link to clink on to fix it. We have not clicked on those links.

Once a few days ago, while on this website, there was a "space ship" flying around the screen shooting asteroid-like bullets which bounced around all over the screen...then there was a message that scrolled across the screen that said "game over". Several times, our attempts to visit troubleshooting websites failed. We would receive the "this page will not load" message or the page would freeze.

I was unable to run OTL.exe or OTL.scr but was able to run OTL.com and the quick scan results are pasted below. Thanks so much for your help.

Audrey

OTL logfile created on: 12/29/2013 5:43:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Audrey\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 52.72% Memory free
7.21 Gb Paging File | 4.39 Gb Available in Paging File | 60.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 202.10 Gb Free Space | 79.52% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.81 Gb Free Space | 92.47% Space Free | Partition Type: NTFS
Drive F: | 291.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AUDREYS-PC | User Name: Audrey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/29 17:43:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Audrey\Downloads\OTL.com
PRC - [2013/12/26 23:36:25 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/26 23:36:25 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/18 14:47:02 | 000,486,264 | ---- | M] (Updater) -- C:\ProgramData\Updater\updater.exe
PRC - [2013/12/18 14:47:02 | 000,429,944 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
PRC - [2013/12/18 14:47:02 | 000,429,944 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
PRC - [2013/12/18 14:47:02 | 000,429,944 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
PRC - [2013/12/12 18:00:00 | 003,228,080 | ---- | M] (AdFender, Inc.) -- C:\Program Files (x86)\AdFender\AdFender.exe
PRC - [2013/12/11 11:42:36 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/12/01 21:24:27 | 000,066,336 | ---- | M] () -- C:\Program Files (x86)\BuzzSearch\bin\utilBuzzSearch.exe
PRC - [2013/11/19 12:22:02 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/11/11 08:33:28 | 001,002,368 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
PRC - [2013/10/21 06:56:48 | 000,252,248 | ---- | M] (Compete, Inc.) -- C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-ua.exe
PRC - [2013/07/17 09:20:18 | 000,345,904 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
PRC - [2013/06/26 13:59:36 | 007,342,080 | ---- | M] () -- C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/25 23:49:04 | 000,202,752 | ---- | M] () -- C:\Users\Audrey\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
PRC - [2012/08/10 17:06:44 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011/01/28 16:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/01/19 03:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
PRC - [2007/04/13 08:10:00 | 001,133,304 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2007/04/09 18:50:08 | 000,228,088 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2007/04/09 18:49:26 | 000,018,680 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2007/04/02 04:24:10 | 000,113,400 | ---- | M] () -- C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/11 11:42:35 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/11/29 11:56:34 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/11/19 12:22:00 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/11/11 08:33:28 | 001,002,368 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
MOD - [2013/07/17 09:20:18 | 000,345,904 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
MOD - [2013/07/17 09:19:46 | 000,528,896 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll
MOD - [2013/07/04 00:12:00 | 000,362,029 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\sqlite3.dll
MOD - [2013/06/26 13:59:36 | 007,342,080 | ---- | M] () -- C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
MOD - [2012/10/25 23:49:04 | 000,202,752 | ---- | M] () -- C:\Users\Audrey\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe
MOD - [2012/08/10 17:06:42 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2007/04/02 20:45:24 | 000,044,280 | ---- | M] () -- C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\apm.dll
MOD - [2007/04/02 04:24:10 | 000,113,400 | ---- | M] () -- C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe
MOD - [2007/03/29 15:38:18 | 000,068,344 | ---- | M] () -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/12/26 23:36:25 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/26 02:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/10 15:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/07/17 09:20:14 | 001,648,432 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/01 04:22:50 | 002,649,840 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV:64bit: - [2011/12/13 21:36:34 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/12/13 13:24:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013/12/11 11:42:36 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/05 18:30:04 | 000,040,448 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe -- (InternetUpdater)
SRV - [2013/12/02 21:26:44 | 000,106,296 | ---- | M] (ConsumerInput) [On_Demand | Stopped] -- C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe -- (consumerinput_updatem)
SRV - [2013/12/02 21:26:44 | 000,106,296 | ---- | M] (ConsumerInput) [Auto | Stopped] -- C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe -- (consumerinput_update)
SRV - [2013/12/01 21:24:27 | 000,066,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BuzzSearch\bin\utilBuzzSearch.exe -- (Util BuzzSearch)
SRV - [2013/11/19 12:22:00 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/07 16:28:10 | 000,066,336 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\BuzzSearch\updateBuzzSearch.exe -- (Update BuzzSearch)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/31 04:19:28 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/02 19:29:54 | 000,088,824 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/04/02 19:29:52 | 000,359,160 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/26 23:37:15 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2013/12/26 23:36:36 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/26 23:36:35 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/12/26 23:36:35 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/12/26 23:36:35 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/11/29 11:56:39 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/29 11:56:38 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/01 04:21:40 | 000,127,216 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\bckd.sys -- (bckd)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/10 17:21:20 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012/08/10 17:18:30 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012/08/10 17:18:30 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/13 14:02:22 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/13 12:42:00 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/28 20:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/28 20:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/10 02:01:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/28 16:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/10 12:43:40 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2010/11/28 12:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/24 11:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/30 01:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/09/21 15:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt)
DRV:64bit: - [2010/09/02 22:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/06/25 10:33:36 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/05/14 15:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/14 15:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/02/18 02:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/21 07:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/03/23 02:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/03/10 12:09:56 | 000,010,232 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLADResE.SYS -- (DLADResE)
DRV:64bit: - [2007/03/10 12:09:48 | 000,044,920 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLABMFSE.SYS -- (DLABMFSE)
DRV:64bit: - [2007/03/10 12:09:46 | 000,144,248 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS -- (DLAUDF_E)
DRV:64bit: - [2007/03/10 12:09:46 | 000,136,056 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS -- (DLAUDFAE)
DRV:64bit: - [2007/03/10 12:09:44 | 000,035,320 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS -- (DLAOPIOE)
DRV:64bit: - [2007/03/10 12:09:42 | 000,042,616 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLABOIOE.SYS -- (DLABOIOE)
DRV:64bit: - [2007/03/10 12:09:42 | 000,020,088 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAPoolE.SYS -- (DLAPoolE)
DRV:64bit: - [2007/03/10 12:09:40 | 000,146,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS -- (DLAIFS_E)
DRV:64bit: - [2007/03/09 14:18:24 | 000,123,992 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
DRV:64bit: - [2007/02/02 08:40:58 | 000,018,040 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DLACDBHE.SYS -- (DLACDBHE)
DRV:64bit: - [2007/02/02 08:40:56 | 000,041,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
DRV:64bit: - [2007/01/27 08:49:08 | 000,064,120 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis....q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis....q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.aartemis....q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files (x86)\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.aartemis....q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.searc...19891,0,25,6944
IE - HKCU\..\URLSearchHook: {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files (x86)\Minibar\Minibar.dll (KangoExtensions)
IE - HKCU\..\URLSearchHook: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files (x86)\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ng}&rlz=1I7LENN
IE - HKCU\..\SearchScopes\{8544CA2D-AEA9-4D10-ACD7-0A536AC2F833}: "URL" = http://search.yahoo....49,19890,0,25,0
IE - HKCU\..\SearchScopes\{B584D2D2-4B8E-4D13-8CA3-F0662FA68EF7}: "URL" = http://search.condui...4206989898&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3310511.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: "SweetPacks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: %7B97A78363-B868-4B48-AC91-A783A31215AF%7D:2.0.1
FF - prefs.js..extensions.enabledAddons: support%40searchdonkeyapp.com:2.6.4962872
FF - prefs.js..extensions.enabledAddons: support%40websteroidsapp.com:2.6.53
FF - prefs.js..extensions.enabledAddons: %7B94cd2cc3-083f-49ba-a218-4cda4b4829fd%7D:1.3.0.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.URL: "http://search.condui...010251&UM=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Audrey\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/26 23:36:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/05/10 08:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Audrey\AppData\Roaming\Mozilla\Extensions
[2013/12/27 14:08:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions
[2013/12/27 14:08:29 | 000,000,000 | ---D | M] (Value Apps) -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}
[2013/09/27 19:12:43 | 000,000,000 | ---D | M] (AppsHat) -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
[2013/12/01 21:22:03 | 000,000,000 | ---D | M] (SearchDonkey) -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\[email protected]
[2013/12/27 14:07:40 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\[email protected]
[2013/09/27 19:09:46 | 000,000,997 | ---- | M] () -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\searchplugins\conduit.xml
[2013/12/28 09:10:29 | 000,002,144 | ---- | M] () -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\searchplugins\MyStart Search.xml
[2013/11/26 10:41:32 | 000,003,726 | ---- | M] () -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\searchplugins\safeguard-secure-search.xml
[2013/11/19 12:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/19 12:22:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/26 23:36:38 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/06/26 18:35:51 | 000,003,726 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob\21.56092_0\
CHR - Extension: No name found = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.20.1.508_0\
CHR - Extension: Websteroids = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.49_0\
CHR - Extension: Websteroids = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\
CHR - Extension: Value apps = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.0.0_0\
CHR - Extension: No name found = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo\2.0.1_0\
CHR - Extension: No name found = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.0.1.12_0\
CHR - Extension: No name found = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (ValueApps) - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll (Conduit Ltd.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Websteroids) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (SweetPacks Toolbar) - {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files (x86)\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ValueApps) - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files (x86)\Conduit\ValueApps\IE\ValueAppsLoader.dll (Conduit Ltd.)
O2 - BHO: (MinibarBHO) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Minibar.dll (KangoExtensions)
O2 - BHO: (Consumer Input) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar) - {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files (x86)\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar) - {7E8A1050-CF67-4575-92DF-DCC60E7D952D} - C:\Program Files (x86)\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\19975bc2-7b65-4f28-913a-5305022680f7.exe (AVAST Software)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [AppsHat] C:\Users\Audrey\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe ()
O4 - HKCU..\Run: [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] C:\Users\Audrey\AppData\Roaming\ValueApps\CH\TBVerifier.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Audrey\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [iLivid] "C:\Users\Audrey\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKCU..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - Startup: C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O9 - Extra Button: Visit AppsHat.com - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\Minibar.dll (KangoExtensions)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.129.55.2 72.19.160.2 72.19.128.53 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66A037E6-798F-4BB9-930B-1A3921A13020}: DhcpNameServer = 66.129.55.2 72.19.160.2 72.19.128.53 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~2\movies~1\datamngr\mgrldr.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsemngr.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsermngr.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cltmngsvc.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta babylon.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta tb.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta2.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltainstaller.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltasetup.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltatb.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\iminentsetup.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\rjatydimofu.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\sweetimsetup.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsemngr.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsermngr.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\cltmngsvc.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta babylon.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta tb.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta2.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltainstaller.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltasetup.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\iminentsetup.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweetimsetup.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1997/10/07 04:40:50 | 000,000,271 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{82994bee-e343-11e1-bb27-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{82994bee-e343-11e1-bb27-806e6f6e6963}\Shell\AutoRun\command - "" = F:\RISK.EXE -- [1996/11/18 19:07:38 | 000,024,576 | R--- | M] ()
O33 - MountPoints2\{82994bee-e343-11e1-bb27-806e6f6e6963}\Shell\dxinstall\command - "" = F:\DIRECTX\DXSETUP.EXE -- [1996/09/13 10:00:16 | 000,037,888 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{82994bee-e343-11e1-bb27-806e6f6e6963}\Shell\help\command - "" = winhlp32.exe Help\risk.hlp
O33 - MountPoints2\{82994bee-e343-11e1-bb27-806e6f6e6963}\Shell\install\command - "" = F:\SETUP.EXE -- [1997/05/12 11:34:28 | 000,059,392 | R--- | M] (InstallShield Software Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/28 16:07:27 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Local\AdFender
[2013/12/28 16:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdFender
[2013/12/28 16:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AdFender
[2013/12/28 16:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AdFender
[2013/12/27 14:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\InternetUpdater
[2013/12/27 14:08:57 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Roaming\ValueApps
[2013/12/27 14:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/12/27 14:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids
[2013/12/27 14:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiseConvert
[2013/12/27 14:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WiseConvert
[2013/12/26 23:37:15 | 000,079,672 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys
[2013/12/14 13:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Risk
[2013/12/14 13:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasbro Interactive
[2013/12/11 18:49:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/12/02 21:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
[2013/12/02 21:28:13 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Roaming\Itibiti
[2013/12/02 21:27:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KNCTR
[2013/12/02 21:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Itibiti Soft Phone
[2013/12/02 21:26:46 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Local\Consumer Input
[2013/12/02 21:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Consumer Input
[2013/12/02 21:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
[2013/12/02 21:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2013/12/02 20:31:17 | 001,947,216 | ---- | C] (InstallX, LLC) -- C:\Users\Audrey\Desktop\secuity.exe
[2013/12/01 21:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchDonkey
[2013/12/01 14:49:16 | 002,673,664 | ---- | C] (Atheros Communications, Inc.) -- C:\windows\SysNative\drivers\athrx.sys
[2013/12/01 14:49:16 | 002,673,664 | ---- | C] (Atheros Communications, Inc.) -- C:\windows\SysNative\athrx.sys
[2013/12/01 14:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2013/12/01 14:48:40 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Roaming\InstallShield
[2013/12/01 14:41:54 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Atheros_L1e
[2013/12/01 14:40:55 | 000,000,000 | ---D | C] -- C:\Drivers
[2013/12/01 11:43:40 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Roaming\SUPERAntiSpyware.com
[2013/12/01 11:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/12/01 11:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/12/01 11:43:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/12/01 11:41:17 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Local\cache
[2013/12/01 11:41:12 | 000,000,000 | ---D | C] -- C:\Users\Audrey\Documents\Mobogenie
[2013/12/01 11:41:12 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Local\Mobogenie
[2013/12/01 11:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BuzzSearch
[2013/12/01 11:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[1 C:\Users\Audrey\Desktop\*.tmp files -> C:\Users\Audrey\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/29 19:30:00 | 000,000,378 | ---- | M] () -- C:\windows\tasks\CI_DCA_UA{C3717BD3-6AC2-4dcd-83DE-F865C33AC5D9}.job
[2013/12/29 19:30:00 | 000,000,362 | ---- | M] () -- C:\windows\tasks\CIMT_S-1-5-21-759974512-340368841-1058085160-1001.job
[2013/12/29 19:22:40 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/29 18:42:58 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/29 18:32:39 | 000,000,970 | ---- | M] () -- C:\windows\tasks\ConsumerInputUpdateTaskMachineUA.job
[2013/12/29 18:18:09 | 000,000,932 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-759974512-340368841-1058085160-1001UA.job
[2013/12/29 15:37:11 | 000,739,728 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/29 15:37:11 | 000,633,180 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/29 15:37:11 | 000,110,782 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/29 15:27:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/29 11:22:21 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/29 02:41:16 | 000,000,910 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-759974512-340368841-1058085160-1001Core.job
[2013/12/28 16:07:28 | 000,001,075 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk
[2013/12/28 09:20:24 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/28 09:20:24 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/28 09:10:14 | 000,000,416 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 startups.job
[2013/12/28 09:09:52 | 000,908,079 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013/12/28 09:09:51 | 000,000,966 | ---- | M] () -- C:\windows\tasks\ConsumerInputUpdateTaskMachineCore.job
[2013/12/28 09:08:17 | 2902,642,688 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/27 14:09:24 | 000,000,000 | ---- | M] () -- C:\END
[2013/12/26 23:37:17 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/26 23:37:15 | 000,079,672 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys
[2013/12/26 23:36:36 | 000,207,904 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/12/26 23:36:35 | 001,034,464 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/12/26 23:36:35 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/12/26 23:36:35 | 000,334,136 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/12/26 23:36:35 | 000,078,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/12/26 23:36:30 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/12/24 11:00:17 | 000,000,408 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 Scan.job
[2013/12/23 21:31:39 | 000,000,440 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro Updates.job
[2013/12/15 15:02:09 | 002,303,908 | ---- | M] () -- C:\Users\Audrey\Desktop\TechnicLauncher.exe
[2013/12/11 20:36:52 | 000,000,438 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro Idle.job
[2013/12/11 19:10:54 | 000,470,416 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/10 19:38:23 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/12/10 19:38:18 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/12/02 21:27:32 | 000,001,094 | ---- | M] () -- C:\Users\Audrey\Application Data\Microsoft\Internet Explorer\Quick Launch\KNCTR.lnk
[2013/12/02 21:27:32 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\KNCTR.lnk
[2013/12/02 21:26:29 | 000,000,922 | ---- | M] () -- C:\Users\Audrey\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2013/12/02 21:26:29 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\PC Optimizer Pro.lnk
[2013/12/02 21:24:33 | 001,947,216 | ---- | M] (InstallX, LLC) -- C:\Users\Audrey\Desktop\secuity.exe
[2013/12/01 12:38:42 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/01 12:38:42 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/01 12:38:32 | 000,002,279 | ---- | M] () -- C:\Users\Audrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/01 12:38:32 | 000,001,437 | ---- | M] () -- C:\Users\Audrey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/01 11:43:28 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/12/01 10:58:40 | 000,002,675 | ---- | M] () -- C:\Users\Audrey\Desktop\grumpy angel.jpg
[1 C:\Users\Audrey\Desktop\*.tmp files -> C:\Users\Audrey\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/28 16:07:28 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk
[2013/12/10 19:38:23 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/12/10 19:38:16 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/12/02 21:46:45 | 000,000,408 | ---- | C] () -- C:\windows\tasks\PC Optimizer Pro64 Scan.job
[2013/12/02 21:46:35 | 000,000,438 | ---- | C] () -- C:\windows\tasks\PC Optimizer Pro Idle.job
[2013/12/02 21:46:34 | 000,000,440 | ---- | C] () -- C:\windows\tasks\PC Optimizer Pro Updates.job
[2013/12/02 21:46:32 | 000,000,416 | ---- | C] () -- C:\windows\tasks\PC Optimizer Pro64 startups.job
[2013/12/02 21:33:26 | 000,000,378 | ---- | C] () -- C:\windows\tasks\CI_DCA_UA{C3717BD3-6AC2-4dcd-83DE-F865C33AC5D9}.job
[2013/12/02 21:28:58 | 000,000,362 | ---- | C] () -- C:\windows\tasks\CIMT_S-1-5-21-759974512-340368841-1058085160-1001.job
[2013/12/02 21:27:32 | 000,001,094 | ---- | C] () -- C:\Users\Audrey\Application Data\Microsoft\Internet Explorer\Quick Launch\KNCTR.lnk
[2013/12/02 21:27:32 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\KNCTR.lnk
[2013/12/02 21:27:03 | 000,000,970 | ---- | C] () -- C:\windows\tasks\ConsumerInputUpdateTaskMachineUA.job
[2013/12/02 21:26:58 | 000,000,966 | ---- | C] () -- C:\windows\tasks\ConsumerInputUpdateTaskMachineCore.job
[2013/12/02 21:26:29 | 000,000,922 | ---- | C] () -- C:\Users\Audrey\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2013/12/02 21:26:29 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\PC Optimizer Pro.lnk
[2013/12/01 14:49:16 | 000,403,563 | ---- | C] () -- C:\windows\SysNative\netathrx.inf
[2013/12/01 14:49:16 | 000,061,460 | ---- | C] () -- C:\windows\SysNative\athrextx.cat
[2013/12/01 11:43:28 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/12/01 10:58:37 | 000,002,675 | ---- | C] () -- C:\Users\Audrey\Desktop\grumpy angel.jpg
[2013/10/15 13:06:20 | 000,008,704 | ---- | C] () -- C:\Users\Audrey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/29 09:03:53 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/06/05 19:44:57 | 000,000,632 | RHS- | C] () -- C:\Users\Audrey\ntuser.pol
[2013/05/22 08:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/05/19 19:32:17 | 000,000,000 | ---- | C] () -- C:\windows\setup32.INI
[2013/05/11 14:57:50 | 000,000,372 | ---- | C] () -- C:\windows\wininit.ini
[2013/05/11 14:00:40 | 000,756,022 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/08/10 17:27:42 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2012/08/10 17:27:42 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2012/08/10 17:06:52 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012/08/10 17:06:51 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012/08/10 17:06:51 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012/08/10 17:06:51 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012/08/10 17:06:38 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012/08/10 16:45:32 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2012/08/10 16:45:32 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2012/08/10 16:31:44 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/08/10 16:27:49 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/29 11:05:03 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\.minecraft
[2013/12/15 15:01:59 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\.technic
[2013/09/29 20:00:48 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\0S1F1O2Z0S2Y1H1T
[2013/05/12 06:19:17 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\Auslogics
[2013/11/29 12:36:43 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\AVAST Software
[2013/12/02 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\Itibiti
[2013/08/05 10:07:09 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\Leadertech
[2013/09/27 19:11:38 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\SearchProtect
[2013/09/27 19:33:41 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\TFP
[2013/05/20 15:59:46 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\The Learning Company
[2013/12/27 14:08:57 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\ValueApps

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Documents\Youcam:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Documents\Picture of me 2.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Documents\Mobogenie:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\VisualBoyAdvance-1.8.0-beta3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\VisualBoyAdvance-1.8.0-beta3.zip:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\The dropper BY BIGRE.zip:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\suffering.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\schedule play.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\New folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\aspen and me.jpg:Roxio EMC Stream

< End of report >
  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.

  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.

  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!


Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:


Hello :) There should be a second log called Extras.txt that was created in your initial OTL run. It will be located in the same place you ran OTL from, in this case: C:\Users\Audrey\Downloads

I'll begin working on a fix for your computer for approval by my instructor, and we'll get this taken care of. :) :thumbsup:

Things I need to see in your next post

Extras.txt Log

  • 0

#3
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello Audrey :) Please run a scan with aswMBR and post it along with the Extras.txt log. Instructions on how to do so are below.


  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Posted Image

  • Click the Scan button to begin the scan.

Posted Image

  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit


Things I need to see in your next post:

Extras.txt log

aswMBR Log

  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello Audrey :), We've got a lot of work to do, so let's get started.


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Registry Cleaner Warning

There were signs of multiple programs that are either currently or have been previously installed on your computer that contain registry cleaners. One such program I see evidence of on your computer is PC Optimizer Pro. A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable. At Geeks to Go we strongly advise that people stay away from any of the registry cleaners out there. Go here to get more information about why registry cleaners aren't needed. Technet blog also discusses this issue as well as Ed Bott.




Step 1: Chrome Extensions Uninstalls

There are some extensions in Chrome that need to be removed, please follow the instructions below to remove them.

Start Chrome and type this into the address bar: chrome:extensions

This will display a page of all the installed extensions. Please remove the extensions in the list below by clicking the trash can icon beside each one.

If one of the extensions I've asked you to remove is not listed, don't worry about it. Just move on to the next one in the list. :)


Extensions to Remove

Websteroids

Value Apps



Step 2: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
SRV - [2013/05/31 04:19:28 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV:64bit: - [2013/07/17 09:20:14 | 001,648,432 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV - [2013/12/05 18:30:04 | 000,040,448 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe -- (InternetUpdater)
SRV - [2013/12/01 21:24:27 | 000,066,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BuzzSearch\bin\utilBuzzSearch.exe -- (Util BuzzSearch)
SRV - [2013/11/07 16:28:10 | 000,066,336 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\BuzzSearch\updateBuzzSearch.exe -- (Update BuzzSearch)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis....q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis....q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.aartemis....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.aartemis....q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.aartemis....q={searchTerms}
IE - HKLM\..\URLSearchHook: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files (x86)\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.aartemis....q={searchTerms}
IE - HKCU\..\URLSearchHook: {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files (x86)\Minibar\Minibar.dll (KangoExtensions)
IE - HKCU\..\URLSearchHook: {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files (x86)\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes\{B584D2D2-4B8E-4D13-8CA3-F0662FA68EF7}: "URL" = http://search.condui...4206989898&UM=2
FF - prefs.js..browser.search.defaultthis.engineName: "SweetPacks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: support%40searchdonkeyapp.com:2.6.4962872
FF - prefs.js..extensions.enabledAddons: support%40websteroidsapp.com:2.6.53
FF - prefs.js..keyword.URL: "http://search.condui...010251&UM=2&q="
[2013/12/27 14:08:29 | 000,000,000 | ---D | M] (Value Apps) -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}
[2013/09/27 19:12:43 | 000,000,000 | ---D | M] (AppsHat) -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}
[2013/12/01 21:22:03 | 000,000,000 | ---D | M] (SearchDonkey) -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\[email protected]
[2013/12/27 14:07:40 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\[email protected]
[2013/09/27 19:09:46 | 000,000,997 | ---- | M] () -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\searchplugins\conduit.xml
[2013/12/28 09:10:29 | 000,002,144 | ---- | M] () -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\searchplugins\MyStart Search.xml
O2:64bit: - BHO: (ValueApps) - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll (Conduit Ltd.)
O2 - BHO: (Websteroids) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)
O2 - BHO: (SweetPacks Toolbar) - {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files (x86)\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
O2 - BHO: (ValueApps) - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files (x86)\Conduit\ValueApps\IE\ValueAppsLoader.dll (Conduit Ltd.)
O2 - BHO: (MinibarBHO) - {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Minibar.dll (KangoExtensions)
O2 - BHO: (Consumer Input) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll (Compete, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar) - {7e8a1050-cf67-4575-92df-dcc60e7d952d} - C:\Program Files (x86)\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar) - {7E8A1050-CF67-4575-92DF-DCC60E7D952D} - C:\Program Files (x86)\SweetPacks\prxtbSwee.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKCU..\Run: [AppsHat] C:\Users\Audrey\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe ()
O4 - HKCU..\Run: [ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon] C:\Users\Audrey\AppData\Roaming\ValueApps\CH\TBVerifier.dll (Conduit Ltd.)
O4 - HKCU..\Run: [iLivid] "C:\Users\Audrey\AppData\Local\iLivid\iLivid.exe" -autorun File not found
O4 - Startup: C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O9 - Extra Button: Visit AppsHat.com - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\Minibar.dll (KangoExtensions)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll) - File not found
O20 - AppInit_DLLs: (c:\progra~2\movies~1\datamngr\mgrldr.dll) - File not found
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsemngr.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browsermngr.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cltmngsvc.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta babylon.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta tb.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\delta2.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltainstaller.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltasetup.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltatb.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\iminentsetup.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\rjatydimofu.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\sweetimsetup.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\windows\SysNative\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bitguard.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bprotect.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsemngr.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserdefender.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browsermngr.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\browserprotect.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\bundlesweetimsetup.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\cltmngsvc.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta babylon.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta tb.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\delta2.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltainstaller.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltasetup.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\iminentsetup.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\sweetimsetup.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O27 - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - C:\windows\SysWow64\tasklist.exe (Microsoft Corporation)
O32 - AutoRun File - [1997/10/07 04:40:50 | 000,000,271 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{82994bee-e343-11e1-bb27-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{82994bee-e343-11e1-bb27-806e6f6e6963}\Shell\AutoRun\command - "" = F:\RISK.EXE -- [1996/11/18 19:07:38 | 000,024,576 | R--- | M] ()
O33 - MountPoints2\{82994bee-e343-11e1-bb27-806e6f6e6963}\Shell\install\command - "" = F:\SETUP.EXE -- [1997/05/12 11:34:28 | 000,059,392 | R--- | M] (InstallShield Software Corporation)
[2013/12/27 14:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\InternetUpdater
[2013/12/27 14:08:57 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Roaming\ValueApps
[2013/12/27 14:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/12/27 14:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids
[2013/12/27 14:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiseConvert
[2013/12/27 14:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WiseConvert
[2013/12/02 21:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Optimizer Pro
[2013/12/02 21:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
[2013/12/02 21:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\PC Optimizer Pro
[2013/12/01 21:22:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchDonkey
[2013/12/02 20:31:17 | 001,947,216 | ---- | C] (InstallX, LLC) -- C:\Users\Audrey\Desktop\secuity.exe
[2013/12/01 11:41:12 | 000,000,000 | ---D | C] -- C:\Users\Audrey\Documents\Mobogenie
[2013/12/01 11:41:12 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Local\Mobogenie
[2013/12/01 11:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BuzzSearch
[2013/12/01 11:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobogenie
[2013/12/28 09:10:14 | 000,000,416 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 startups.job
[2013/12/27 14:09:24 | 000,000,000 | ---- | M] () -- C:\END
[2013/12/24 11:00:17 | 000,000,408 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro64 Scan.job
[2013/12/23 21:31:39 | 000,000,440 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro Updates.job
[2013/12/11 20:36:52 | 000,000,438 | ---- | M] () -- C:\windows\tasks\PC Optimizer Pro Idle.job
[2013/12/02 21:26:29 | 000,000,922 | ---- | M] () -- C:\Users\Audrey\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk
[2013/12/02 21:26:29 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\PC Optimizer Pro.lnk
[2013/08/05 10:07:09 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\Leadertech
[2013/09/27 19:11:38 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\SearchProtect
[2013/12/27 14:08:57 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\ValueApps
[2013/09/29 20:00:48 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\0S1F1O2Z0S2Y1H1T
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Documents\Mobogenie:Roxio EMC Stream

:Files
C:\Program Files (x86)\Minibar
C:\Program Files (x86)\SweetPacks
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\BuzzSearch
C:\ProgramData\InternetUpdater
C:\Windows\SysNative\dmwu.exe
C:\Windows\SysWOW64\jmdp
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c


:Commands
[emptytemp]
[resethosts]



  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.



Step 3: TDSSKiller


Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Put a checkmark beside loaded modules.

    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Posted Image

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



Step 4: OTL Quick Scan


  • Start OTL and this time click the Quick Scan button
  • OTL will scan your system and produce one log when finished.
  • Please post that log in your next reply.


Things I need to see in your next post:

  • OTL Fix Log
  • TDSSKiller Log
  • OTL Quick Scan Log
  • aswMBR Log
  • Extras.txt Log
  • How is the machine running now?

  • 0

#5
audreymaye

audreymaye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Here are the logs you requested:

OTL Extras logfile created on: 12/29/2013 5:43:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Audrey\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 52.72% Memory free
7.21 Gb Paging File | 4.39 Gb Available in Paging File | 60.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 202.10 Gb Free Space | 79.52% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.81 Gb Free Space | 92.47% Space Free | Partition Type: NTFS
Drive F: | 291.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AUDREYS-PC | User Name: Audrey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B79EC27-23C7-40BA-B0C1-2188848E973F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{16240CFB-1D54-49DB-8B94-5AE2C93D651D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{1E2E3B96-BA5E-4D2F-B93C-766A44053622}" = lport=139 | protocol=6 | dir=in | app=system |
"{2D816BFF-82BF-496E-A9B8-25F5F399169F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FB8D632-761B-46F2-A5E0-5A0FBFC73398}" = lport=445 | protocol=6 | dir=in | app=system |
"{35751614-3D4E-4D6A-9E7D-04B2A955A1B1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{35E5B7B8-F77B-4313-A367-F3A007378DD1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{37CF6D80-FB1C-4267-8AD7-03BAF17B1A03}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3A890697-CC11-4064-9AA1-41D5535D6977}" = rport=138 | protocol=17 | dir=out | app=system |
"{40E0FDFD-6B73-4C1D-9F56-DC23401CCFDB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{45AA5EBC-5F58-4374-8A79-EC74B02091D3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{47FC0274-18D1-4C04-BCA7-839CFF0DF285}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{559D6A0B-860A-463E-895C-5C80BA68EE4E}" = rport=137 | protocol=17 | dir=out | app=system |
"{676895BD-B8F9-462A-972B-7B8B7796B9FF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6A8D40F2-BA5D-4C65-A76F-4349F4C01F42}" = rport=2869 | protocol=6 | dir=out | app=system |
"{6B860EA3-8F62-4BA5-A560-5FBEEAA58AE8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7079DFE3-2BED-436D-B784-91674668C3D4}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{72263641-B3E5-42C7-91E8-A7727100DA50}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75947C15-10FB-4A68-8A06-819442DAC98E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{76B999CB-C4BC-4845-A9C0-8AAE4B9E5565}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{774C6693-E6D6-459D-B8A5-E2C47282A221}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7BB34CFC-E0BB-4C39-B1E5-4B600D5302FC}" = lport=137 | protocol=17 | dir=in | app=system |
"{8278C144-2B2F-411D-8AB6-E5E008AE4A1A}" = rport=139 | protocol=6 | dir=out | app=system |
"{9E5D9FEC-472D-4A67-B0C0-F147DE94DE93}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B31D574B-C3C1-4977-BFA9-7ABA1C5B62A0}" = lport=138 | protocol=17 | dir=in | app=system |
"{BDCE6DFC-2A96-4032-92AC-0587C62E8602}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C3690005-6010-43C8-8C50-F6D2480D651F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDD43745-6A27-473F-9A5C-A1408349922E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF750DAA-0B57-418C-9788-2C6953670DDB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E857B59B-2C67-40D9-9AF2-0AE0ECB40128}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F0606A45-A72F-41F7-9678-990CBCA02B99}" = rport=445 | protocol=6 | dir=out | app=system |
"{F795E148-A8A3-4BA1-AA82-84BFDFD4C330}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B76851-B1B6-4590-AA45-31AB5B3B949C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0A7C9CC8-A883-4CD3-9C01-CB5F7F9DE3A9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0D0CE9D4-F54E-4611-9B17-84541DCB758C}" = dir=in | app=c:\users\audrey\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{1EB838AE-44B4-4A54-A96E-D05C8977AC7A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{23636636-D51B-443D-8C51-29843A32B0D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24E1A71A-C534-45F9-837E-0096F7DF3289}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2C34550A-3F4E-49FE-9C1C-D08E9DBD461B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39DB4BC5-9FCE-4628-B57F-23831CD43F94}" = protocol=58 | dir=in | [email protected],-28545 |
"{3EAE4341-B2A6-4A48-8E6C-22380D912698}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40CC90A6-CF9D-4DA4-BCFE-5978B6A6AAEA}" = protocol=58 | dir=out | [email protected],-28546 |
"{4BCE8FEE-7D37-48A8-BD86-AF619D055C55}" = protocol=6 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"{50B6489A-60ED-4E9E-9E79-8B19C83AC7F7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{559FA4DE-BB48-4D87-B63F-D9E795C84DE9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{582B2C7F-DEDE-40B5-84D7-16B0AA7E1B2B}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{6126208A-B743-4370-9BAF-EE525CFA14A4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AA0E1FE-9AAD-467A-9F4A-9DC283AF9F83}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{6D04547C-4C99-47B6-B97A-182BDC2A5D8C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7449BC7A-0D10-4105-B299-A5C7393BB273}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{76CBAA2D-11EE-4DDF-B3AE-8D84E230F981}" = protocol=58 | dir=in | [email protected],-148 |
"{7A5585BA-5CF7-4EF7-BEE3-CA999C39C946}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8473677B-D511-43F3-B32F-7BDDDFBDF764}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{8530FD0B-9053-43C5-8BBD-BF5326395516}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{860165FB-7A00-4805-8A07-C4711191F7C1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9160DB6F-C7ED-410A-8321-2088CB7211DF}" = protocol=6 | dir=out | app=system |
"{9596B77C-4CBF-416B-A634-8505FF1C8345}" = protocol=1 | dir=in | [email protected],-28543 |
"{9CB2297A-E149-4B67-A09C-C16C21E2C58B}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{9F846544-C6AD-4274-AB3F-F0A8B6C122DE}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{ADB110C5-4470-4C0A-9735-35E7423E5ECA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B375D7C9-EAC0-4837-A057-CDCEE6EE13D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BD20A46C-90F0-4C50-96A1-D8CD5E47CDC4}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{D00641E2-9471-4A5E-8241-0867A079CEFC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D61AEB19-7976-4939-BC8A-6A6BE7197781}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{E11A6819-B239-4134-93F3-7B5494688A08}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EE9EC359-7E7A-4077-871C-E382C6201AE4}" = protocol=1 | dir=out | [email protected],-28544 |
"{EF2CF477-C75E-4D06-9B94-63E824A69269}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F646EB27-2B97-4504-86FD-37EEE9D315E3}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{FD1CADC4-E624-4E30-9D90-DE6C57D2EA06}" = protocol=17 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"TCP Query User{7FA0A68C-3643-4DDC-8DD7-911AC996620F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{99B0C368-976B-4F1A-8949-222243836453}C:\program files (x86)\itibiti soft phone\itibiti.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |
"TCP Query User{9A318A1D-108F-4326-8773-00CCFFEAFC9A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{179E7FE4-35BD-465E-B367-12AD344EFA9E}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{65B34E29-F4F5-4FB5-9230-D244ADED1FF7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{9E59A655-2C47-4AEC-9A02-08C60862D7E3}C:\program files (x86)\itibiti soft phone\itibiti.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itibiti soft phone\itibiti.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E835071-48BE-9675-FB11-7D50E8EB3D3A}" = ATI AVIVO64 Codecs
"{2DC83DF1-1B35-4C9D-D66B-CF6D0B7887C3}" = ATI Catalyst Install Manager
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{52F51217-D264-4255-A5B2-9001FE74C83D}" = AMD Fuel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{713B7949-7E9A-B785-265E-4F21FBBB66B1}" = AMD Media Foundation Decoders
"{728A5D70-010C-C4A1-DF10-402F87A4C8AE}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AAE78E39-FAAF-4C19-A63E-BDED7428FDE1}" = Roxio Drag-to-Disc
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Blue Coat K9 Web Protection" = Blue Coat K9 Web Protection
"BuzzSearch" = BuzzSearch 2013.11.07.232809
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MyPC Backup" = MyPC Backup
"PC Optimizer Pro" = PC Optimizer Pro
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{02034A48-25C6-4BB4-8186-54917E5D49DA}" = SpongeBob SquarePants - Lights, Camera, Pants!
"{02A1EB82-A9BF-7C5D-F4BA-324455A11BA8}" = CCC Help Thai
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio RecordNow Tools
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio RecordNow Data
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{14942D19-0935-C595-6A97-C4F898D0364E}" = CCC Help German
"{17CE3477-0698-7D4C-34CC-A1432A04CC56}" = Catalyst Control Center Localization All
"{2244AC16-30B0-4144-4666-227B21426777}" = CCC Help Hungarian
"{253D8051-853F-CC6B-B069-00E083839797}" = CCC Help Korean
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28F9CB51-2F81-40BF-9545-6FD1FCB1AC44}" = Risk II
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2C212592-B450-56C2-29BA-8EB9AECC42EB}" = CCC Help Dutch
"{30C804F3-5D5D-48BD-5592-A65812D2D7F5}" = AMD VISION Engine Control Center
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{4033C622-B359-43B7-8BBE-9448B95FAE47}" = Catalyst Control Center - Branding
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42D989B1-CF22-7387-34A6-C8BFB89B620C}" = CCC Help Japanese
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{54E6C643-1CBF-DC7B-A1F6-02A403739C7B}" = CCC Help Finnish
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5C6ABEC5-2BD2-D66E-6D11-DAB731903FAE}" = CCC Help Swedish
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5EDBAF49-F4BA-0A9A-5811-5F21928B51D8}" = CCC Help Chinese Traditional
"{5FAE5584-D713-6F1D-87A1-68769D815ABD}" = Catalyst Control Center Graphics Previews Common
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio RecordNow Copy
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{67A070AE-F3AE-4454-8F94-787435FCD98A}" = Scooby-Doo!™
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6DB479D4-D255-AC9B-1110-037936D11F90}" = CCC Help Czech
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{7827ACCF-F5C8-48D7-FC85-6B886673FE4C}" = CCC Help Portuguese
"{7BE3B2B1-2F59-7311-C5E9-CACDCDBCC634}" = CCC Help French
"{7D6A3862-955E-7C7C-A25F-F2181A7FBF2F}" = CCC Help Norwegian
"{83D79907-A99A-9698-2A32-655C4E0F0662}" = Catalyst Control Center Profiles Mobile
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio RecordNow Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio BDAV Plugin
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio Easy Media Creator 9 Suite
"{9532B6B4-B009-43A2-FB4A-5DE96F6A0A19}" = CCC Help Spanish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7964C94-DD95-9334-7C2C-8077F9DDD334}" = CCC Help Russian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Consumer Input Update Helper
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Roxio Media Experience
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{B04E84B4-F6AF-BF1B-F637-0ECB2846DF7C}" = CCC Help Chinese Standard
"{B1050C12-3A01-C85C-ED8E-62E69EC32897}" = CCC Help English
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B6787AEE-4C87-1B72-1B5C-3CE00F57DA67}" = CCC Help Greek
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator 9 Home
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater
"{DC51DF4F-72C2-06D6-BE96-61DA7307B1F1}" = CCC Help Polish
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{ECB6FA70-0706-42EF-D1A4-1628F4A53711}" = CCC Help Turkish
"{EE25612E-3C71-2BB8-6E23-02B0A5AAC75B}" = CCC Help Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F143178E-50A9-455C-B4EF-AA79B3A44EBC}" = Crazy Machines Gold Edition
"{F17D4B1A-14BF-0157-B525-EC62BF4AAA80}" = Catalyst Control Center InstallProxy
"{F69E8629-BEB8-93ED-0101-6AC2B7533F38}" = CCC Help Italian
"7-Zip 9.20" = 7-Zip 9.20
"AdFender" = AdFender
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"avast" = avast! Free Antivirus
"Consumer Input Installer" = Consumer Input (remove only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FilesFrog Update Checker" = FilesFrog Update Checker
"Google Chrome" = Google Chrome
"IECT3310511" = SweetPacks Toolbar for IE
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InternetUpdater" = Internet Updater
"Itibiti_is1" = KNCTR
"Lenovo Games Console" = Lenovo Games Console
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.94
"Risk" = Risk
"Scooby-Doo™, Case File #2 The Scary Stone Dragon" = Scooby-Doo™, Case File #2 The Scary Stone Dragon
"Scooby-Doo™, Phantom of the Knight™" = Scooby-Doo™, Phantom of the Knight™
"SearchProtect" = Search Protect by conduit
"SpongeBob SquarePants Employee of the Month" = SpongeBob SquarePants Employee of the Month
"The Sacred Rings_is1" = The Sacred Rings
"VeriFace" = VeriFace
"Websteroids" = Websteroids
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"WiseConvert" = WiseConvert
"WNLT" = IB Updater Service

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AppsHat Mobile Apps" = AppsHat Mobile Apps
"ROM Manager Packages" = ROM Manager Packages
"ValueApps" = ValueApps

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/18/2013 1:32:58 PM | Computer Name = Audreys-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 12/18/2013 2:22:01 PM | Computer Name = Audreys-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 12/18/2013 3:28:46 PM | Computer Name = Audreys-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 12/18/2013 5:02:04 PM | Computer Name = Audreys-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 12/18/2013 5:22:01 PM | Computer Name = Audreys-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 12/18/2013 10:45:12 PM | Computer Name = Audreys-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 12/18/2013 11:22:01 PM | Computer Name = Audreys-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 12/19/2013 11:18:09 AM | Computer Name = Audreys-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 12/19/2013 11:23:16 AM | Computer Name = Audreys-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 12/19/2013 1:33:00 PM | Computer Name = Audreys-PC | Source = MsiInstaller | ID = 11316
Description =

Error - 12/19/2013 2:22:03 PM | Computer Name = Audreys-PC | Source = MsiInstaller | ID = 11316
Description =

[ Media Center Events ]
Error - 7/25/2013 7:05:36 PM | Computer Name = Audreys-PC | Source = MCUpdate | ID = 0
Description = 5:04:36 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 404: The requested URL does not exist on the server. )

Error - 10/6/2013 11:16:48 PM | Computer Name = Audreys-PC | Source = MCUpdate | ID = 0
Description = 9:16:48 PM - Error connecting to the internet. 9:16:48 PM - Unable
to contact server..

Error - 10/6/2013 11:17:17 PM | Computer Name = Audreys-PC | Source = MCUpdate | ID = 0
Description = 9:16:56 PM - Error connecting to the internet. 9:16:56 PM - Unable
to contact server..

Error - 10/7/2013 10:48:41 PM | Computer Name = Audreys-PC | Source = MCUpdate | ID = 0
Description = 8:48:41 PM - Failed to retrieve MCEClientUX (Error: The underlying
connection was closed: Could not establish trust relationship for the SSL/TLS secure
channel.)

Error - 12/1/2013 3:47:15 PM | Computer Name = Audreys-PC | Source = MCUpdate | ID = 0
Description = 12:46:00 PM - Error connecting to the internet. 12:46:03 PM - Unable
to contact server..

[ OSession Events ]
Error - 10/16/2013 1:00:56 PM | Computer Name = Audreys-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 3455 seconds with 1380 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 12/28/2013 12:16:31 PM | Computer Name = Audreys-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 12/28/2013 12:17:02 PM | Computer Name = Audreys-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.
extras.txt....



Error - 12/28/2013 12:17:32 PM | Computer Name = Audreys-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 12/29/2013 4:26:09 PM | Computer Name = Audreys-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 12/29/2013 4:27:58 PM | Computer Name = Audreys-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 12/29/2013 6:55:39 PM | Computer Name = Audreys-PC | Source = DCOM | ID = 10010
Description =

Error - 12/29/2013 7:13:12 PM | Computer Name = Audreys-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 12/29/2013 7:16:44 PM | Computer Name = Audreys-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 12/29/2013 7:28:48 PM | Computer Name = Audreys-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Error Reporting Service service to connect.

Error - 12/29/2013 7:54:08 PM | Computer Name = Audreys-PC | Source = DCOM | ID = 10010
Description =


< End of report >

***********************************************************************************************




aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-31 16:29:24
-----------------------------
16:29:24.167 OS Version: Windows x64 6.1.7601 Service Pack 1
16:29:24.167 Number of processors: 2 586 0x200
16:29:24.213 ComputerName: AUDREYS-PC UserName: Audrey
16:30:11.042 Initialize success
16:30:16.187 AVAST engine defs: 13123101
16:30:30.124 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
16:30:30.129 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 11
16:30:30.247 Disk 0 MBR read successfully
16:30:30.253 Disk 0 MBR scan
16:30:30.262 Disk 0 Windows 7 default MBR code
16:30:30.282 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
16:30:30.297 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 260243 MB offset 411648
16:30:30.308 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 533389312
16:30:30.349 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 594198528
16:30:30.383 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 533391360
16:30:30.443 Disk 0 scanning C:\windows\system32\drivers
16:30:48.694 Service scanning
16:31:29.156 Modules scanning
16:31:29.180 Disk 0 trace - called modules:
16:31:29.212 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
16:31:29.225 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003f6a060]
16:31:29.240 3 CLASSPNP.SYS[fffff8800146543f] -> nt!IofCallDriver -> [0xfffffa8003c12040]
16:31:29.255 5 amd_xata.sys[fffff8800109a7a8] -> nt!IofCallDriver -> [0xfffffa8003c11830]
16:31:29.267 7 ACPI.sys[fffff88000f857a1] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa8003c0e060]
16:31:32.623 AVAST engine scan C:\windows
16:31:35.690 AVAST engine scan C:\windows\system32
16:37:51.410 AVAST engine scan C:\windows\system32\drivers
16:38:31.994 AVAST engine scan C:\Users\Audrey
16:43:43.627 Disk 0 MBR has been saved successfully to "C:\Users\Audrey\Desktop\MBR.dat"
16:43:43.711 The log file has been saved successfully to "C:\Users\Audrey\Desktop\aswMBR.txt"
  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Ok, thank you :) Please proceed with the steps in Post #4 and post the logs when completed. :thumbsup:
  • 0

#7
audreymaye

audreymaye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I am on step two....the OTL fix log. I ran the fix, rebooted the computer and waited for the log to open afterwards that you mentioned. But it did not. The otl downnload is gone because the download folder is now empty. How can I access that log so that I can send it to you?
  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I am on step two....the OTL fix log. I ran the fix, rebooted the computer and waited for the log to open afterwards that you mentioned. But it did not. The otl downnload is gone because the download folder is now empty. How can I access that log so that I can send it to you?


No worries :) You can find a copy of the log at this location: C:\_OTL\MovedFiles. But you will need to download OTL again, as we will need it again, but make sure you download it to your desktop. :thumbsup:

Please download a fresh copy of OTL to your desktop by clicking here.
  • 0

#9
audreymaye

audreymaye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Okay, here is the log for you.... Thanks

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service BackupStack stopped successfully!
Service BackupStack deleted successfully!
C:\Program Files (x86)\MyPC Backup\BackupStack.exe moved successfully.
Service IBUpdaterService stopped successfully!
Service IBUpdaterService deleted successfully!
C:\Windows\SysNative\dmwu.exe moved successfully.
Service InternetUpdater stopped successfully!
Service InternetUpdater deleted successfully!
C:\ProgramData\InternetUpdater\InternetUpdaterService.exe moved successfully.
Error: Unable to stop service Util BuzzSearch!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util BuzzSearch deleted successfully.
C:\Program Files (x86)\BuzzSearch\bin\utilBuzzSearch.exe moved successfully.
Service Update BuzzSearch stopped successfully!
Service Update BuzzSearch deleted successfully!
C:\Program Files (x86)\BuzzSearch\updateBuzzSearch.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7e8a1050-cf67-4575-92df-dcc60e7d952d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\ deleted successfully.
C:\Program Files (x86)\SweetPacks\prxtbSwee.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{539F76FD-084E-4858-86D5-62F02F54AE86} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}\ deleted successfully.
C:\Program Files (x86)\Minibar\Minibar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7e8a1050-cf67-4575-92df-dcc60e7d952d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\ not found.
File C:\Program Files (x86)\SweetPacks\prxtbSwee.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B584D2D2-4B8E-4D13-8CA3-F0662FA68EF7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B584D2D2-4B8E-4D13-8CA3-F0662FA68EF7}\ not found.
Prefs.js: "SweetPacks Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: false removed from browser.search.update
Prefs.js: support%40searchdonkeyapp.com:2.6.4962872 removed from extensions.enabledAddons
Prefs.js: support%40websteroidsapp.com:2.6.53 removed from extensions.enabledAddons
Prefs.js: "http://search.condui...010251&UM=2&q=" removed from keyword.URL
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}\META-INF folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}\components folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}\chrome\content folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}\chrome folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd} folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}\plugins folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}\chrome\content\minibar folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}\chrome\content\kango-ui\theme\bubble folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}\chrome\content\kango-ui\theme folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}\chrome\content\kango-ui folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}\chrome\content\kango folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}\chrome\content\icons folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}\chrome\content folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF}\chrome folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\{97A78363-B868-4B48-AC91-A783A31215AF} folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\[email protected] folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions\[email protected] folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\searchplugins\conduit.xml moved successfully.
C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\searchplugins\MyStart Search.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346}\ deleted successfully.
C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}\ deleted successfully.
C:\ProgramData\Websteroids\IE\common.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\ not found.
File C:\Program Files (x86)\SweetPacks\prxtbSwee.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346}\ deleted successfully.
C:\Program Files (x86)\Conduit\ValueApps\IE\ValueAppsLoader.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA74D58F-ACD0-450D-A85E-6C04B171C044}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}\ deleted successfully.
File C:\Program Files (x86)\Minibar\Minibar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ deleted successfully.
C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e8a1050-cf67-4575-92df-dcc60e7d952d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e8a1050-cf67-4575-92df-dcc60e7d952d}\ not found.
File C:\Program Files (x86)\SweetPacks\prxtbSwee.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7E8A1050-CF67-4575-92DF-DCC60E7D952D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E8A1050-CF67-4575-92DF-DCC60E7D952D}\ not found.
File C:\Program Files (x86)\SweetPacks\prxtbSwee.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Updater deleted successfully.
C:\ProgramData\Updater\updater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AppsHat deleted successfully.
C:\Users\Audrey\AppData\Local\WebPlayer\AppsHat\WebPlayer.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ConduitFloatingPlugin_lcnnhcneegeeojhgpfijnlnocjdmlaon not found.
C:\Users\Audrey\AppData\Roaming\ValueApps\CH\TBVerifier.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iLivid deleted successfully.
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}\ deleted successfully.
File C:\Program Files (x86)\Minibar\Minibar.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\MOVIES~1\Datamngr\x64\mgrldr.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\movies~1\datamngr\mgrldr.dll deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe\ deleted successfully.
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe\ not found.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
File move failed. F:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82994bee-e343-11e1-bb27-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82994bee-e343-11e1-bb27-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82994bee-e343-11e1-bb27-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82994bee-e343-11e1-bb27-806e6f6e6963}\ not found.
File move failed. F:\RISK.EXE scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82994bee-e343-11e1-bb27-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82994bee-e343-11e1-bb27-806e6f6e6963}\ not found.
File move failed. F:\SETUP.EXE scheduled to be moved on reboot.
C:\ProgramData\InternetUpdater folder moved successfully.
C:\Users\Audrey\AppData\Roaming\ValueApps\CH folder moved successfully.
C:\Users\Audrey\AppData\Roaming\ValueApps folder moved successfully.
C:\Program Files\Conduit\ValueApps\IE folder moved successfully.
C:\Program Files\Conduit\ValueApps folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
C:\ProgramData\Websteroids\IE folder moved successfully.
C:\ProgramData\Websteroids\Firefox\chrome\content folder moved successfully.
C:\ProgramData\Websteroids\Firefox\chrome folder moved successfully.
C:\ProgramData\Websteroids\Firefox folder moved successfully.
C:\ProgramData\Websteroids\Chrome\unzip folder moved successfully.
C:\ProgramData\Websteroids\Chrome folder moved successfully.
C:\ProgramData\Websteroids folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WiseConvert folder moved successfully.
C:\Program Files (x86)\WiseConvert\WiseConvert\res folder moved successfully.
C:\Program Files (x86)\WiseConvert\WiseConvert folder moved successfully.
C:\ProgramData\PC Optimizer Pro\LOGS folder moved successfully.
C:\ProgramData\PC Optimizer Pro folder moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro\ not found.
C:\Program Files\PC Optimizer Pro folder moved successfully.
C:\ProgramData\SearchDonkey\Chrome folder moved successfully.
C:\ProgramData\SearchDonkey folder moved successfully.
C:\Users\Audrey\Desktop\secuity.exe moved successfully.
C:\Users\Audrey\Documents\Mobogenie folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\info\notice folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\info\download folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\info\connect folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\info folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\iframe\tab_switch folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\iframe folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static\dialog folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_static folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\welcome folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\util folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\pb folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\moduletemp folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\vedio folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\ui folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\subject folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\message folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\image folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\driver folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\download folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\contact folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\app folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\lib folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\interface folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\vietna folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\thai folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\spanish folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\russian folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\portuguese folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\poland folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\italian folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\indonesian folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\english folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\chinese folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\arabic folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_ folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_square folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_rounded folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\default folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_square folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_rounded folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\iframe folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\vietna folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\thai folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\spanish folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\russian folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\portuguese folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\poland folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\italian folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\indonesian folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\english folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\chinese folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\arabic folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_ folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\page folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\libraries folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\test folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\examples\views folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\examples folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\bin folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\benchmarks\templating folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\benchmarks folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\css folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\sqldrivers folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\phonon_backend folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\log folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\imageformats folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\OldVersion folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\NewVersion folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version\CacheVersion folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Version folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\driver folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Download folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\device folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\Data folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie\backup folder moved successfully.
C:\Users\Audrey\AppData\Local\Mobogenie folder moved successfully.
C:\Program Files (x86)\BuzzSearch\bin\plugins folder moved successfully.
C:\Program Files (x86)\BuzzSearch\bin folder moved successfully.
C:\Program Files (x86)\BuzzSearch folder moved successfully.
C:\Program Files (x86)\Mobogenie folder moved successfully.
File C:\windows\tasks\PC Optimizer Pro64 startups.job not found.
C:\END moved successfully.
File C:\windows\tasks\PC Optimizer Pro64 Scan.job not found.
File C:\windows\tasks\PC Optimizer Pro Updates.job not found.
File C:\windows\tasks\PC Optimizer Pro Idle.job not found.
File C:\Users\Audrey\Application Data\Microsoft\Internet Explorer\Quick Launch\PC Optimizer Pro.lnk not found.
File C:\Users\Public\Desktop\PC Optimizer Pro.lnk not found.
C:\Users\Audrey\AppData\Roaming\Leadertech\PowerRegister folder moved successfully.
C:\Users\Audrey\AppData\Roaming\Leadertech folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect\Res folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect\ffprotect\Dialogs folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect\ffprotect folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect\Dialogs\spsd\images folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect\Dialogs\spsd folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect\Dialogs\spbd\images folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect\Dialogs\spbd folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect\Dialogs\lib folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect\Dialogs folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect\bin folder moved successfully.
C:\Users\Audrey\AppData\Roaming\SearchProtect folder moved successfully.
Folder C:\Users\Audrey\AppData\Roaming\ValueApps\ not found.
C:\Users\Audrey\AppData\Roaming\0S1F1O2Z0S2Y1H1T\ROM Manager Packages folder moved successfully.
C:\Users\Audrey\AppData\Roaming\0S1F1O2Z0S2Y1H1T folder moved successfully.
Unable to delete ADS C:\Users\Audrey\Documents\Mobogenie:Roxio EMC Stream .
========== FILES ==========
C:\Program Files (x86)\Minibar\minibar folder moved successfully.
C:\Program Files (x86)\Minibar\kango-ui\theme\bubble folder moved successfully.
C:\Program Files (x86)\Minibar\kango-ui\theme folder moved successfully.
C:\Program Files (x86)\Minibar\kango-ui folder moved successfully.
C:\Program Files (x86)\Minibar\kango folder moved successfully.
C:\Program Files (x86)\Minibar\icons folder moved successfully.
C:\Program Files (x86)\Minibar folder moved successfully.
C:\Program Files (x86)\SweetPacks folder moved successfully.
C:\Program Files (x86)\MyPC Backup\~updates folder moved successfully.
C:\Program Files (x86)\MyPC Backup\x86 folder moved successfully.
Folder move failed. C:\Program Files (x86)\MyPC Backup\x64 scheduled to be moved on reboot.
C:\Program Files (x86)\MyPC Backup\Resources\cache folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Resources folder moved successfully.
C:\Program Files (x86)\MyPC Backup\log folder moved successfully.
Folder move failed. C:\Program Files (x86)\MyPC Backup\Database scheduled to be moved on reboot.
C:\Program Files (x86)\MyPC Backup\Config folder moved successfully.
Folder move failed. C:\Program Files (x86)\MyPC Backup scheduled to be moved on reboot.
File\Folder C:\Program Files (x86)\BuzzSearch not found.
File\Folder C:\ProgramData\InternetUpdater not found.
File\Folder C:\Windows\SysNative\dmwu.exe not found.
C:\Windows\SysWOW64\jmdp folder moved successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Audrey\Downloads\cmd.bat deleted successfully.
C:\Users\Audrey\Downloads\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Audrey\Downloads\cmd.bat deleted successfully.
C:\Users\Audrey\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Audrey
->Temp folder emptied: 376357799 bytes
->Temporary Internet Files folder emptied: 525285349 bytes
->Java cache emptied: 28404 bytes
->FireFox cache emptied: 26620642 bytes
->Google Chrome cache emptied: 7452068 bytes
->Flash cache emptied: 42829 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: kids
->Temp folder emptied: 1406344 bytes
->Temporary Internet Files folder emptied: 72080 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2652738 bytes
->Flash cache emptied: 598 bytes

User: Public

User: wangzhisong

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 549501976 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46335458 bytes
RecycleBin emptied: 11439793 bytes

Total Files Cleaned = 1,476.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 01012014_150310

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysNative\tasklist.exe scheduled to be moved on reboot.
File move failed. C:\Windows\SysWOW64\tasklist.exe scheduled to be moved on reboot.
File move failed. F:\AUTORUN.INF scheduled to be moved on reboot.
File move failed. F:\RISK.EXE scheduled to be moved on reboot.
File move failed. F:\SETUP.EXE scheduled to be moved on reboot.
C:\Program Files (x86)\MyPC Backup\x64 folder moved successfully.
C:\Program Files (x86)\MyPC Backup\Database folder moved successfully.
C:\Program Files (x86)\MyPC Backup folder moved successfully.
C:\Users\Audrey\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Audrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\windows\temp\JET4C89.tmp moved successfully.
C:\windows\temp\~ROMFN_000004CC moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looks good :thumbsup: Please proceed with the rest of the steps and post the resultant logs. Once I see the remaining logs, we can proceed. :)
  • 0

Advertisements


#11
audreymaye

audreymaye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I ran the TDSSkiller and the result was "no objects found". I tried to paste the log here but I received an error message saying the post was too long to send. Any input on that? Here's the OTL quick scan log...


OTL Scan Log:

OTL logfile created on: 1/3/2014 10:53:44 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Audrey\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 55.68% Memory free
7.21 Gb Paging File | 5.06 Gb Available in Paging File | 70.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 212.63 Gb Free Space | 83.66% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 26.81 Gb Free Space | 92.47% Space Free | Partition Type: NTFS
Drive F: | 291.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: AUDREYS-PC | User Name: Audrey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/29 17:43:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Audrey\Desktop\OTL.com
PRC - [2013/12/26 23:36:25 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/26 23:36:25 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/12 18:00:00 | 003,228,080 | ---- | M] (AdFender, Inc.) -- C:\Program Files (x86)\AdFender\AdFender.exe
PRC - [2013/11/17 22:28:52 | 004,121,952 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Audrey\AppData\Local\Temp\{D67FD38A-A8A5-4C93-8DA0-14359BDB48E2}.exe
PRC - [2013/11/11 08:33:28 | 001,002,368 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
PRC - [2013/10/21 06:56:48 | 000,252,248 | ---- | M] (Compete, Inc.) -- C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-ua.exe
PRC - [2013/06/26 13:59:36 | 007,342,080 | ---- | M] () -- C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
PRC - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/10 17:06:44 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2011/01/28 16:29:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010/01/19 03:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
PRC - [2007/04/09 18:50:08 | 000,228,088 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2007/04/09 18:49:26 | 000,018,680 | ---- | M] (Sonic Solutions) -- C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2007/04/02 04:24:10 | 000,113,400 | ---- | M] () -- C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/29 11:56:34 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/11/11 08:33:28 | 001,002,368 | ---- | M] () -- C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
MOD - [2013/06/26 13:59:36 | 007,342,080 | ---- | M] () -- C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
MOD - [2012/08/10 17:06:42 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2007/04/02 04:24:10 | 000,113,400 | ---- | M] () -- C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/12/26 23:36:25 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/26 02:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/10 15:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/01 04:22:50 | 002,649,840 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV:64bit: - [2011/12/13 21:36:34 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/12/13 13:24:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013/12/11 11:42:36 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/02 21:26:44 | 000,106,296 | ---- | M] (ConsumerInput) [On_Demand | Stopped] -- C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe -- (consumerinput_updatem)
SRV - [2013/12/02 21:26:44 | 000,106,296 | ---- | M] (ConsumerInput) [Auto | Stopped] -- C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe -- (consumerinput_update)
SRV - [2013/11/19 12:22:00 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 03:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/02 19:29:54 | 000,088,824 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/04/02 19:29:52 | 000,359,160 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Roxio Easy Media Creator 9 Suite\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/26 23:37:15 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2013/12/26 23:36:36 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/26 23:36:35 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/12/26 23:36:35 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/12/26 23:36:35 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/11/29 11:56:39 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/29 11:56:38 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/01 04:21:40 | 000,127,216 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\bckd.sys -- (bckd)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/10 17:21:20 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2012/08/10 17:18:30 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2012/08/10 17:18:30 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/13 14:02:22 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/12/13 12:42:00 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/28 20:23:24 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/09/28 20:23:24 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/10 02:01:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/01/28 16:29:58 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/10 12:43:40 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2010/11/28 12:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/24 11:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/30 01:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/09/21 15:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt)
DRV:64bit: - [2010/09/02 22:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/06/25 10:33:36 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/05/14 15:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/14 15:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/02/18 02:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/21 07:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/03/23 02:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/03/10 12:09:56 | 000,010,232 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLADResE.SYS -- (DLADResE)
DRV:64bit: - [2007/03/10 12:09:48 | 000,044,920 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLABMFSE.SYS -- (DLABMFSE)
DRV:64bit: - [2007/03/10 12:09:46 | 000,144,248 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAUDF_E.SYS -- (DLAUDF_E)
DRV:64bit: - [2007/03/10 12:09:46 | 000,136,056 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAUDFAE.SYS -- (DLAUDFAE)
DRV:64bit: - [2007/03/10 12:09:44 | 000,035,320 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAOPIOE.SYS -- (DLAOPIOE)
DRV:64bit: - [2007/03/10 12:09:42 | 000,042,616 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLABOIOE.SYS -- (DLABOIOE)
DRV:64bit: - [2007/03/10 12:09:42 | 000,020,088 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAPoolE.SYS -- (DLAPoolE)
DRV:64bit: - [2007/03/10 12:09:40 | 000,146,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DLAIFS_E.SYS -- (DLAIFS_E)
DRV:64bit: - [2007/03/09 14:18:24 | 000,123,992 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DRVECDB.SYS -- (DRVECDB)
DRV:64bit: - [2007/02/02 08:40:58 | 000,018,040 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DLACDBHE.SYS -- (DLACDBHE)
DRV:64bit: - [2007/02/02 08:40:56 | 000,041,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\SysNative\drivers\DLARTL_E.SYS -- (DLARTL_E)
DRV:64bit: - [2007/01/27 08:49:08 | 000,064,120 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DRVEDDM.SYS -- (DRVEDDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://us.yhs4.searc...19891,0,25,6944
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ng}&rlz=1I7LENN
IE - HKCU\..\SearchScopes\{8544CA2D-AEA9-4D10-ACD7-0A536AC2F833}: "URL" = http://search.yahoo....49,19890,0,25,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3310511.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Audrey\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/26 23:36:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/05/10 08:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Audrey\AppData\Roaming\Mozilla\Extensions
[2014/01/01 15:15:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\extensions
[2013/11/26 10:41:32 | 000,003,726 | ---- | M] () -- C:\Users\Audrey\AppData\Roaming\Mozilla\Firefox\Profiles\7z6g35x0.default\searchplugins\safeguard-secure-search.xml
[2013/11/19 12:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/19 12:22:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/26 23:36:38 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/06/26 18:35:51 | 000,003,726 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: SweetPacks = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.20.1.8_0\
CHR - Extension: SweetPacks = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.24.3.503_0\
CHR - Extension: SweetPacks = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff\10.24.3.503_0\nativeMessaging\nmHost
CHR - Extension: Google Wallet = C:\Users\Audrey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2014/01/01 15:24:39 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\19975bc2-7b65-4f28-913a-5305022680f7.exe (AVAST Software)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files (x86)\Roxio\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files (x86)\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Audrey\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKCU..\Run: [Updater] C:\ProgramData\Updater\updater.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.129.55.2 72.19.160.2 72.19.128.53 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66A037E6-798F-4BB9-930B-1A3921A13020}: DhcpNameServer = 66.129.55.2 72.19.160.2 72.19.128.53 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1997/10/07 04:40:50 | 000,000,271 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/01 20:51:02 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Audrey\Desktop\tdsskiller.exe
[2014/01/01 15:03:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/31 16:28:06 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Audrey\Desktop\aswmbr.exe
[2013/12/29 17:43:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Audrey\Desktop\OTL.com
[2013/12/28 16:07:27 | 000,000,000 | ---D | C] -- C:\Users\Audrey\AppData\Local\AdFender
[2013/12/28 16:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdFender
[2013/12/28 16:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AdFender
[2013/12/28 16:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AdFender
[2013/12/27 14:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WiseConvert
[2013/12/26 23:37:15 | 000,079,672 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys
[2013/12/14 13:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Risk
[2013/12/14 13:49:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hasbro Interactive
[2013/12/11 18:49:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\Users\Audrey\Desktop\*.tmp files -> C:\Users\Audrey\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/03 11:02:00 | 000,000,378 | ---- | M] () -- C:\windows\tasks\CI_DCA_UA{C3717BD3-6AC2-4dcd-83DE-F865C33AC5D9}.job
[2014/01/03 11:02:00 | 000,000,362 | ---- | M] () -- C:\windows\tasks\CIMT_S-1-5-21-759974512-340368841-1058085160-1001.job
[2014/01/03 10:44:01 | 000,739,728 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/01/03 10:44:01 | 000,633,180 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/01/03 10:44:01 | 000,110,782 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/01/03 10:42:02 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/03 10:42:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/01/03 10:41:04 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/03 10:41:04 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/03 10:39:23 | 000,000,932 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-759974512-340368841-1058085160-1001UA.job
[2014/01/03 10:39:11 | 000,000,966 | ---- | M] () -- C:\windows\tasks\ConsumerInputUpdateTaskMachineCore.job
[2014/01/03 10:39:10 | 000,000,910 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-759974512-340368841-1058085160-1001Core.job
[2014/01/03 10:38:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/01/02 03:12:02 | 000,000,970 | ---- | M] () -- C:\windows\tasks\ConsumerInputUpdateTaskMachineUA.job
[2014/01/01 21:03:55 | 000,101,573 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2014/01/01 21:02:53 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/01 21:01:56 | 2902,642,688 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/01 20:51:11 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Audrey\Desktop\tdsskiller.exe
[2014/01/01 15:24:39 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
[2013/12/31 16:43:43 | 000,000,512 | ---- | M] () -- C:\Users\Audrey\Desktop\MBR.dat
[2013/12/31 16:28:20 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Audrey\Desktop\aswmbr.exe
[2013/12/29 17:43:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Audrey\Desktop\OTL.com
[2013/12/28 16:07:28 | 000,001,075 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk
[2013/12/26 23:37:17 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/26 23:37:15 | 000,079,672 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys
[2013/12/26 23:36:36 | 000,207,904 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/12/26 23:36:35 | 001,034,464 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/12/26 23:36:35 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/12/26 23:36:35 | 000,334,136 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/12/26 23:36:35 | 000,078,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/12/26 23:36:30 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/12/15 15:02:09 | 002,303,908 | ---- | M] () -- C:\Users\Audrey\Desktop\TechnicLauncher.exe
[2013/12/11 19:10:54 | 000,470,416 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/10 19:38:23 | 000,016,284 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/12/10 19:38:18 | 000,016,284 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[1 C:\Users\Audrey\Desktop\*.tmp files -> C:\Users\Audrey\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/31 16:43:43 | 000,000,512 | ---- | C] () -- C:\Users\Audrey\Desktop\MBR.dat
[2013/12/28 16:07:28 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AdFender.lnk
[2013/12/10 19:38:23 | 000,016,284 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/12/10 19:38:16 | 000,016,284 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/10/15 13:06:20 | 000,008,704 | ---- | C] () -- C:\Users\Audrey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/29 09:03:53 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/06/05 19:44:57 | 000,000,632 | RHS- | C] () -- C:\Users\Audrey\ntuser.pol
[2013/05/22 08:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2013/05/19 19:32:17 | 000,000,000 | ---- | C] () -- C:\windows\setup32.INI
[2013/05/11 14:57:50 | 000,000,372 | ---- | C] () -- C:\windows\wininit.ini
[2013/05/11 14:00:40 | 000,756,022 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/08/10 17:27:42 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2012/08/10 17:27:42 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2012/08/10 17:06:52 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2012/08/10 17:06:51 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2012/08/10 17:06:51 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2012/08/10 17:06:51 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2012/08/10 17:06:38 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2012/08/10 16:45:32 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2012/08/10 16:45:32 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2012/08/10 16:31:44 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/08/10 16:27:49 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/12/29 11:05:03 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\.minecraft
[2013/12/15 15:01:59 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\.technic
[2013/05/12 06:19:17 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\Auslogics
[2013/11/29 12:36:43 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\AVAST Software
[2013/12/02 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\Itibiti
[2013/09/27 19:33:41 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\TFP
[2013/05/20 15:59:46 | 000,000,000 | ---D | M] -- C:\Users\Audrey\AppData\Roaming\The Learning Company

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Documents\Youcam:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Documents\Picture of me 2.png:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\VisualBoyAdvance-1.8.0-beta3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\VisualBoyAdvance-1.8.0-beta3.zip:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\The dropper BY BIGRE.zip:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\text.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\suffering.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\schedule play.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\New folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\MBR.dat:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\geeksreply.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\geeksreply 2.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\aswMBR.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Audrey\Desktop\aspen and me.jpg:Roxio EMC Stream

< End of report >
  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

You can split the log into two pieces, and post them into separate posts. I will re assemble it and check it out. :)
  • 0

#13
audreymaye

audreymaye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I tried splitting it and the file is still too big. Even splitting it in fourths looks too big to me. Is it possible to attach the file and send it to you that way? I've spend two hours trying to send the pieces and the computer keeps freezing. Thanks :)
  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

I tried splitting it and the file is still too big. Even splitting it in fourths looks too big to me. Is it possible to attach the file and send it to you that way? I've spend two hours trying to send the pieces and the computer keeps freezing. Thanks :)



Yes, go ahead and attach the log to this post, and I'll grab it from there. :) :thumbsup:
  • 0

#15
audreymaye

audreymaye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Okay, I attached the file. Thanks

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP