Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

search.conduit.com virus [Solved]


  • This topic is locked This topic is locked

#1
BLACKR0B0T

BLACKR0B0T

    New Member

  • Member
  • Pip
  • 9 posts
Every time I Open a tab I get directed to

search.conduit.com/?ctid=CT3317209&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=&Lay=1&UM=2&UP=SP884B1B83-AFD6-41FB-AD5F-68702941FA85

As well when using high traffic sites (specifically youtube.com)I get multiple auto playing ads that keep reloading.

Also at times multiple browsers will open which my McAfee will block and label dangerous.

My pc is from japan so there may be issues with the OTL.Txt. Ive read over most of it and its all google translatable. if needed i can provide the translations myself upon request.

first time posting here. I hope I didnt miss anything.
Thanks for the help.



OTL logfile created on: 2013/12/31 19:54:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gordon Eastwood\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.92 Gb Total Physical Memory | 5.19 Gb Available Physical Memory | 65.54% Memory free
15.83 Gb Paging File | 12.03 Gb Available in Paging File | 76.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 278.51 Gb Free Space | 59.81% Space Free | Partition Type: NTFS

Computer Name: DUNE | User Name: Gordon Eastwood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/31 19:52:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gordon Eastwood\Downloads\OTL.exe
PRC - [2013/12/16 01:09:22 | 004,180,256 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2013/12/16 01:09:22 | 002,849,056 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
PRC - [2013/12/16 01:09:22 | 002,251,552 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2013/12/15 12:20:31 | 002,471,448 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/12/15 12:20:31 | 001,771,544 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
PRC - [2013/12/15 12:20:30 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
PRC - [2013/12/12 00:36:12 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/11 11:40:36 | 001,823,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/12/11 11:40:36 | 000,569,768 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/12/11 10:57:29 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/12/05 17:30:04 | 000,040,448 | ---- | M] () -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe
PRC - [2013/11/19 19:38:32 | 000,481,656 | ---- | M] (Updater) -- C:\ProgramData\Updater\updater.exe
PRC - [2013/11/19 19:38:32 | 000,426,872 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
PRC - [2013/11/19 19:38:32 | 000,426,872 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
PRC - [2013/11/19 19:38:32 | 000,426,872 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 19:48:09 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2013/03/07 04:32:38 | 000,248,240 | ---- | M] (Facebook) -- C:\Users\Gordon Eastwood\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
PRC - [2012/08/12 17:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/12 17:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/09/27 16:37:54 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011/04/07 20:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/29 22:01:08 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/02/07 18:25:58 | 000,146,520 | ---- | M] (JWord Inc.) -- C:\Program Files (x86)\JWord\Plugin2\jwdsrch.exe
PRC - [2010/11/30 02:31:04 | 001,367,816 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2010/11/28 20:57:26 | 002,766,336 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
PRC - [2010/11/18 02:59:16 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
PRC - [2010/11/16 20:21:56 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/11/16 20:21:54 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/16 16:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/05 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 06:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/31 20:25:36 | 001,374,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2009/11/01 21:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/15 12:20:31 | 002,471,448 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/12/15 12:20:31 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll
MOD - [2013/12/12 00:36:11 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/12/11 11:40:38 | 001,135,016 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/12/11 10:57:29 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/11/06 13:48:12 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/11/06 13:48:10 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/10/10 20:27:49 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/10 20:27:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 20:27:29 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/10 20:27:20 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 20:27:15 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/11 11:07:21 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/09/11 10:59:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/17 21:28:33 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/17 21:28:32 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2b87cb064e64ff40778ca12322abb710\IAStorUtil.ni.dll
MOD - [2013/08/15 18:39:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll
MOD - [2013/08/15 18:38:48 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/08/15 18:38:22 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 18:38:05 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 18:37:54 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/21 14:48:15 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/07/12 11:08:57 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\14dd60b57c8e7542cc9711866ef63e8a\IAStorCommon.ni.dll
MOD - [2013/07/12 01:55:18 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/14 15:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 15:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 15:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/03/07 04:32:40 | 021,014,960 | ---- | M] () -- C:\Users\Gordon Eastwood\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
MOD - [2013/03/07 04:32:38 | 000,292,272 | ---- | M] () -- C:\Users\Gordon Eastwood\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
MOD - [2013/03/07 04:32:38 | 000,179,632 | ---- | M] () -- C:\Users\Gordon Eastwood\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
MOD - [2012/08/09 23:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/05/05 23:12:50 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011/04/11 23:49:00 | 000,233,472 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_ja_b77a5c561934e089\System.resources.dll
MOD - [2010/11/28 20:57:26 | 002,766,336 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
MOD - [2010/11/20 19:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/20 19:23:48 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/12 15:18:15 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ja_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/01 00:34:32 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\ja-JP\THXAudio.resources.dll
MOD - [2009/11/01 21:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/01 21:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/05 21:50:32 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Audiodll.dll
MOD - [2006/12/10 09:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey\AudioControlDLL.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/06 09:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/05/25 00:13:54 | 000,162,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/05/24 23:59:02 | 000,210,616 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/05/24 23:58:32 | 000,199,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/05/21 22:34:30 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/04/18 15:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2011/12/16 01:37:38 | 005,827,072 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2011/01/27 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/27 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 01:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/11/30 02:31:12 | 000,679,176 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2010/11/30 02:31:10 | 004,150,864 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2010/11/30 02:31:08 | 001,188,616 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2010/09/22 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/16 01:09:22 | 002,251,552 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/12/15 12:20:31 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
SRV - [2013/12/12 00:36:11 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 11:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/11 10:57:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/05 17:30:04 | 000,040,448 | ---- | M] () [Auto | Running] -- C:\ProgramData\InternetUpdater\InternetUpdaterService.exe -- (InternetUpdater)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/04 17:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/27 15:40:00 | 004,204,272 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012/03/05 23:49:35 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/19 16:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/04/07 20:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/11/18 02:59:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2010/11/16 20:21:56 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/11/16 20:21:54 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/05 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/12 09:00:12 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/31 23:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/28 04:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/06/26 04:38:44 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/06/26 04:38:44 | 000,023,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 02:15:06 | 000,358,480 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ka6avs.sys -- (ka6avs)
DRV:64bit: - [2012/02/22 02:15:06 | 000,082,000 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ka6usb.sys -- (ka6usb_svc)
DRV:64bit: - [2012/02/21 20:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/21 20:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/21 20:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/21 20:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/21 20:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/21 20:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/21 20:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/21 20:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/02/06 08:36:25 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/06 08:36:25 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/02 14:06:04 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2011/12/02 14:06:00 | 000,565,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2011/09/23 01:59:08 | 000,290,600 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2011/06/26 01:55:48 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/22 18:26:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/04/07 20:14:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/02/09 21:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/09 21:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/13 21:24:56 | 000,132,624 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2011/01/11 14:43:16 | 001,103,464 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/30 02:31:52 | 000,484,224 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2010/11/30 02:31:50 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/05 06:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/18 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 08:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/02/10 10:32:00 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/18 10:39:17 | 000,081,920 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1102.sys -- (RDID1102)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/10/25 23:33:32 | 000,013,696 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\habu.sys -- (HabuFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=MOCJ&bmod=MOCJ
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...02941FA85&SSPV=
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {2ACECADE-0BC7-4C6F-95CF-A221CC161B52} - C:\Program Files (x86)\JWord\Plugin2\jwdsrch.dll (JWord Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{4B95F9F3-08E8-420B-AA4F-617D52A8B6F0}: "URL" = http://search.jword....e={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-09-28 16:42:02&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{F90D299B-3DF8-48D8-A10F-309F950D07A1}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "安全検索"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7BEE223D7A-F30F-11DD-8F0A-D2AD55D89593%7D:1.1.3
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.9
FF - prefs.js..extensions.enabledAddons: %7BD19CA586-DD6C-4a0a-96F8-14644F340D60%7D:14.4.1
FF - prefs.js..extensions.enabledAddons: support%40websteroidsapp.com:2.6.4967062
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Gordon Eastwood\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/12/12 13:14:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/07/01 00:01:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38 [2013/12/15 12:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/25 04:07:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/28 05:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Extensions
[2013/12/31 19:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\extensions
[2013/12/31 19:38:46 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\extensions\[email protected]
[2012/10/28 16:25:49 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\extensions\[email protected]
[2013/07/10 06:59:19 | 000,075,008 | ---- | M] () (No name found) -- C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
[2013/02/23 18:34:43 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2013/05/25 04:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/12 00:36:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/12 00:24:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013/12/12 00:24:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/07/01 00:01:36 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2013/12/12 13:14:42 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2010/01/05 01:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2013/05/20 20:13:09 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/04/05 09:25:23 | 000,002,065 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:64bit: - BHO: (JWord プラグイン 拡張ヘルパー) - {624EBD88-DF97-4810-A282-26286B8BF95F} - C:\Program Files (x86)\JWord\Plugin2\jwdpm_64.dll (JWord Inc.)
O2:64bit: - BHO: (JWord 検索バーヘルパー) - {70879F23-6ED6-4461-BA7B-BC9F383FA84F} - C:\Program Files (x86)\JWord\Plugin2\Components\JwdExpBar\JwdExpBar_64.dll (JWord)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120701165912.dll (McAfee, Inc.)
O2:64bit: - BHO: (JWord スピードダイアル ヘルパー) - {866816C6-95BB-4FDB-8485-6FF360152987} - C:\Program Files (x86)\JWord\Common\SpeedDial\SpeedDial_64.dll (JWord Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Websteroids) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)
O2 - BHO: (JWord プラグイン 拡張ヘルパー) - {624EBD88-DF97-4810-A282-26286B8BF95F} - C:\Program Files (x86)\JWord\Plugin2\jwdpm.dll (JWord Inc.)
O2 - BHO: (JWord 検索バーヘルパー) - {70879F23-6ED6-4461-BA7B-BC9F383FA84F} - C:\Program Files (x86)\JWord\Plugin2\Components\JwdExpBar\JwdExpBar.dll (JWord)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120701165912.dll (McAfee, Inc.)
O2 - BHO: (JWord スピードダイアル ヘルパー) - {866816C6-95BB-4FDB-8485-6FF360152987} - C:\Program Files (x86)\JWord\Common\SpeedDial\SpeedDial.dll (JWord Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [jwdsrch] C:\Program Files (x86)\JWord\Plugin2\jwdsrch_64.exe (JWord Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HncUpdate90] C:\Program Files (x86)\Hnc\HncUtils\Update\HncCheck.exe (한글과컴퓨터)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [jwdsrch] C:\Program Files (x86)\JWord\Plugin2\jwdsrch.exe (JWord Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Gordon Eastwood\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - Startup: C:\Users\Gordon Eastwood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google サイドウィキ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: JWord でサイト検索 - C:\Program Files (x86)\JWord\Plugin2\jwdsrch.dll (JWord Inc.)
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: JWord でサイト検索 - C:\Program Files (x86)\JWord\Plugin2\jwdsrch.dll (JWord Inc.)
O9:64bit: - Extra Button: JWord プラグイン - {34D67ED2-C837-4627-838C-2264E347D291} - http://www.jword.jp/...iebutton&pver=2 File not found
O9:64bit: - Extra 'Tools' menuitem : JWord プラグインについて - {34D67ED2-C837-4627-838C-2264E347D291} - http://www.jword.jp/...iebutton&pver=2 File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9:64bit: - Extra 'Tools' menuitem : JWord 検索バー - {978DB49B-35F4-411D-B7D2-88858A359B66} - C:\Program Files (x86)\JWord\Plugin2\Components\JwdExpBar\JwdExpBar_64.dll (JWord)
O9:64bit: - Extra 'Tools' menuitem : JWord プラグインの設定... - {B8FA14E5-8AE7-452C-AA3B-23C32388CDA0} - C:\Program Files (x86)\JWord\Plugin2\JwdPH_64.dll (JWord Inc.)
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: JWord プラグイン - {34D67ED2-C837-4627-838C-2264E347D291} - http://www.jword.jp/...iebutton&pver=2 File not found
O9 - Extra 'Tools' menuitem : JWord プラグインについて - {34D67ED2-C837-4627-838C-2264E347D291} - http://www.jword.jp/...iebutton&pver=2 File not found
O9 - Extra 'Tools' menuitem : JWord 検索バー - {978DB49B-35F4-411D-B7D2-88858A359B66} - C:\Program Files (x86)\JWord\Plugin2\Components\JwdExpBar\JwdExpBar.dll (JWord)
O9 - Extra 'Tools' menuitem : JWord プラグインの設定... - {B8FA14E5-8AE7-452C-AA3B-23C32388CDA0} - C:\Program Files (x86)\JWord\Plugin2\JwdPH.dll (JWord Inc.)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F3FFE02-7CE2-4041-8C37-E74C35618141}: DhcpNameServer = 64.59.160.13 64.59.161.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5494D7F-E3D8-4129-97A4-3901CA643B30}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (/sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/26 12:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/12/16 14:34:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect
[2013/12/15 00:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\InternetUpdater
[2013/12/15 00:41:53 | 000,000,000 | ---D | C] -- C:\Users\Gordon Eastwood\AppData\Roaming\raidcall
[2013/12/15 00:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RaidCall
[2013/12/15 00:41:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/12/15 00:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2013/12/15 00:41:09 | 000,000,000 | ---D | C] -- C:\Users\Gordon Eastwood\AppData\Local\SearchProtect
[2013/12/15 00:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/12/15 00:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers
[2013/12/15 00:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids
[2013/12/15 00:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller
[2013/12/09 09:56:48 | 000,000,000 | ---D | C] -- C:\Users\Gordon Eastwood\Documents\A School Folder
[2013/12/09 09:54:45 | 000,000,000 | ---D | C] -- C:\Users\Gordon Eastwood\Documents\A Work Folder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/31 19:57:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/31 18:06:01 | 000,000,770 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-40234007-3895719673-171111129-1002UA.job
[2013/12/31 18:06:00 | 000,000,748 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-40234007-3895719673-171111129-1002Core.job
[2013/12/31 12:27:06 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/31 12:27:06 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/31 10:57:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/30 23:51:28 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/12/30 23:51:28 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/12/30 23:47:47 | 001,220,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/30 23:47:47 | 000,623,210 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/30 23:47:47 | 000,395,720 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013/12/30 23:47:47 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013/12/30 23:47:47 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/30 23:41:44 | 2079,985,663 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/26 19:32:20 | 000,000,221 | ---- | M] () -- C:\Users\Gordon Eastwood\Desktop\Magicka.url
[2013/12/26 12:35:42 | 000,000,222 | ---- | M] () -- C:\Users\Gordon Eastwood\Desktop\Sanctum 2.url
[2013/12/15 12:21:09 | 000,003,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/12/12 17:26:48 | 000,007,033 | ---- | M] () -- C:\Users\Gordon Eastwood\Desktop\pokemanz.rtf
[2013/12/12 13:15:09 | 000,372,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/10 00:20:20 | 775,305,198 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/04 23:13:07 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/26 19:32:20 | 000,000,221 | ---- | C] () -- C:\Users\Gordon Eastwood\Desktop\Magicka.url
[2013/12/26 12:35:42 | 000,000,222 | ---- | C] () -- C:\Users\Gordon Eastwood\Desktop\Sanctum 2.url
[2013/10/23 19:46:04 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\WinHDB90b.ini
[2013/06/26 18:09:34 | 000,003,728 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2012/06/29 10:47:51 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2012/06/29 10:43:32 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2012/06/29 10:43:30 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2012/03/06 01:07:21 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/06 01:07:16 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/06 01:07:12 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/06 01:07:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/06 01:07:05 | 013,899,776 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/03/05 23:49:52 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012/03/05 23:49:52 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012/03/05 23:49:52 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012/03/05 23:49:48 | 000,185,856 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/03/05 23:49:48 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/13 02:36:45 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\.mono
[2012/10/05 22:53:13 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\Ableton
[2013/10/15 06:45:09 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\AVG2014
[2012/06/29 10:34:19 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\Cakewalk
[2013/10/23 19:50:28 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\HNC
[2012/07/10 04:16:12 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\LolClient
[2013/01/18 01:40:45 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\OpenOffice.org
[2013/12/15 00:41:53 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\raidcall
[2012/07/26 00:40:34 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\runic games
[2012/06/29 11:17:45 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\Steinberg
[2013/08/15 11:47:51 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\TERA
[2012/10/02 15:17:31 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\TS3Client
[2012/09/27 23:42:13 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/12/31 15:44:47 | 000,001,828 | ---- | M] ()(C:\Users\Public\Desktop\????? ??????????.lnk) -- C:\Users\Public\Desktop\マカフィー セキュリティセンター.lnk
[2013/11/19 15:46:24 | 000,001,828 | ---- | C] ()(C:\Users\Public\Desktop\????? ??????????.lnk) -- C:\Users\Public\Desktop\マカフィー セキュリティセンター.lnk
[2013/11/17 20:49:25 | 000,001,828 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\????? ??????????.lnk) -- C:\Users\Gordon Eastwood\Documents\マカフィー セキュリティセンター.lnk
[2013/11/17 09:56:45 | 000,001,828 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\????? ??????????.lnk) -- C:\Users\Gordon Eastwood\Documents\マカフィー セキュリティセンター.lnk
[2013/10/23 22:27:29 | 000,016,663 | ---- | M] ()(C:\Users\Gordon Eastwood\Desktop\?????.odt) -- C:\Users\Gordon Eastwood\Desktop\유학계획서.odt
[2013/10/23 19:48:52 | 000,001,162 | ---- | M] ()(C:\Users\Public\Desktop\????? ?? 2014.lnk) -- C:\Users\Public\Desktop\한컴오피스 한글 2014.lnk
[2013/10/23 19:48:52 | 000,001,162 | ---- | C] ()(C:\Users\Public\Desktop\????? ?? 2014.lnk) -- C:\Users\Public\Desktop\한컴오피스 한글 2014.lnk
[2013/10/21 01:21:17 | 000,016,663 | ---- | C] ()(C:\Users\Gordon Eastwood\Desktop\?????.odt) -- C:\Users\Gordon Eastwood\Desktop\유학계획서.odt
[2013/02/21 03:36:10 | 000,001,828 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\????? ?????????????.lnk) -- C:\Users\Gordon Eastwood\Documents\マカフィー インターネットセキュリティ.lnk
[2013/02/21 03:36:10 | 000,001,828 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\????? ?????????????.lnk) -- C:\Users\Gordon Eastwood\Documents\マカフィー インターネットセキュリティ.lnk
[2013/01/28 03:38:30 | 000,248,320 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\?????.doc) -- C:\Users\Gordon Eastwood\Documents\卒論★完成.doc
[2013/01/28 03:38:22 | 000,033,280 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\????.doc) -- C:\Users\Gordon Eastwood\Documents\卒論表紙.doc
[2012/06/28 05:03:46 | 000,000,000 | ---D | M](C:\Users\Gordon Eastwood\Documents\????????) -- C:\Users\Gordon Eastwood\Documents\受信したファイル
[2012/06/28 05:03:46 | 000,000,000 | ---D | C](C:\Users\Gordon Eastwood\Documents\????????) -- C:\Users\Gordon Eastwood\Documents\受信したファイル
[2012/06/28 05:02:26 | 000,000,000 | -HSD | M](C:\Users\Gordon Eastwood\???? ????) -- C:\Users\Gordon Eastwood\スタート メニュー
[2012/06/28 05:02:26 | 000,000,000 | -HSD | M](C:\Users\Gordon Eastwood\???? ????) -- C:\Users\Gordon Eastwood\スタート メニュー
[2012/06/28 05:00:36 | 000,000,000 | -HSD | M](C:\ProgramData\??????) -- C:\ProgramData\デスクトップ
[2012/06/28 05:00:36 | 000,000,000 | -HSD | M](C:\ProgramData\???? ????) -- C:\ProgramData\スタート メニュー
[2012/06/28 05:00:36 | 000,000,000 | -HSD | M](C:\ProgramData\??????) -- C:\ProgramData\デスクトップ
[2012/06/28 05:00:36 | 000,000,000 | -HSD | M](C:\ProgramData\???? ????) -- C:\ProgramData\スタート メニュー
[2012/03/06 00:59:08 | 000,000,570 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\?????????.lnk) -- C:\Users\Gordon Eastwood\Documents\サポートマニュアル.lnk
[2012/03/06 00:29:18 | 000,000,561 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\?????????? ??????.lnk) -- C:\Users\Gordon Eastwood\Documents\サプリメントディスク バックアップ.lnk
[2012/03/06 00:29:18 | 000,000,561 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\?????????? ??????.lnk) -- C:\Users\Gordon Eastwood\Documents\サプリメントディスク バックアップ.lnk
[2012/03/06 00:17:26 | 000,000,570 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\?????????.lnk) -- C:\Users\Gordon Eastwood\Documents\サポートマニュアル.lnk
[2012/03/05 23:50:05 | 000,002,220 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\?????????.lnk) -- C:\Users\Gordon Eastwood\Documents\アクティベーション.lnk
[2012/03/05 23:50:05 | 000,002,220 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\?????????.lnk) -- C:\Users\Gordon Eastwood\Documents\アクティベーション.lnk
[2012/02/06 08:37:50 | 000,002,439 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\????!PC???.lnk) -- C:\Users\Gordon Eastwood\Documents\楽しもう!PCライフ.lnk
[2011/12/13 20:31:48 | 000,248,320 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\?????.doc) -- C:\Users\Gordon Eastwood\Documents\卒論★完成.doc
[2011/12/13 20:03:30 | 000,033,280 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\????.doc) -- C:\Users\Gordon Eastwood\Documents\卒論表紙.doc
[2008/12/10 23:19:14 | 000,002,439 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\????!PC???.lnk) -- C:\Users\Gordon Eastwood\Documents\楽しもう!PCライフ.lnk
(C:\Users\Gordon Eastwood\???? ????) -- C:\Users\Gordon Eastwood\スタート メニュー
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft ??? ????? ????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft マウス キーボード センター
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JWord ?????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JWord プラグイン
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\?????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\マカフィー
(C:\ProgramData\??????) -- C:\ProgramData\デスクトップ
(C:\ProgramData\???? ????) -- C:\ProgramData\スタート メニュー

< End of report >
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Gordon, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from (the C:\Users\Gordon Eastwood\Downloads folder). Please post the contents of that file.

I see some malicious programs and BHOs, toolbars etc. and we will get to those. But the first issue we need to address is the antivirus programs on the computer. You have McAfee and AVG both on the machine. You should only have one antivirus installed and running. So you need to decide which one you want to keep.
McAfee is a paid antivirus that includes a firewall. It looks kike the AVG antivirus is the free version.If that is the case and your subscription to McAfee is relatively new I would suggest that you keep it. If the McAfee subscription has expired or is about to expire then the choice is whether you want to renew the McAfee subscription and keep it or keep the AVG program.

When you post the Extras.txt log let me know which antivirus program you want to keep and we will totally remove the other one.
  • 0

#3
BLACKR0B0T

BLACKR0B0T

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thank you for such a quick response.

I read your reply and have since,

Changed my browser settings as you requested.
Deleted McAfee from my control panel remove programs window
Deleted a few unwanted programs(same way as McAfee)
And found a conduit program which i also removed(same way as McAfee)
Browser has seemingly returned to normal. no random ad popups and when i open a new tab it is back to using my foxtabs application
I then ran OLT again.
I got only a OLT file and not a new extras

below i will post the original extras like you asked

once again thank you for your time and assistance


----------------------------------------------------------------------------------------------

OTL Extras logfile created on: 2013/12/31 19:54:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gordon Eastwood\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.92 Gb Total Physical Memory | 5.19 Gb Available Physical Memory | 65.54% Memory free
15.83 Gb Paging File | 12.03 Gb Available in Paging File | 76.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 278.51 Gb Free Space | 59.81% Space Free | Partition Type: NTFS

Computer Name: DUNE | User Name: Gordon Eastwood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Hwp.Print] -- C:\Program Files (x86)\Hnc\HOffice9\Bin\HwpPrnMng.exe /p "%1" (Hancom Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Hwp.Print] -- C:\Program Files (x86)\Hnc\HOffice9\Bin\HwpPrnMng.exe /p "%1" (Hancom Inc.)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21A40CFA-58BA-42A2-AD1F-BC4292D01F62}" = lport=445 | protocol=6 | dir=in | app=system |
"{2C0D8103-F42B-46EA-B8FB-D8CF66AEA987}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{30C3B935-0998-4FE9-B806-62F5C3D6A4F7}" = rport=138 | protocol=17 | dir=out | app=system |
"{35C4DE34-17C4-4D6A-8059-27435E38EB5C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{360BAB7D-B531-4179-BE40-0F66B90CD284}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36AA5F2D-3D73-44B6-B78C-8BEBE548679C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3747D4A8-87E1-4251-BE05-7235B03E721F}" = rport=139 | protocol=6 | dir=out | app=system |
"{3E6F1AB2-DF24-4F76-BE15-A9C406DD21B2}" = lport=138 | protocol=17 | dir=in | app=system |
"{46C03C31-87A1-4364-9240-E3402C5D7558}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B007B77-9ACB-4325-97D3-577DD47829A8}" = lport=137 | protocol=17 | dir=in | app=system |
"{56755FC2-B714-4861-9A47-70F53FF2D763}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5787CB63-FA4C-400D-9F75-5F3EBBB78200}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A8D1FBE-4E51-4265-9AC9-E9166D655BE3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{68F7F153-0F33-4E5B-A77E-322715C24705}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{8B9661A2-EC81-44A3-A888-28291BBDE9AE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A4FFD137-37BF-4013-AF7A-91356AA68324}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B81B201B-6FF0-4EE1-B550-F0A1E2215ADD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C3AED968-3F8E-49CE-ADC4-47352FA46F5D}" = lport=139 | protocol=6 | dir=in | app=system |
"{D1AA9ECE-46C5-4797-A56E-8664089CB265}" = rport=445 | protocol=6 | dir=out | app=system |
"{D2871100-B918-43AA-AF81-D43DE4B473E8}" = rport=137 | protocol=17 | dir=out | app=system |
"{E3A0A4EF-852B-4491-9FD3-EFC1E744B13A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EBBA9019-0F1E-43E9-B85F-E25C9C001A16}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC3AE897-8E7E-4694-910A-88358919EBD4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EDC2A184-6F40-4CE4-AD1A-FE532EE318DB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F08E2E3E-FD29-4005-8E49-EDC98AB5A8B5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F4BAD1-1D8A-41B2-9C26-A7763DD02D1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe |
"{01969E00-A06E-4FB4-B921-B9A827941FD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0599FF02-2242-492D-9EA2-DE03233C6FB0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{120D54F2-DDBE-49AA-ABF4-A34B41262025}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{16F9431E-6A99-4EDC-8BFB-36E6058211BB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1826B2CD-49C9-44CA-8F29-6EB3F9B3F360}" = protocol=6 | dir=out | app=system |
"{19792325-BE35-4482-B6E4-F69F91E3E383}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{1A3ABF2B-723D-40B0-A43A-6189292D3997}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{1B364B81-B53D-4A44-A0DB-43173292A08A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe |
"{23728F70-61A6-4BC3-B0F5-1BA1C5335BA4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{24034E55-9DA3-47A7-93B6-353B0AB0D2CC}" = protocol=58 | dir=in | [email protected],-28545 |
"{2449EFE8-EEA6-4100-8DBB-C5DA119D0492}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{245FDE95-30AC-49BE-94F7-C48C2318BC1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{265CB00B-9412-446F-82FE-25967B7BC347}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{32C48654-C286-478B-8117-7FD53F7FA3B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{32D29BAE-C889-4D9D-A676-CC305F7BCC11}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{3319B223-94EF-4116-88F6-94B016352397}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{378CF7B7-B04E-4472-8E69-7C2AA06CA279}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{3791E21D-3C03-4809-B886-3A43C591A559}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{3A760676-7432-4761-9DAF-5806097A9593}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3BAE9409-095A-484F-AE0A-FEED3C6E8A73}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{3CB17C43-17BC-4D7D-B6BF-9BF4B15260FD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\smashmuck champions\smashmuck.exe |
"{3CF5D1BF-538E-46AB-9945-8892FFF7852E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{3DE06341-07EC-472E-A6DD-118B693534B7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{3E7436DC-CFBA-4936-9FF6-7EEE135BB0E9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{3F5CED9F-27D5-4FB4-8C13-ADB79E2A96D0}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\tera-launcher.exe |
"{43773C4B-DE0E-4799-967B-BE7AC804D021}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{45B4CD0D-002D-4673-9069-D03199D0F745}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{46593E10-90FC-48F5-B31C-91FFCA5BAD39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46FA72CE-114F-4857-AA71-15B27C5B0D52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{49D755D3-A51B-48AB-91E0-F53BB5ED53CC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4D91EDEE-2A48-46E1-8FD6-9863A79FF22A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{4EC2FE6A-C93E-45D1-86FA-BDB6048E0A4B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{51ACA416-8EAC-4D7F-BCD5-6DB2B0C7B331}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{585CE9E8-D599-49FA-ACA3-D57D31D63595}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\smashmuck champions\smashmuck.exe |
"{5C3EF4FA-CEAB-4065-9CA8-034070C6A83C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{5CBC2B50-DC6D-429C-80FB-E7E7A98B00A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe |
"{5D72C467-68D4-4098-A40E-1F04DD660748}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{61279A80-8097-4A8B-94A5-E5711DD8ADC4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{66D7286D-5871-4E20-86F7-DFFD68179170}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\client\tl.exe |
"{67A8AA7A-2EF4-4C84-8BC2-BB4221989AC4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe |
"{67E39475-448F-4424-B9D9-A8EF07B4F91D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{699A47DC-BB31-4661-951D-CB84855FE609}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{6CB642CF-D6B2-4A62-AE8D-40042A78650D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{70145FB6-E04E-4C88-A64F-318F3577B689}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\client\binaries\tera.exe |
"{709DB73C-02F0-463E-842C-2EC8D856EB57}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\client\tl.exe |
"{7361157C-388E-4D6D-8B36-8C5CAB85BF86}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{78011D7B-70D3-47E8-93F7-593F0EEDCB13}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
"{7BEF406A-B0D8-450F-A3B9-A5C4AC2E2BCF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7C378267-D038-454D-8403-AAB422AF922B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_2\thief2.exe |
"{84E53DC9-1BC0-4E7A-A390-317D7A6A766B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\thief_2\thief2.exe |
"{8516B079-3258-4F4D-BA93-FB59BA6DC4AE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{862920FC-548A-4DDC-8015-DDE9627B2E93}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{86B79521-9ACF-4EDF-AEB0-BD6C55EE5833}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{888341A2-1071-4897-AFF6-DA3893EACF37}" = protocol=1 | dir=in | [email protected],-28543 |
"{8AC4E029-5AE5-4A0A-88B5-F527D6EDC832}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{8F81DAD6-4480-4AE1-8EA5-9D1434E64144}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{8F84E418-1B44-4AD7-B41A-3CF94C361913}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{8FA1800C-8AD9-4314-9A22-737D03ED7715}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{92354792-4EA4-40F2-97F9-06395ACFFB0D}" = protocol=6 | dir=in | app=c:\programdata\happycloud\cache\tera\client\binaries\tera.exe |
"{97357EFA-53F7-4D45-98A7-84BCE9B003C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |
"{99A30151-0EF8-4A1B-AA41-5C15406EF651}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{9BC01145-16A2-411C-99B3-DA922A4AAA8C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9C096A4A-1295-47EA-A585-0D81175F65D4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
"{9D4D3F2C-9E8D-438E-B560-C1394D413977}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{9D77B72D-FBD7-4D55-9DB9-1F413A4BD990}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9DC05BE3-C4C7-4E1B-808A-DA19C1074621}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{A07B6CFB-759F-4560-8595-8840C4114083}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{A33C3C9E-9844-4E41-843B-FFCEA1F1873D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{A595E7F4-34A0-45DD-A835-0C48DBDAA064}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{A68BB9F9-1CB5-4A6D-A0B3-B9918C50DA3B}" = protocol=17 | dir=in | app=c:\programdata\happycloud\cache\tera\tera-launcher.exe |
"{A715B19C-437F-4C72-840E-C83A3A0090E3}" = protocol=58 | dir=out | [email protected],-28546 |
"{A7C5DE58-94B7-47F0-8F78-27E4258D4287}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{AA8BEC9A-FFA4-4143-B62B-C7F133BE09E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{AAD92448-5BED-4F50-B99B-EB29A9EA1C4D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B2704961-4107-436C-B9A1-66DC5D09EC24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B3795617-4E29-451A-897F-59A9580FFFE3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{B4D58176-E594-4E0E-A6B3-D91C5B69F5A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\smashmuck champions\smashmuck.exe |
"{B7A60D2D-DE72-47C2-9B8A-77398159C926}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BA2BA668-E69B-44AF-87A4-0E7BA077B1C6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe |
"{BC9D196B-D948-4095-B329-575D47615621}" = protocol=1 | dir=out | [email protected],-28544 |
"{BE6134DB-31F2-45C6-9D70-27305DE2397E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum2\binaries\win32\sanctumgame-win32-shipping.exe |
"{BED8BC91-8B30-445D-B562-637794901311}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BF5B7B36-708A-4C78-BFD0-106D4AC58B1E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{BFE9DFC6-283A-4450-BABF-C5D860CD9FCA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C419B8AD-55EB-4F47-BDD5-842C5A56FA41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{CB940EBF-8214-4AB6-B3D5-8379DF92718F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBEADC87-7EFC-45BA-A539-ADC922198EE5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{CD45BECA-AD29-4F94-8D66-A57E852664A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\smashmuck champions\smashmuck.exe |
"{CF21F7F5-1DA9-47D4-87A6-F219497CE64E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{D051AF33-39A2-4EA0-89C2-4D4A92AB3505}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{D3BECC60-F142-4D3B-90C7-5026C9BA8697}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{D40E3474-3FDB-4D0D-8182-184D147522F6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{D4A94A99-974C-4F50-AD7D-F31E1E7F3A41}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe |
"{D6927AD9-9A28-445B-899C-8B0A97CC1436}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D71D519B-07EF-4F95-9CE4-5DC89B871C64}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{D7DA1718-D1D3-4EED-A5C3-17BBD8240934}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D9F6570C-96FF-4123-A121-C64F515B5E3E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{DCC5DA97-5E48-4B51-BE9D-1E5F5A96026A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DCFFC996-28DC-4A37-A761-149F6EEA9BF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DDF98BB7-2BF9-466E-B2E9-B3063137387F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{E2E0F91D-4FCA-476B-9AE9-FB4F90C75F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{E42FE105-7CB1-415E-B22B-48905B49F5EB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E5C129DD-A5B1-4DDE-B930-C18659A2DC80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\smashmuck champions\smashmuck.exe |
"{E7EFFC8E-86EC-4E89-B3E1-DB73A169FEC2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{E87C04C0-3E14-420A-8C6B-39AD36144691}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{E9DAC6DA-58EA-4B6B-8D47-DDD02FB7DEC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{EEA86BC3-1B39-466C-8A35-EDE9306DE7BF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{EFD88D6B-AA9C-41E6-9FE4-58DB02C30337}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{EFF323FB-FBCA-4FA1-8D39-31C9140BB444}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{F16ABDEA-3D00-4B15-B35B-89D3EEFCA3FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\smashmuck champions\smashmuck.exe |
"{F19A55BC-0CF2-4AD4-AD81-ADBA3693356C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\torchlight\torchlight.exe |
"{F4716D72-07A6-41EF-91DD-42AE634DC756}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F59B3386-26A6-486D-BDB5-1DC626E63A08}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
"{F5C2DC51-88F8-4179-B63F-021AF1D1C62B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F652BB3F-5420-46A4-A8F5-9343C66C9A44}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{F8051F92-F335-4CDB-9D0E-D924C5CB1FEA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F887CE92-C087-4B02-99E1-2129C2B53135}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{FDE542CA-AD00-485E-B7BD-36CD560C6A13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{FE4FC0BB-B971-4779-8A8C-406B276F48B2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\stalker shadow of chernobyl\bin\xr_3da.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series" = Canon MG4100 series MP Drivers
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{24873332-B98B-4235-ABBA-CCDEACC62BB9}" = Native Instruments Traktor Audio 6 Driver
"{34883B9C-CDFE-46F0-9C5B-935484C218C3}" = AVG 2014
"{3BF2C0A8-2C44-4A36-AA96-3BD6FB7BB01F}" = Windows Live Remote Client Resources
"{54C5B89F-0A8C-4C07-A51D-7380974DA459}" = Windows Live Remote Service Resources
"{5552453B-BB76-45E3-973D-F95E458ED780}" = Native Instruments Kontakt 5
"{57EC0EF3-DC75-4cb7-9F4B-9BDB0FA77175}" = Native Instruments Komplete Audio 6 Driver
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{79D320AB-8148-4BC7-B49B-77B5D849E2A5}" = Native Instruments Guitar Rig Elements for Maschine
"{7F624BD1-4FE0-432F-B928-68302E156D04}" = AVG 2014
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{824BB582-4B00-431E-A5B0-C5DC4DB023E9}" = Native Instruments Komplete Elements Mk2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C04CE01-F7B8-4961-884B-6CE7EFFADCD4}" = Native Instruments Reaktor Spark R2
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8EEEB23E-A3EB-44A4-AEE9-D2FD6F96E4A0}" = Steinberg Cubase LE AI Elements 6 64bit
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F1F4E90-5808-3CA8-8FF6-A5B0E60AF268}" = Microsoft .NET Framework 4 Client Profile JPN Language Pack
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft マウス キーボード センター
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA コントロール パネル 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA グラフィックス ドライバー 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX システム ソフトウェア 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B99C316B-C135-43B5-8E77-2BC5E241F964}" = Steinberg HALion Sonic SE 64bit
"{D94FCA8D-A8B6-4F03-B0AE-416BFB7AF06A}" = Native Instruments Reaktor Elements Selection
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E206701F-713C-4799-B01C-AF24C17C826E}" = Native Instruments Kontakt Elements Selection R2
"{E236DA46-2EDD-4097-8CF4-444B4FC9E226}" = Native Instruments Abbey Road 60s Drums Vintage
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"1DF1F719-D43A-46E8-950F-65A8D96C678A.MBT_is1" = Motorola Bluetooth
"AVG" = AVG 2014
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile JPN Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - 日本語
"Microsoft Mouse and Keyboard Center" = Microsoft マウス キーボード センター
"RolandRDID0102" = A-PRO Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{019EF473-6D0A-415C-9A2E-1AF5F66AC60F}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{10AB1F40-BDEC-4A8D-B427-30F9429378B0}" = Windows Live Movie Maker
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15D95497-8F76-41E5-8894-EDDB59E39BD9}" = Windows Live メール
"{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3017
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{271FF417-77AA-4F59-96E3-25F5D1D7D74F}" = A-PRO EDITOR
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36625871-9D4B-4046-A837-677974F51CAC}_is1" = DJ Intro version 1.1.1
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{42DE9F0E-4BC9-414B-8520-F07587B3F16F}" = 한컴오피스 2014 체험판
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype 6.11
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{675D8E1E-2388-4718-902C-E5FC4888AC0E}" = Windows Live Essentials
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C3F8916-D6A5-4A31-9DA8-80C973CE437F}" = Windows Live Writer
"{7134EF35-DA07-41F8-A71F-66709E194BB5}" = Windows Live Mesh
"{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = LG CyberLink MediaShow
"{82F99DC9-389A-4528-940C-88248731A620}" = THX TruStudio Pro
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{88A686A9-D687-4295-B633-50D8A4B88371}" = Windows Live Writer Resources
"{8A66A2C8-0032-4949-8D99-C293A3EACF79}" = Windows Live Photo Common
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D59BE38-3A4F-4525-AD0D-8980E9E31EFA}" = Windows Live フォト ギャラリー
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CE59D07-D8A0-4FF7-938D-EA98F51B8B55}" = Ableton Live 8
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A6AC699F-8315-40CA-8F70-E917494978AB}" = VirtualDJ Home FREE
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1041-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Japanese
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAF0CA91-4642-46C8-9BCD-C93B61508701}" = リモート接続用の Windows Live Mesh ActiveX コントロール (日本語)
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF45002F-2205-4116-BB51-2D015F436CAC}" = Steinberg HALion Sonic SE Content for Cubase LE AI Elements
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater
"{DBF4BC99-53F1-4C97-84C3-7557D103E182}" = Steinberg Groove Agent ONE Vintage Beatboxes
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = LG CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = LG CyberLink MediaEspresso
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE408577-9C0E-4E5F-BCB2-DB5B3A220958}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anki" = Anki
"AVG Secure Search" = AVG Security Toolbar
"Celestia_is1" = Celestia 1.6.1
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2013-03-02
"eLicenser Control" = eLicenser Control
"FileParade Bundle" = FileParade Bundle
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}" = Hotkey 3.3017
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG CyberLink Media Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = LG CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = LG CyberLink PowerProducer
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = LG CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = LG CyberLink MediaEspresso
"InternetUpdater" = Internet Updater
"JWord プラグイン" = JWord プラグイン
"Live 8.2.1" = Live 8.2.1
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = マカフィー セキュリティセンター
"Native Instruments Abbey Road 60s Drums Vintage" = Native Instruments Abbey Road 60s Drums Vintage
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5
"Native Instruments Guitar Rig Elements for Maschine" = Native Instruments Guitar Rig Elements for Maschine
"Native Instruments Komplete Audio 6" = Native Instruments Komplete Audio 6
"Native Instruments Komplete Audio 6 Driver" = Native Instruments Komplete Audio 6 Driver
"Native Instruments Komplete Elements Mk2" = Native Instruments Komplete Elements Mk2
"Native Instruments Kontakt 5" = Native Instruments Kontakt 5
"Native Instruments Kontakt Elements Selection R2" = Native Instruments Kontakt Elements Selection R2
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Reaktor Elements Selection" = Native Instruments Reaktor Elements Selection
"Native Instruments Reaktor Spark R2" = Native Instruments Reaktor Spark R2
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"Native Instruments Traktor Audio 6" = Native Instruments Traktor Audio 6
"Native Instruments Traktor Audio 6 Driver" = Native Instruments Traktor Audio 6 Driver
"NexGen Media Player" = NexGen Media Player - a modern video player
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"RaiderZ" = RaiderZ
"SearchProtect" = Search Protect
"SONARX1LE_is1" = SONAR X1 LE
"Steam" = Steam
"Steam App 1250" = Killing Floor
"Steam App 204300" = Awesomenauts
"Steam App 205790" = Dota 2 Test
"Steam App 210770" = Sanctum 2
"Steam App 211740" = Thief 2
"Steam App 218330" = Smashmuck Champions
"Steam App 41500" = Torchlight
"Steam App 42910" = Magicka
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"Steam App 570" = Dota 2
"VLC media player" = VLC media player 2.0.5
"Websteroids" = Websteroids
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HappyCloud" = Happy Cloud Client
"teraenmasse" = TERA

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013/11/12 9:46:57 | Computer Name = DUNE | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = ?????? ??????????????????????????????????????????????????????????????

Error - 2013/11/12 9:46:57 | Computer Name = DUNE | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = ????????????????????????????????????????????????????????????????

Error - 2013/11/12 9:59:50 | Computer Name = DUNE | Source = WinMgmt | ID = 10
Description =

Error - 2013/11/12 10:10:33 | Computer Name = DUNE | Source = SideBySide | ID = 16842785
Description = "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\PS.exe.Manifest"
???????????????????????? ??????? Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
???????????? ?????????? sxstrace.exe ??????????

Error - 2013/11/12 10:10:33 | Computer Name = DUNE | Source = SideBySide | ID = 16842785
Description = "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\PS.exe.Manifest"
???????????????????????? ??????? Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
???????????? ?????????? sxstrace.exe ??????????

Error - 2013/11/17 13:51:50 | Computer Name = DUNE | Source = WinMgmt | ID = 10
Description =

Error - 2013/11/18 0:43:49 | Computer Name = DUNE | Source = WinMgmt | ID = 10
Description =

Error - 2013/11/18 1:28:51 | Computer Name = DUNE | Source = SideBySide | ID = 16842785
Description = "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\PS.exe.Manifest"
???????????????????????? ??????? Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
???????????? ?????????? sxstrace.exe ??????????

Error - 2013/11/18 1:28:51 | Computer Name = DUNE | Source = SideBySide | ID = 16842785
Description = "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\PS.exe.Manifest"
???????????????????????? ??????? Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
???????????? ?????????? sxstrace.exe ??????????

Error - 2013/11/19 19:42:31 | Computer Name = DUNE | Source = WinMgmt | ID = 10
Description =

Error - 2013/11/19 20:06:05 | Computer Name = DUNE | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 2013/10/18 2:20:19 | Computer Name = DUNE | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 2013/10/18 14:55:43 | Computer Name = DUNE | Source = DCOM | ID = 10010
Description =

Error - 2013/10/21 9:38:53 | Computer Name = DUNE | Source = Service Control Manager | ID = 7034
Description = McAfee SiteAdvisor Service ????????????????????????????????? 1 ?????

Error - 2013/10/21 9:38:53 | Computer Name = DUNE | Source = Service Control Manager | ID = 7031
Description = McAfee Personal Firewall Service ??????????????????????????????? 1
???????????? 60000 ????????????: ????????

Error - 2013/10/21 9:38:53 | Computer Name = DUNE | Source = Service Control Manager | ID = 7031
Description = McAfee Services ??????????????????????????????? 1 ???????????? 60000
????????????: ????????

Error - 2013/10/21 9:38:53 | Computer Name = DUNE | Source = Service Control Manager | ID = 7031
Description = McAfee VirusScan Announcer ??????????????????????????????? 1 ????????????
60000 ????????????: ????????

Error - 2013/10/21 9:38:53 | Computer Name = DUNE | Source = Service Control Manager | ID = 7031
Description = McAfee Network Agent ??????????????????????????????? 1 ????????????
60000 ????????????: ????????

Error - 2013/10/21 9:38:53 | Computer Name = DUNE | Source = Service Control Manager | ID = 7031
Description = McAfee Proxy Service ??????????????????????????????? 1 ????????????
60000 ????????????: ????????

Error - 2013/10/21 9:38:53 | Computer Name = DUNE | Source = Service Control Manager | ID = 7031
Description = McAfee Anti-Spam Service ??????????????????????????????? 1 ????????????
60000 ????????????: ????????

Error - 2013/10/23 1:22:07 | Computer Name = DUNE | Source = volsnap | ID = 393252
Description = ???????????????????? ???????????????????????? C: ????? ???????????


< End of report >

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

new OTL file



OTL logfile created on: 2014/01/01 22:14:47 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gordon Eastwood\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.92 Gb Total Physical Memory | 5.24 Gb Available Physical Memory | 66.19% Memory free
15.83 Gb Paging File | 12.92 Gb Available in Paging File | 81.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 276.79 Gb Free Space | 59.44% Space Free | Partition Type: NTFS

Computer Name: DUNE | User Name: Gordon Eastwood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/31 19:52:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gordon Eastwood\Downloads\OTL.exe
PRC - [2013/12/15 12:20:31 | 002,471,448 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/12/15 12:20:31 | 001,771,544 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
PRC - [2013/12/15 12:20:30 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
PRC - [2013/12/12 00:36:12 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/11 11:40:36 | 001,823,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/12/11 11:40:36 | 000,569,768 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/12/11 10:57:29 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/11/19 19:38:32 | 000,481,656 | ---- | M] (Updater) -- C:\ProgramData\Updater\updater.exe
PRC - [2013/11/19 19:38:32 | 000,426,872 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
PRC - [2013/11/19 19:38:32 | 000,426,872 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
PRC - [2013/11/19 19:38:32 | 000,426,872 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/12 17:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/12 17:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/09/27 16:37:54 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011/04/07 20:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/29 22:01:08 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/02/07 18:25:58 | 000,146,520 | ---- | M] (JWord Inc.) -- C:\Program Files (x86)\JWord\Plugin2\jwdsrch.exe
PRC - [2010/11/30 02:31:04 | 001,367,816 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2010/11/28 20:57:26 | 002,766,336 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
PRC - [2010/11/18 02:59:16 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
PRC - [2010/11/16 20:21:56 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/11/16 20:21:54 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/16 16:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/05 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 06:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/31 20:25:36 | 001,374,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2009/11/01 21:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/15 12:20:31 | 002,471,448 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/12/15 12:20:31 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll
MOD - [2013/12/12 00:36:11 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/12/11 11:40:38 | 001,135,016 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/12/11 10:57:29 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/11/06 13:48:12 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/11/06 13:48:10 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/10/10 20:27:49 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/10 20:27:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 20:27:29 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/10 20:27:20 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 20:27:15 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/11 11:07:21 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/09/11 10:59:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/17 21:28:33 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/17 21:28:32 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2b87cb064e64ff40778ca12322abb710\IAStorUtil.ni.dll
MOD - [2013/08/15 18:39:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll
MOD - [2013/08/15 18:38:22 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 18:38:05 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 18:37:54 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/21 14:48:15 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/07/12 11:08:57 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\14dd60b57c8e7542cc9711866ef63e8a\IAStorCommon.ni.dll
MOD - [2013/07/12 01:55:18 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/14 15:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 15:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 15:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/08/09 23:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/05/05 23:12:50 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011/04/11 23:49:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_ja_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/11/28 20:57:26 | 002,766,336 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
MOD - [2010/11/20 19:23:48 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/12 15:18:15 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ja_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/01 00:34:32 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\ja-JP\THXAudio.resources.dll
MOD - [2009/11/01 21:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/01 21:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/05 21:50:32 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Audiodll.dll
MOD - [2006/12/10 09:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey\AudioControlDLL.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/05/21 22:34:30 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/12/16 01:37:38 | 005,827,072 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2010/11/30 02:31:12 | 000,679,176 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2010/11/30 02:31:10 | 004,150,864 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2010/11/30 02:31:08 | 001,188,616 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2010/09/22 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/15 12:20:31 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
SRV - [2013/12/12 00:36:11 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 11:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/11 10:57:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/04 17:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/27 15:40:00 | 004,204,272 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012/03/05 23:49:35 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/19 16:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/04/07 20:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/11/18 02:59:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2010/11/16 20:21:56 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/11/16 20:21:54 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/05 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/12 09:00:12 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/31 23:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/28 04:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/06/26 04:38:44 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/06/26 04:38:44 | 000,023,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 02:15:06 | 000,358,480 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ka6avs.sys -- (ka6avs)
DRV:64bit: - [2012/02/22 02:15:06 | 000,082,000 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ka6usb.sys -- (ka6usb_svc)
DRV:64bit: - [2012/02/06 08:36:25 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/06 08:36:25 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/02 14:06:04 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2011/12/02 14:06:00 | 000,565,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2011/09/23 01:59:08 | 000,290,600 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2011/06/26 01:55:48 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/22 18:26:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/04/07 20:14:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/02/09 21:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/09 21:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/13 21:24:56 | 000,132,624 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2011/01/11 14:43:16 | 001,103,464 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/30 02:31:52 | 000,484,224 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2010/11/30 02:31:50 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/05 06:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/18 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 08:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/02/10 10:32:00 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/18 10:39:17 | 000,081,920 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1102.sys -- (RDID1102)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/10/25 23:33:32 | 000,013,696 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\habu.sys -- (HabuFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=MOCJ&bmod=MOCJ
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg....fr&d=2012-08-11 13:09:00&v=12.2.0.5&sap=hp
IE - HKCU\..\URLSearchHook: {2ACECADE-0BC7-4C6F-95CF-A221CC161B52} - C:\Program Files (x86)\JWord\Plugin2\jwdsrch.dll (JWord Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{4B95F9F3-08E8-420B-AA4F-617D52A8B6F0}: "URL" = http://search.jword....e={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-09-28 16:42:02&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{F90D299B-3DF8-48D8-A10F-309F950D07A1}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "安全検索"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7BEE223D7A-F30F-11DD-8F0A-D2AD55D89593%7D:1.1.3
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38 [2013/12/15 12:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/25 04:07:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/28 05:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Extensions
[2014/01/01 21:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\extensions
[2012/10/28 16:25:49 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\extensions\[email protected]
[2013/07/10 06:59:19 | 000,075,008 | ---- | M] () (No name found) -- C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
[2013/02/23 18:34:43 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2013/05/25 04:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/12 00:36:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/12 00:24:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013/12/12 00:24:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/05 01:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2013/05/20 20:13:09 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/04/05 09:25:23 | 000,002,065 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:64bit: - BHO: (JWord プラグイン 拡張ヘルパー) - {624EBD88-DF97-4810-A282-26286B8BF95F} - C:\Program Files (x86)\JWord\Plugin2\jwdpm_64.dll (JWord Inc.)
O2:64bit: - BHO: (JWord 検索バーヘルパー) - {70879F23-6ED6-4461-BA7B-BC9F383FA84F} - C:\Program Files (x86)\JWord\Plugin2\Components\JwdExpBar\JwdExpBar_64.dll (JWord)
O2:64bit: - BHO: (JWord スピードダイアル ヘルパー) - {866816C6-95BB-4FDB-8485-6FF360152987} - C:\Program Files (x86)\JWord\Common\SpeedDial\SpeedDial_64.dll (JWord Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (JWord プラグイン 拡張ヘルパー) - {624EBD88-DF97-4810-A282-26286B8BF95F} - C:\Program Files (x86)\JWord\Plugin2\jwdpm.dll (JWord Inc.)
O2 - BHO: (JWord 検索バーヘルパー) - {70879F23-6ED6-4461-BA7B-BC9F383FA84F} - C:\Program Files (x86)\JWord\Plugin2\Components\JwdExpBar\JwdExpBar.dll (JWord)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (JWord スピードダイアル ヘルパー) - {866816C6-95BB-4FDB-8485-6FF360152987} - C:\Program Files (x86)\JWord\Common\SpeedDial\SpeedDial.dll (JWord Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [jwdsrch] C:\Program Files (x86)\JWord\Plugin2\jwdsrch_64.exe (JWord Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HncUpdate90] C:\Program Files (x86)\Hnc\HncUtils\Update\HncCheck.exe (한글과컴퓨터)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [jwdsrch] C:\Program Files (x86)\JWord\Plugin2\jwdsrch.exe (JWord Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Gordon Eastwood\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - Startup: C:\Users\Gordon Eastwood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google サイドウィキ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: JWord でサイト検索 - C:\Program Files (x86)\JWord\Plugin2\jwdsrch.dll (JWord Inc.)
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: JWord でサイト検索 - C:\Program Files (x86)\JWord\Plugin2\jwdsrch.dll (JWord Inc.)
O9:64bit: - Extra Button: JWord プラグイン - {34D67ED2-C837-4627-838C-2264E347D291} - http://www.jword.jp/...iebutton&pver=2 File not found
O9:64bit: - Extra 'Tools' menuitem : JWord プラグインについて - {34D67ED2-C837-4627-838C-2264E347D291} - http://www.jword.jp/...iebutton&pver=2 File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9:64bit: - Extra 'Tools' menuitem : JWord 検索バー - {978DB49B-35F4-411D-B7D2-88858A359B66} - C:\Program Files (x86)\JWord\Plugin2\Components\JwdExpBar\JwdExpBar_64.dll (JWord)
O9:64bit: - Extra 'Tools' menuitem : JWord プラグインの設定... - {B8FA14E5-8AE7-452C-AA3B-23C32388CDA0} - C:\Program Files (x86)\JWord\Plugin2\JwdPH_64.dll (JWord Inc.)
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: JWord プラグイン - {34D67ED2-C837-4627-838C-2264E347D291} - http://www.jword.jp/...iebutton&pver=2 File not found
O9 - Extra 'Tools' menuitem : JWord プラグインについて - {34D67ED2-C837-4627-838C-2264E347D291} - http://www.jword.jp/...iebutton&pver=2 File not found
O9 - Extra 'Tools' menuitem : JWord 検索バー - {978DB49B-35F4-411D-B7D2-88858A359B66} - C:\Program Files (x86)\JWord\Plugin2\Components\JwdExpBar\JwdExpBar.dll (JWord)
O9 - Extra 'Tools' menuitem : JWord プラグインの設定... - {B8FA14E5-8AE7-452C-AA3B-23C32388CDA0} - C:\Program Files (x86)\JWord\Plugin2\JwdPH.dll (JWord Inc.)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F3FFE02-7CE2-4041-8C37-E74C35618141}: DhcpNameServer = 64.59.160.13 64.59.161.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5494D7F-E3D8-4129-97A4-3901CA643B30}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ea4e84a4-71ee-11e3-9491-0090f5cd4f36}\Shell - "" = AutoRun
O33 - MountPoints2\{ea4e84a4-71ee-11e3-9491-0090f5cd4f36}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (/sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/01 21:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids
[2014/01/01 12:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2013/12/26 12:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/12/16 14:34:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect
[2013/12/15 00:41:53 | 000,000,000 | ---D | C] -- C:\Users\Gordon Eastwood\AppData\Roaming\raidcall
[2013/12/15 00:41:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RaidCall
[2013/12/15 00:41:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/12/15 00:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2013/12/15 00:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers
[2013/12/15 00:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller
[2013/12/09 09:56:48 | 000,000,000 | ---D | C] -- C:\Users\Gordon Eastwood\Documents\A School Folder
[2013/12/09 09:54:45 | 000,000,000 | ---D | C] -- C:\Users\Gordon Eastwood\Documents\A Work Folder
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/01 22:13:41 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/01 22:13:41 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/01 22:07:24 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/01/01 22:07:24 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2014/01/01 22:06:19 | 000,371,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/01 22:06:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/01 22:05:59 | 2079,985,663 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/01 21:57:06 | 001,220,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/01 21:57:06 | 000,623,210 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/01 21:57:06 | 000,395,720 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2014/01/01 21:57:06 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2014/01/01 21:57:06 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/01 21:57:04 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/01 21:06:01 | 000,000,770 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-40234007-3895719673-171111129-1002UA.job
[2014/01/01 18:06:00 | 000,000,748 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-40234007-3895719673-171111129-1002Core.job
[2013/12/26 19:32:20 | 000,000,221 | ---- | M] () -- C:\Users\Gordon Eastwood\Desktop\Magicka.url
[2013/12/26 12:35:42 | 000,000,222 | ---- | M] () -- C:\Users\Gordon Eastwood\Desktop\Sanctum 2.url
[2013/12/15 12:21:09 | 000,003,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/12/12 17:26:48 | 000,007,033 | ---- | M] () -- C:\Users\Gordon Eastwood\Desktop\pokemanz.rtf
[2013/12/10 00:20:20 | 775,305,198 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/04 23:13:07 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/26 19:32:20 | 000,000,221 | ---- | C] () -- C:\Users\Gordon Eastwood\Desktop\Magicka.url
[2013/12/26 12:35:42 | 000,000,222 | ---- | C] () -- C:\Users\Gordon Eastwood\Desktop\Sanctum 2.url
[2013/10/23 19:46:04 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\WinHDB90b.ini
[2013/06/26 18:09:34 | 000,003,728 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2012/06/29 10:47:51 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2012/06/29 10:43:32 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2012/06/29 10:43:30 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2012/03/06 01:07:21 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/06 01:07:16 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/06 01:07:12 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/06 01:07:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/06 01:07:05 | 013,899,776 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/03/05 23:49:52 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012/03/05 23:49:52 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012/03/05 23:49:52 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012/03/05 23:49:48 | 000,185,856 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/03/05 23:49:48 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/13 02:36:45 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\.mono
[2012/10/05 22:53:13 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\Ableton
[2013/10/15 06:45:09 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\AVG2014
[2012/06/29 10:34:19 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\Cakewalk
[2013/10/23 19:50:28 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\HNC
[2012/07/10 04:16:12 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\LolClient
[2013/01/18 01:40:45 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\OpenOffice.org
[2013/12/15 00:41:53 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\raidcall
[2012/07/26 00:40:34 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\runic games
[2012/06/29 11:17:45 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\Steinberg
[2013/08/15 11:47:51 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\TERA
[2012/09/27 23:42:13 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/11/17 20:49:25 | 000,001,828 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\????? ??????????.lnk) -- C:\Users\Gordon Eastwood\Documents\マカフィー セキュリティセンター.lnk
[2013/11/17 09:56:45 | 000,001,828 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\????? ??????????.lnk) -- C:\Users\Gordon Eastwood\Documents\マカフィー セキュリティセンター.lnk
[2013/10/23 22:27:29 | 000,016,663 | ---- | M] ()(C:\Users\Gordon Eastwood\Desktop\?????.odt) -- C:\Users\Gordon Eastwood\Desktop\유학계획서.odt
[2013/10/23 19:48:52 | 000,001,162 | ---- | M] ()(C:\Users\Public\Desktop\????? ?? 2014.lnk) -- C:\Users\Public\Desktop\한컴오피스 한글 2014.lnk
[2013/10/23 19:48:52 | 000,001,162 | ---- | C] ()(C:\Users\Public\Desktop\????? ?? 2014.lnk) -- C:\Users\Public\Desktop\한컴오피스 한글 2014.lnk
[2013/10/21 01:21:17 | 000,016,663 | ---- | C] ()(C:\Users\Gordon Eastwood\Desktop\?????.odt) -- C:\Users\Gordon Eastwood\Desktop\유학계획서.odt
[2013/02/21 03:36:10 | 000,001,828 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\????? ?????????????.lnk) -- C:\Users\Gordon Eastwood\Documents\マカフィー インターネットセキュリティ.lnk
[2013/02/21 03:36:10 | 000,001,828 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\????? ?????????????.lnk) -- C:\Users\Gordon Eastwood\Documents\マカフィー インターネットセキュリティ.lnk
[2013/01/28 03:38:30 | 000,248,320 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\?????.doc) -- C:\Users\Gordon Eastwood\Documents\卒論★完成.doc
[2013/01/28 03:38:22 | 000,033,280 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\????.doc) -- C:\Users\Gordon Eastwood\Documents\卒論表紙.doc
[2012/06/28 05:03:46 | 000,000,000 | ---D | M](C:\Users\Gordon Eastwood\Documents\????????) -- C:\Users\Gordon Eastwood\Documents\受信したファイル
[2012/06/28 05:03:46 | 000,000,000 | ---D | C](C:\Users\Gordon Eastwood\Documents\????????) -- C:\Users\Gordon Eastwood\Documents\受信したファイル
[2012/06/28 05:02:26 | 000,000,000 | -HSD | M](C:\Users\Gordon Eastwood\???? ????) -- C:\Users\Gordon Eastwood\スタート メニュー
[2012/06/28 05:02:26 | 000,000,000 | -HSD | M](C:\Users\Gordon Eastwood\???? ????) -- C:\Users\Gordon Eastwood\スタート メニュー
[2012/06/28 05:00:36 | 000,000,000 | -HSD | M](C:\ProgramData\??????) -- C:\ProgramData\デスクトップ
[2012/06/28 05:00:36 | 000,000,000 | -HSD | M](C:\ProgramData\???? ????) -- C:\ProgramData\スタート メニュー
[2012/06/28 05:00:36 | 000,000,000 | -HSD | M](C:\ProgramData\??????) -- C:\ProgramData\デスクトップ
[2012/06/28 05:00:36 | 000,000,000 | -HSD | M](C:\ProgramData\???? ????) -- C:\ProgramData\スタート メニュー
[2012/03/06 00:59:08 | 000,000,570 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\?????????.lnk) -- C:\Users\Gordon Eastwood\Documents\サポートマニュアル.lnk
[2012/03/06 00:29:18 | 000,000,561 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\?????????? ??????.lnk) -- C:\Users\Gordon Eastwood\Documents\サプリメントディスク バックアップ.lnk
[2012/03/06 00:29:18 | 000,000,561 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\?????????? ??????.lnk) -- C:\Users\Gordon Eastwood\Documents\サプリメントディスク バックアップ.lnk
[2012/03/06 00:17:26 | 000,000,570 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\?????????.lnk) -- C:\Users\Gordon Eastwood\Documents\サポートマニュアル.lnk
[2012/03/05 23:50:05 | 000,002,220 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\?????????.lnk) -- C:\Users\Gordon Eastwood\Documents\アクティベーション.lnk
[2012/03/05 23:50:05 | 000,002,220 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\?????????.lnk) -- C:\Users\Gordon Eastwood\Documents\アクティベーション.lnk
[2012/02/06 08:37:50 | 000,002,439 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\????!PC???.lnk) -- C:\Users\Gordon Eastwood\Documents\楽しもう!PCライフ.lnk
[2011/12/13 20:31:48 | 000,248,320 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\?????.doc) -- C:\Users\Gordon Eastwood\Documents\卒論★完成.doc
[2011/12/13 20:03:30 | 000,033,280 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\????.doc) -- C:\Users\Gordon Eastwood\Documents\卒論表紙.doc
[2008/12/10 23:19:14 | 000,002,439 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\????!PC???.lnk) -- C:\Users\Gordon Eastwood\Documents\楽しもう!PCライフ.lnk
(C:\Users\Gordon Eastwood\???? ????) -- C:\Users\Gordon Eastwood\スタート メニュー
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft ??? ????? ????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft マウス キーボード センター
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JWord ?????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JWord プラグイン
(C:\ProgramData\??????) -- C:\ProgramData\デスクトップ
(C:\ProgramData\???? ????) -- C:\ProgramData\スタート メニュー

< End of report >
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the log and the update. There are a few more programs that we need to uninstall. Since the Extras.txt log was from before you uninstalled programs some of these may have already been uninstalled.

Did you download the MyPC Backup program and do you use it? If not, please uninstall it along with the others.

Do you know what this program is "MSC" = マカフィー セキュリティセンター?


Step-1.

Program uninstalls

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

McAfee Security Scan Plus
Internet Updater
JWord プラグイン
Search Protect


3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

IF you uninstalled MYPC Backup then delete the following folder:
C:\Program Files (x86)\MyPC Backup

2. Close Windows Explorer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2013/11/19 19:38:32 | 000,481,656 | ---- | M] (Updater) -- C:\ProgramData\Updater\updater.exe
PRC - [2013/11/19 19:38:32 | 000,426,872 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
PRC - [2013/11/19 19:38:32 | 000,426,872 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
PRC - [2013/11/19 19:38:32 | 000,426,872 | ---- | M] (WatchDog) -- C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
PRC - [2011/02/07 18:25:58 | 000,146,520 | ---- | M] (JWord Inc.) -- C:\Program Files (x86)\JWord\Plugin2\jwdsrch.exe
IE - HKCU\..\URLSearchHook: {2ACECADE-0BC7-4C6F-95CF-A221CC161B52} - C:\Program Files (x86)\JWord\Plugin2\jwdsrch.dll (JWord Inc.)
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...rchTerms}&SSPV=
IE - HKCU\..\SearchScopes\{4B95F9F3-08E8-420B-AA4F-617D52A8B6F0}: "URL" = http://search.jword....e={searchTerms}
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
FF - prefs.js..extensions.enabledAddons: support%40websteroidsapp.com:2.6.4967062
[2010/01/05 01:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2013/04/05 09:25:23 | 000,002,065 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (JWord プラグイン 拡張ヘルパー) - {624EBD88-DF97-4810-A282-26286B8BF95F} - C:\Program Files (x86)\JWord\Plugin2\jwdpm_64.dll (JWord Inc.)
O2:64bit: - BHO: (JWord 検索バーヘルパー) - {70879F23-6ED6-4461-BA7B-BC9F383FA84F} - C:\Program Files (x86)\JWord\Plugin2\Components\JwdExpBar\JwdExpBar_64.dll (JWord)
O2:64bit: - BHO: (JWord スピードダイアル ヘルパー) - {866816C6-95BB-4FDB-8485-6FF360152987} - C:\Program Files (x86)\JWord\Common\SpeedDial\SpeedDial_64.dll (JWord Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (JWord プラグイン 拡張ヘルパー) - {624EBD88-DF97-4810-A282-26286B8BF95F} - C:\Program Files (x86)\JWord\Plugin2\jwdpm.dll (JWord Inc.)
O2 - BHO: (JWord 検索バーヘルパー) - {70879F23-6ED6-4461-BA7B-BC9F383FA84F} - C:\Program Files (x86)\JWord\Plugin2\Components\JwdExpBar\JwdExpBar.dll (JWord)
O2 - BHO: (JWord スピードダイアル ヘルパー) - {866816C6-95BB-4FDB-8485-6FF360152987} - C:\Program Files (x86)\JWord\Common\SpeedDial\SpeedDial.dll (JWord Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [jwdsrch] C:\Program Files (x86)\JWord\Plugin2\jwdsrch_64.exe (JWord Inc.)
O4 - HKLM..\Run: [jwdsrch] C:\Program Files (x86)\JWord\Plugin2\jwdsrch.exe (JWord Inc.)
O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKCU..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O8:64bit: - Extra context menu item: JWord でサイト検索 - C:\Program Files (x86)\JWord\Plugin2\jwdsrch.dll (JWord Inc.)
O8 - Extra context menu item: JWord でサイト検索 - C:\Program Files (x86)\JWord\Plugin2\jwdsrch.dll (JWord Inc.)
O9:64bit: - Extra Button: JWord プラグイン - {34D67ED2-C837-4627-838C-2264E347D291} - http://www.jword.jp/...iebutton&pver=2 File not found
O9:64bit: - Extra 'Tools' menuitem : JWord プラグインについて - {34D67ED2-C837-4627-838C-2264E347D291} - http://www.jword.jp/...iebutton&pver=2 File not found
O9:64bit: - Extra 'Tools' menuitem : JWord 検索バー - {978DB49B-35F4-411D-B7D2-88858A359B66} - C:\Program Files (x86)\JWord\Plugin2\Components\JwdExpBar\JwdExpBar_64.dll (JWord)
O9:64bit: - Extra 'Tools' menuitem : JWord プラグインの設定... - {B8FA14E5-8AE7-452C-AA3B-23C32388CDA0} - C:\Program Files (x86)\JWord\Plugin2\JwdPH_64.dll (JWord Inc.)
O9 - Extra Button: JWord プラグイン - {34D67ED2-C837-4627-838C-2264E347D291} - http://www.jword.jp/...iebutton&pver=2 File not found
O9 - Extra 'Tools' menuitem : JWord プラグインについて - {34D67ED2-C837-4627-838C-2264E347D291} - http://www.jword.jp/...iebutton&pver=2 File not found
O9 - Extra 'Tools' menuitem : JWord 検索バー - {978DB49B-35F4-411D-B7D2-88858A359B66} - C:\Program Files (x86)\JWord\Plugin2\Components\JwdExpBar\JwdExpBar.dll (JWord)
O9 - Extra 'Tools' menuitem : JWord プラグインの設定... - {B8FA14E5-8AE7-452C-AA3B-23C32388CDA0} - C:\Program Files (x86)\JWord\Plugin2\JwdPH.dll (JWord Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O33 - MountPoints2\{ea4e84a4-71ee-11e3-9491-0090f5cd4f36}\Shell - "" = AutoRun
O33 - MountPoints2\{ea4e84a4-71ee-11e3-9491-0090f5cd4f36}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
[2014/01/01 21:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids
[2013/12/16 14:34:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect
[2013/12/15 00:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2013/12/15 00:41:09 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers
[2013/12/15 00:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids
[2013/12/15 00:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\sweetpacks bundle uninstaller
[2012/06/28 05:02:26 | 000,000,000 | -HSD | M](C:\Users\Gordon Eastwood\???? ????) -- C:\Users\Gordon Eastwood\スタート メニュー
[2012/06/28 05:02:26 | 000,000,000 | -HSD | M](C:\Users\Gordon Eastwood\???? ????) -- C:\Users\Gordon Eastwood\スタート メニュー
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JWord ?????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JWord プラグイン
(C:\ProgramData\??????) -- C:\ProgramData\デスクトップ
(C:\ProgramData\???? ????) -- C:\ProgramData\スタート メニュー
(C:\Users\Gordon Eastwood\???? ????) -- C:\Users\Gordon Eastwood\スタート メニュー

:FILES
C:\Program Files (x86)\JWord
C:\Program Files\mcafee
C:\Program Files (x86)\SearchProtect
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-3.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.
Or the Authors French site here.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-4.

Virustotal File Upload:

To use Virustotal go Here
Posted Image
  • Click the Choose File button in the middle of the screen. This will open a File Upload window.
  • On the File Upload window, in the File name box, type, or copy and paste the following and click Open:
    NOTE.. Only one file per scan

    C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
    C:\Program Files (x86)\Hnc\HncUtils\Update\HncCheck.exe
    .
  • This will put the file in the box on the Virustotal page.
  • Click the Scan it! button.
  • IF you get a message that the file has already been analyzed click the Reanalyze button and the file will be scanned.
  • Please be patient while the file is scanned. It may take several minutes.
  • Once the scan results appear, please copy and paste the Virustotal link(s) (URL) in your next reply
  • Repeat 1 thru 7 for each file listed.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the uninstalls went
2. The VirusTotal URL links
3. The OTL fixes log
4. The new OTL.txt log
5. The AdwCleaner[So].txt log
  • 0

#5
BLACKR0B0T

BLACKR0B0T

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Uninstalls went smoothly but, McAfee Security Scan Plus, Internet Updater, Search Protect were nowhere to be found. jword was removed without a hitch.

url to virustotal for happy cloud
https://www.virustot...sis/1388725278/

url to virustotal for hncutils
https://www.virustot...sis/1388725513/

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named updater.exe was found!
No active process named IeHelper.exe was found!
No active process named FirefoxHelper.exe was found!
No active process named ChromeHelper.exe was found!
No active process named jwdsrch.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{2ACECADE-0BC7-4C6F-95CF-A221CC161B52} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ACECADE-0BC7-4C6F-95CF-A221CC161B52}\ not found.
File C:\Program Files (x86)\JWord\Plugin2\jwdsrch.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B95F9F3-08E8-420B-AA4F-617D52A8B6F0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B95F9F3-08E8-420B-AA4F-617D52A8B6F0}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: support%40websteroidsapp.com:2.6.4967062 removed from extensions.enabledAddons
C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{624EBD88-DF97-4810-A282-26286B8BF95F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{624EBD88-DF97-4810-A282-26286B8BF95F}\ not found.
File C:\Program Files (x86)\JWord\Plugin2\jwdpm_64.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70879F23-6ED6-4461-BA7B-BC9F383FA84F}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70879F23-6ED6-4461-BA7B-BC9F383FA84F}\ not found.
File C:\Program Files (x86)\JWord\Plugin2\Components\JwdExpBar\JwdExpBar_64.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{866816C6-95BB-4FDB-8485-6FF360152987}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{866816C6-95BB-4FDB-8485-6FF360152987}\ not found.
File C:\Program Files (x86)\JWord\Common\SpeedDial\SpeedDial_64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{624EBD88-DF97-4810-A282-26286B8BF95F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{624EBD88-DF97-4810-A282-26286B8BF95F}\ not found.
File C:\Program Files (x86)\JWord\Plugin2\jwdpm.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70879F23-6ED6-4461-BA7B-BC9F383FA84F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70879F23-6ED6-4461-BA7B-BC9F383FA84F}\ not found.
File C:\Program Files (x86)\JWord\Plugin2\Components\JwdExpBar\JwdExpBar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{866816C6-95BB-4FDB-8485-6FF360152987}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{866816C6-95BB-4FDB-8485-6FF360152987}\ not found.
File C:\Program Files (x86)\JWord\Common\SpeedDial\SpeedDial.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jwdsrch not found.
File C:\Program Files (x86)\JWord\Plugin2\jwdsrch_64.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jwdsrch not found.
File C:\Program Files (x86)\JWord\Plugin2\jwdsrch.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Updater deleted successfully.
C:\ProgramData\Updater\updater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Updater deleted successfully.
File C:\ProgramData\Updater\updater.exe not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\JWord でサイト検索\ not found.
File C:\Program Files (x86)\JWord\Plugin2\jwdsrch.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\JWord でサイト検索\ not found.
File C:\Program Files (x86)\JWord\Plugin2\jwdsrch.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{34D67ED2-C837-4627-838C-2264E347D291}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34D67ED2-C837-4627-838C-2264E347D291}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{34D67ED2-C837-4627-838C-2264E347D291}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34D67ED2-C837-4627-838C-2264E347D291}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{978DB49B-35F4-411D-B7D2-88858A359B66}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{978DB49B-35F4-411D-B7D2-88858A359B66}\ not found.
File C:\Program Files (x86)\JWord\Plugin2\Components\JwdExpBar\JwdExpBar_64.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B8FA14E5-8AE7-452C-AA3B-23C32388CDA0}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8FA14E5-8AE7-452C-AA3B-23C32388CDA0}\ not found.
File C:\Program Files (x86)\JWord\Plugin2\JwdPH_64.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{34D67ED2-C837-4627-838C-2264E347D291}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34D67ED2-C837-4627-838C-2264E347D291}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{34D67ED2-C837-4627-838C-2264E347D291}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34D67ED2-C837-4627-838C-2264E347D291}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{978DB49B-35F4-411D-B7D2-88858A359B66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{978DB49B-35F4-411D-B7D2-88858A359B66}\ not found.
File C:\Program Files (x86)\JWord\Plugin2\Components\JwdExpBar\JwdExpBar.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B8FA14E5-8AE7-452C-AA3B-23C32388CDA0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8FA14E5-8AE7-452C-AA3B-23C32388CDA0}\ not found.
File C:\Program Files (x86)\JWord\Plugin2\JwdPH.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.
File C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll deleted successfully.
File C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea4e84a4-71ee-11e3-9491-0090f5cd4f36}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea4e84a4-71ee-11e3-9491-0090f5cd4f36}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea4e84a4-71ee-11e3-9491-0090f5cd4f36}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ea4e84a4-71ee-11e3-9491-0090f5cd4f36}\ not found.
File E:\LGAutoRun.exe not found.
C:\ProgramData\Websteroids folder moved successfully.
C:\Windows\SysWow64\SearchProtect\Logs folder moved successfully.
C:\Windows\SysWow64\SearchProtect folder moved successfully.
C:\ProgramData\Updater folder moved successfully.
C:\ProgramData\RHelpers\IeHelper folder moved successfully.
C:\ProgramData\RHelpers\FirefoxHelper folder moved successfully.
C:\ProgramData\RHelpers\ChromeHelper folder moved successfully.
C:\ProgramData\RHelpers folder moved successfully.
Folder C:\ProgramData\Websteroids\ not found.
C:\Program Files (x86)\sweetpacks bundle uninstaller folder moved successfully.
C:\Users\Gordon Eastwood\スタート メニュー folder moved successfully.
Folder C:\Users\Gordon Eastwood\スタート メニュー\ not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\JWord not found.
File\Folder C:\Program Files\mcafee not found.
File\Folder C:\Program Files (x86)\SearchProtect not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Gordon Eastwood\Downloads\cmd.bat deleted successfully.
C:\Users\Gordon Eastwood\Downloads\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Gordon Eastwood\Downloads\cmd.bat deleted successfully.
C:\Users\Gordon Eastwood\Downloads\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state ON /c >
Ok.
C:\Users\Gordon Eastwood\Downloads\cmd.bat deleted successfully.
C:\Users\Gordon Eastwood\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gordon Eastwood
->Temp folder emptied: 1267303221 bytes
->Temporary Internet Files folder emptied: 254473560 bytes
->Java cache emptied: 36721 bytes
->FireFox cache emptied: 234542671 bytes
->Flash cache emptied: 155507 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 896378072 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42328361 bytes
RecycleBin emptied: 5464042937 bytes

Total Files Cleaned = 7,781.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01022014_203810

Files\Folders moved on Reboot...
C:\Users\Gordon Eastwood\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Gordon Eastwood\AppData\Local\Temp\nsc3A5F.tmp not found!
C:\Users\Gordon Eastwood\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



new text

OTL logfile created on: 2014/01/02 21:11:40 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gordon Eastwood\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd

7.92 Gb Total Physical Memory | 5.35 Gb Available Physical Memory | 67.62% Memory free
15.83 Gb Paging File | 13.06 Gb Available in Paging File | 82.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 276.92 Gb Free Space | 59.47% Space Free | Partition Type: NTFS

Computer Name: DUNE | User Name: Gordon Eastwood | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/31 19:52:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gordon Eastwood\Downloads\OTL.exe
PRC - [2013/12/15 12:20:31 | 002,471,448 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/12/15 12:20:31 | 001,771,544 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
PRC - [2013/12/15 12:20:30 | 000,159,768 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
PRC - [2013/12/12 00:36:12 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/11 11:40:36 | 001,823,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/12/11 11:40:36 | 000,569,768 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/12/11 10:57:29 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/12 17:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/12 17:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2011/09/27 16:37:54 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011/04/07 20:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/29 22:01:08 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2010/11/30 02:31:04 | 001,367,816 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2010/11/28 20:57:26 | 002,766,336 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
PRC - [2010/11/18 02:59:16 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
PRC - [2010/11/16 20:21:56 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/11/16 20:21:54 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/16 16:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/11/05 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 06:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/31 20:25:36 | 001,374,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2009/11/01 21:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/15 12:20:31 | 002,471,448 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/12/15 12:20:31 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll
MOD - [2013/12/12 00:36:11 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/12/11 11:40:38 | 001,135,016 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/12/11 10:57:29 | 016,242,056 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2013/11/06 13:48:12 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/11/06 13:48:10 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/10/10 20:27:49 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/10 20:27:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 20:27:29 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/10 20:27:20 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 20:27:15 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/11 11:07:21 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\f4e49f5f51d2fa5e6190464468dff4d3\Microsoft.VisualBasic.ni.dll
MOD - [2013/09/11 10:59:16 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll
MOD - [2013/09/11 10:59:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll
MOD - [2013/08/17 21:28:33 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/17 21:28:32 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2b87cb064e64ff40778ca12322abb710\IAStorUtil.ni.dll
MOD - [2013/08/15 18:39:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c664f44617c6a89edcc171fa8596c89d\System.ServiceProcess.ni.dll
MOD - [2013/08/15 18:38:22 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 18:38:05 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 18:37:54 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/21 14:48:15 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/07/12 11:08:57 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\14dd60b57c8e7542cc9711866ef63e8a\IAStorCommon.ni.dll
MOD - [2013/07/12 01:55:18 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/14 15:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 15:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 15:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/08/09 23:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/05/05 23:12:50 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2010/11/28 20:57:26 | 002,766,336 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Hotkey.exe
MOD - [2010/11/20 19:23:48 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/12 15:18:15 | 000,348,160 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ja_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/01 00:34:32 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\ja-JP\THXAudio.resources.dll
MOD - [2009/11/01 21:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/01 21:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/05 21:50:32 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\Hotkey\Audiodll.dll
MOD - [2006/12/10 09:10:26 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Hotkey\AudioControlDLL.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/05/21 22:34:30 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/12/16 01:37:38 | 005,827,072 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2010/11/30 02:31:12 | 000,679,176 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2010/11/30 02:31:10 | 004,150,864 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2010/11/30 02:31:08 | 001,188,616 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2010/09/22 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/12/15 12:20:31 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
SRV - [2013/12/12 00:36:11 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/11 11:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/11 10:57:33 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/09/04 17:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/27 15:40:00 | 004,204,272 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012/03/05 23:49:35 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/19 16:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2011/04/07 20:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/11/18 02:59:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotkey\PowerBiosServer.exe -- (PowerBiosServer)
SRV - [2010/11/16 20:21:56 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/11/16 20:21:54 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/05 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/12 09:00:12 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/11/05 21:55:48 | 000,150,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/11/04 21:52:42 | 000,240,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/10/31 23:00:18 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/10/31 22:49:46 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/10/24 22:25:58 | 000,194,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/10/01 00:52:08 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/09/10 00:43:02 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/07/31 23:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/28 04:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/06/26 04:38:44 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/06/26 04:38:44 | 000,023,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 02:15:06 | 000,358,480 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ka6avs.sys -- (ka6avs)
DRV:64bit: - [2012/02/22 02:15:06 | 000,082,000 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ka6usb.sys -- (ka6usb_svc)
DRV:64bit: - [2012/02/06 08:36:25 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/06 08:36:25 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/12/02 14:06:04 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2011/12/02 14:06:00 | 000,565,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2011/09/23 01:59:08 | 000,290,600 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2011/06/26 01:55:48 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/22 18:26:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/04/07 20:14:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/02/09 21:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/09 21:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/13 21:24:56 | 000,132,624 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2011/01/11 14:43:16 | 001,103,464 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/30 02:31:52 | 000,484,224 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmusb.sys -- (BTMUSB)
DRV:64bit: - [2010/11/30 02:31:50 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 19:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/05 06:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/18 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 08:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/02/10 10:32:00 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/18 10:39:17 | 000,081,920 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1102.sys -- (RDID1102)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/10/25 23:33:32 | 000,013,696 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\habu.sys -- (HabuFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=MOCJ&bmod=MOCJ
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg....fr&d=2012-08-11 13:09:00&v=12.2.0.5&sap=hp
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-09-28 16:42:02&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{F90D299B-3DF8-48D8-A10F-309F950D07A1}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "安全検索"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7BEE223D7A-F30F-11DD-8F0A-D2AD55D89593%7D:1.1.3
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38 [2013/12/15 12:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/01/02 20:38:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/28 05:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Extensions
[2014/01/01 21:45:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\extensions
[2012/10/28 16:25:49 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\extensions\[email protected]
[2013/07/10 06:59:19 | 000,075,008 | ---- | M] () (No name found) -- C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
[2013/02/23 18:34:43 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2013/05/25 04:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/12 00:36:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/12 00:24:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013/12/12 00:24:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/20 20:13:09 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HncUpdate90] C:\Program Files (x86)\Hnc\HncUtils\Update\HncCheck.exe (한글과컴퓨터)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Gordon Eastwood\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google サイドウィキ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google サイドウィキ... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.160.13 64.59.161.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F3FFE02-7CE2-4041-8C37-E74C35618141}: DhcpNameServer = 64.59.160.13 64.59.161.68
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5494D7F-E3D8-4129-97A4-3901CA643B30}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (/sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/02 20:53:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/02 20:38:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/01 12:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2013/12/26 12:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/12/15 00:41:53 | 000,000,000 | ---D | C] -- C:\Users\Gordon Eastwood\AppData\Roaming\raidcall
[2013/12/09 09:56:48 | 000,000,000 | ---D | C] -- C:\Users\Gordon Eastwood\Documents\A School Folder
[2013/12/09 09:54:45 | 000,000,000 | ---D | C] -- C:\Users\Gordon Eastwood\Documents\A Work Folder

========== Files - Modified Within 30 Days ==========

[2014/01/02 20:57:00 | 000,000,626 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/02 20:51:21 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/02 20:51:21 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/02 20:50:42 | 001,233,962 | ---- | M] () -- C:\Users\Gordon Eastwood\Desktop\AdwCleaner.exe
[2014/01/02 20:43:49 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/01/02 20:43:49 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2014/01/02 20:43:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/02 20:43:20 | 2079,985,663 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/01 22:06:19 | 000,371,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/01 21:57:06 | 001,220,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/01 21:57:06 | 000,623,210 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/01 21:57:06 | 000,395,720 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2014/01/01 21:57:06 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2014/01/01 21:57:06 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/26 19:32:20 | 000,000,221 | ---- | M] () -- C:\Users\Gordon Eastwood\Desktop\Magicka.url
[2013/12/26 12:35:42 | 000,000,222 | ---- | M] () -- C:\Users\Gordon Eastwood\Desktop\Sanctum 2.url
[2013/12/15 12:21:09 | 000,003,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/12/12 17:26:48 | 000,007,033 | ---- | M] () -- C:\Users\Gordon Eastwood\Desktop\pokemanz.rtf
[2013/12/10 00:20:20 | 775,305,198 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/04 23:13:07 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk

========== Files Created - No Company Name ==========

[2014/01/02 20:50:42 | 001,233,962 | ---- | C] () -- C:\Users\Gordon Eastwood\Desktop\AdwCleaner.exe
[2013/12/26 19:32:20 | 000,000,221 | ---- | C] () -- C:\Users\Gordon Eastwood\Desktop\Magicka.url
[2013/12/26 12:35:42 | 000,000,222 | ---- | C] () -- C:\Users\Gordon Eastwood\Desktop\Sanctum 2.url
[2013/10/23 19:46:04 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\WinHDB90b.ini
[2013/06/26 18:09:34 | 000,003,728 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2012/06/29 10:47:51 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys
[2012/06/29 10:43:32 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg
[2012/06/29 10:43:30 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe
[2012/03/06 01:07:21 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/06 01:07:16 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/06 01:07:12 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/06 01:07:09 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/06 01:07:05 | 013,899,776 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/03/05 23:49:52 | 000,001,313 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012/03/05 23:49:52 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012/03/05 23:49:52 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012/03/05 23:49:48 | 000,185,856 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/03/05 23:49:48 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/13 02:36:45 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\.mono
[2012/10/05 22:53:13 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\Ableton
[2013/10/15 06:45:09 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\AVG2014
[2012/06/29 10:34:19 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\Cakewalk
[2013/10/23 19:50:28 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\HNC
[2012/07/10 04:16:12 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\LolClient
[2013/01/18 01:40:45 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\OpenOffice.org
[2013/12/15 00:41:53 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\raidcall
[2012/07/26 00:40:34 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\runic games
[2012/06/29 11:17:45 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\Steinberg
[2013/08/15 11:47:51 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\TERA
[2012/09/27 23:42:13 | 000,000,000 | ---D | M] -- C:\Users\Gordon Eastwood\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/11/17 20:49:25 | 000,001,828 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\????? ??????????.lnk) -- C:\Users\Gordon Eastwood\Documents\マカフィー セキュリティセンター.lnk
[2013/11/17 09:56:45 | 000,001,828 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\????? ??????????.lnk) -- C:\Users\Gordon Eastwood\Documents\マカフィー セキュリティセンター.lnk
[2013/10/23 22:27:29 | 000,016,663 | ---- | M] ()(C:\Users\Gordon Eastwood\Desktop\?????.odt) -- C:\Users\Gordon Eastwood\Desktop\유학계획서.odt
[2013/10/23 19:48:52 | 000,001,162 | ---- | M] ()(C:\Users\Public\Desktop\????? ?? 2014.lnk) -- C:\Users\Public\Desktop\한컴오피스 한글 2014.lnk
[2013/10/23 19:48:52 | 000,001,162 | ---- | C] ()(C:\Users\Public\Desktop\????? ?? 2014.lnk) -- C:\Users\Public\Desktop\한컴오피스 한글 2014.lnk
[2013/10/21 01:21:17 | 000,016,663 | ---- | C] ()(C:\Users\Gordon Eastwood\Desktop\?????.odt) -- C:\Users\Gordon Eastwood\Desktop\유학계획서.odt
[2013/02/21 03:36:10 | 000,001,828 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\????? ?????????????.lnk) -- C:\Users\Gordon Eastwood\Documents\マカフィー インターネットセキュリティ.lnk
[2013/02/21 03:36:10 | 000,001,828 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\????? ?????????????.lnk) -- C:\Users\Gordon Eastwood\Documents\マカフィー インターネットセキュリティ.lnk
[2013/01/28 03:38:30 | 000,248,320 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\?????.doc) -- C:\Users\Gordon Eastwood\Documents\卒論★完成.doc
[2013/01/28 03:38:22 | 000,033,280 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\????.doc) -- C:\Users\Gordon Eastwood\Documents\卒論表紙.doc
[2012/06/28 05:03:46 | 000,000,000 | ---D | M](C:\Users\Gordon Eastwood\Documents\????????) -- C:\Users\Gordon Eastwood\Documents\受信したファイル
[2012/06/28 05:03:46 | 000,000,000 | ---D | C](C:\Users\Gordon Eastwood\Documents\????????) -- C:\Users\Gordon Eastwood\Documents\受信したファイル
[2012/06/28 05:00:36 | 000,000,000 | -HSD | M](C:\ProgramData\??????) -- C:\ProgramData\デスクトップ
[2012/06/28 05:00:36 | 000,000,000 | -HSD | M](C:\ProgramData\???? ????) -- C:\ProgramData\スタート メニュー
[2012/06/28 05:00:36 | 000,000,000 | -HSD | M](C:\ProgramData\??????) -- C:\ProgramData\デスクトップ
[2012/06/28 05:00:36 | 000,000,000 | -HSD | M](C:\ProgramData\???? ????) -- C:\ProgramData\スタート メニュー
[2012/03/06 00:59:08 | 000,000,570 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\?????????.lnk) -- C:\Users\Gordon Eastwood\Documents\サポートマニュアル.lnk
[2012/03/06 00:29:18 | 000,000,561 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\?????????? ??????.lnk) -- C:\Users\Gordon Eastwood\Documents\サプリメントディスク バックアップ.lnk
[2012/03/06 00:29:18 | 000,000,561 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\?????????? ??????.lnk) -- C:\Users\Gordon Eastwood\Documents\サプリメントディスク バックアップ.lnk
[2012/03/06 00:17:26 | 000,000,570 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\?????????.lnk) -- C:\Users\Gordon Eastwood\Documents\サポートマニュアル.lnk
[2012/03/05 23:50:05 | 000,002,220 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\?????????.lnk) -- C:\Users\Gordon Eastwood\Documents\アクティベーション.lnk
[2012/03/05 23:50:05 | 000,002,220 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\?????????.lnk) -- C:\Users\Gordon Eastwood\Documents\アクティベーション.lnk
[2012/02/06 08:37:50 | 000,002,439 | ---- | C] ()(C:\Users\Gordon Eastwood\Documents\????!PC???.lnk) -- C:\Users\Gordon Eastwood\Documents\楽しもう!PCライフ.lnk
[2011/12/13 20:31:48 | 000,248,320 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\?????.doc) -- C:\Users\Gordon Eastwood\Documents\卒論★完成.doc
[2011/12/13 20:03:30 | 000,033,280 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\????.doc) -- C:\Users\Gordon Eastwood\Documents\卒論表紙.doc
[2008/12/10 23:19:14 | 000,002,439 | ---- | M] ()(C:\Users\Gordon Eastwood\Documents\????!PC???.lnk) -- C:\Users\Gordon Eastwood\Documents\楽しもう!PCライフ.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft ??? ????? ????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft マウス キーボード センター
(C:\ProgramData\??????) -- C:\ProgramData\デスクトップ
(C:\ProgramData\???? ????) -- C:\ProgramData\スタート メニュー

< End of report >


adwcleaner

# AdwCleaner v3.016 - Report created 02/01/2014 at 20:54:47
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Gordon Eastwood - DUNE
# Running from : C:\Users\Gordon Eastwood\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found C:\Program Files (x86)\AVG Secure Search
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\Partner
Folder Found C:\Users\Gordon Eastwood\AppData\Local\AVG Secure Search
Folder Found C:\Users\Gordon Eastwood\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\FoxTab
Folder Found C:\Users\GORDON~1\AppData\Local\Temp\FoxTab
Folder Found C:\Users\GORDON~1\AppData\Local\Temp\FoxTab

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\AVG Secure Search
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://isearch.avg.com/?cid={B43B7507-64A9-45B9-9D57-BECD81225DC6}&mid=ed9142c1ffcb47d08bb0d1d9b329a6c5-d4d65a6a3f50458ffc42141bbdbd3a4371139c60&lang=en&ds=AVG&pr=fr&d=2012-08-11 13:09:00&v=12.2.0.5&sap=hp

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\prefs.js ]

Line Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\17.0.1.12");
Line Found : user_pref("avg.install.userSPSettings", "AVG Secure Search");
Line Found : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Found : user_pref("extensions.BlockSite.blacklist", "search.conduit.com/?ctid=ct3317209&octid=eb_original_ctid&searchsource=69&cui=&sspv=&lay=1&um=2&up=sp884b1b83-afd6-41fb-ad5f-68702941fa85");
Line Found : user_pref("extensions.dynconff.cache.search.conduit.com.content", "<package expire=\"3600\" message=\"Empty\"></package>");
Line Found : user_pref("extensions.dynconff.cache.search.conduit.com.expires", "1388644298465");
Line Found : user_pref("extensions.wips.stats.last_false_url", "search.conduit.com");

*************************

AdwCleaner[R0].txt - [7930 octets] - [02/01/2014 20:54:47]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7990 octets] ##########



ps. i forgot to do the new otl quick scan after the fix (step 10) until i finished everything else (i missed that step) so my results are from after the final 2 steps. I hope that doesnt botch all your work.
As always thanks a ton for all your help.
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

As always thanks a ton for all your help.

You are welcome.
You didn't answer my question so this will be my second request:
Do you know what this program is "MSC" = マカフィー セキュリティセンター


Step-2.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-2.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT icon Posted Image
    and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-3.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:FILES
(C:\ProgramData\??????) -- C:\ProgramData\デスクトップ
(C:\ProgramData\???? ????) -- C:\ProgramData\スタート メニュー

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Answer my question above.
2. The AdwCleaner [S0].txt log
3. The JRT.txt log
4. How is the computer running now?
  • 0

#7
BLACKR0B0T

BLACKR0B0T

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
マカフィー セキュリティセンター translates to McAfee Security Center. i thought i mentioned it last email but i must have forgotten. sorry.


ADW cleaner

# AdwCleaner v3.016 - Report created 03/01/2014 at 18:22:18
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Gordon Eastwood - DUNE
# Running from : C:\Users\Gordon Eastwood\Desktop\AdwCleaner.exe
# Option : Clean
gm
***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\GORDON~1\AppData\Local\Temp\FoxTab
Folder Deleted : C:\Users\Gordon Eastwood\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Gordon Eastwood\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\FoxTab
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Gordon Eastwood\AppData\Roaming\Mozilla\Firefox\Profiles\6qvw43wi.default\prefs.js ]

Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\17.0.1.12");
Line Deleted : user_pref("avg.install.userSPSettings", "AVG Secure Search");
Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");
Line Deleted : user_pref("extensions.BlockSite.blacklist", "search.conduit.com/?ctid=ct3317209&octid=eb_original_ctid&searchsource=69&cui=&sspv=&lay=1&um=2&up=sp884b1b83-afd6-41fb-ad5f-68702941fa85");
Line Deleted : user_pref("extensions.dynconff.cache.search.conduit.com.content", "<package expire=\"3600\" message=\"Empty\"></package>");
Line Deleted : user_pref("extensions.dynconff.cache.search.conduit.com.expires", "1388644298465");
Line Deleted : user_pref("extensions.wips.stats.last_false_url", "search.conduit.com");

*************************

AdwCleaner[R0].txt - [8114 octets] - [02/01/2014 20:54:47]
AdwCleaner[R1].txt - [8174 octets] - [03/01/2014 18:16:26]
AdwCleaner[S0].txt - [7660 octets] - [03/01/2014 18:22:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7720 octets] ##########



JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Home Premium x64
Ran by Gordon Eastwood on 2014/01/04 at 0:21:15.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Gordon Eastwood\appdata\locallow\jword"
Successfully deleted: [Empty Folder] C:\Users\Gordon Eastwood\appdata\local\{584F207A-9A3E-452B-AF66-7F284F2F4035}
Successfully deleted: [Empty Folder] C:\Users\Gordon Eastwood\appdata\local\{6F3B4C98-B75A-4C30-8124-8186D06942D0}
Successfully deleted: [Empty Folder] C:\Users\Gordon Eastwood\appdata\local\{7C915363-083D-44D8-B36C-7D993620129C}
Successfully deleted: [Empty Folder] C:\Users\Gordon Eastwood\appdata\local\{9F2EC8A5-5AE3-4362-A49E-1AEBE3F2CECF}
Successfully deleted: [Empty Folder] C:\Users\Gordon Eastwood\appdata\local\{A5B708FB-C5A9-4FB8-B6FF-B49596297E77}
Successfully deleted: [Empty Folder] C:\Users\Gordon Eastwood\appdata\local\{BE34F926-1709-4EB4-953A-E3F6A1E941D3}



~~~ FireFox

Emptied folder: C:\Users\Gordon Eastwood\AppData\Roaming\mozilla\firefox\profiles\6qvw43wi.default\minidumps [56 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014/01/04 at 0:28:02.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



olt file

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
File\Folder (C:\ProgramData\??????) -- C:\ProgramData\デスクトップ not found.
File\Folder (C:\ProgramData\???? ????) -- C:\ProgramData\スタート メニュー not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gordon Eastwood
->Temp folder emptied: 3912682 bytes
->Temporary Internet Files folder emptied: 7263679 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 72921715 bytes
->Flash cache emptied: 1715 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 7093652 bytes

Total Files Cleaned = 87.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01042014_004237

Files\Folders moved on Reboot...
C:\Users\Gordon Eastwood\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Gordon Eastwood\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H2XT4LRZ\free2paid-upgrade-campaign14[1].htm moved successfully.
C:\Users\Gordon Eastwood\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




should i turn my avg security settings back on? or leave them off for now?

asides from that everything seems to be running alright. i dont wanna use my internet so much as with no protection (even though its limited) as i dont want to run in to more programs.
otherwise though pc seems fine. no problems or issues yet

anyhow i think that is all for this time.
As always thank you for your unending help. my week has definitely been getting better day by day :)

Edited by BLACKR0B0T, 04 January 2014 - 02:59 AM.

  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

asides from that everything seems to be running alright. i dont wanna use my internet so much as with no protection (even though its limited) as i dont want to run in to more programs.
otherwise though pc seems fine. no problems or issues yet

I'm glad the system is running better.
Since you no longer use McAfee you should uninstall the McAfee Security Center. Then you can turn your AVG antivirus protection back on.
But we aren't finished. We still need to check for any residual malware files, check for any programs that need updating and once I have determined that the system is clean we will need to clean up the tools we have used.

Please uninstall McAfee Security Center and let me know when that is done.
  • 0

#9
BLACKR0B0T

BLACKR0B0T

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
McAfee is fully uninstalled. Ready for the next step! :)
  • 0

#10
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Step-1.

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer and disable any screen saver you might have running.

Right click the mbam-setup.exe file and click Run As Administrator, then click the Continue button on the UAC window to install the application.
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    Posted Image
    • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
    • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.
    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
    MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image

    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore (see the image below), and click Remove Selected<---Very Important.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-2.

Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

Vista / 7 users: You will need to to right-click on either the Internet Explorer or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on:

    Posted Image

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the Posted Image icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:

    Posted Image
  • Select the option YES, I accept the Terms of Use then click on:

    Posted Image
  • When prompted allow the Add-On/Active X to install. The following window will open:

    Posted Image

    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

A.
If No Threats Were Found:
  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found
B.
If Threats Were Found:
  • Click on list of threats found
  • Click on export to text file and save it to the desktop as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program
Don't forget to enable your Antivirus program and screen saver.


Step-3.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-4

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The MalwareBytes log
2. The ESET scan log (IF it found anything). If it didn't just tell me.
3. The checkup.txt log
  • 0

Advertisements


#11
BLACKR0B0T

BLACKR0B0T

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.06.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Gordon Eastwood :: DUNE [administrator]

2014/01/05 21:27:38
MBAM-log-2014-01-05 (23-10-44).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 453459
Time elapsed: 1 hour(s), 20 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\_OTL\MovedFiles\01022014_203810\C_ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (PUP.Optional.SearchDonkey.A) -> No action taken.
C:\_OTL\MovedFiles\01022014_203810\C_ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (PUP.Optional.SearchDonkey.A) -> No action taken.
C:\_OTL\MovedFiles\01022014_203810\C_ProgramData\RHelpers\IeHelper\IeHelper.exe (PUP.Optional.SearchDonkey.A) -> No action taken.

(end)



----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


C:\_OTL\MovedFiles\01022014_203810\C_ProgramData\Updater\Uninstall.exe a variant of Win32/ExFriendAlert.B application


------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------



Results of screen317's Security Check version 0.99.78
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.9.900.170
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````


---------------------------------------------------------------------------------------------------------------------------------------

and thats it. interesting that it was all olt files that were deleted by mbam and that eset found.

Thanks as always for your continuous help.
  • 0

#12
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
You are welcome. The files that MBAM and ESET found were the malware, adware, foistware files that OTL had already quarantined. We will remove them when we clean up. Your Java and Adobe Reader are out of date. We will update them and if there aren't any problems we should be ready to wrap this puppy up :)


Step-1.

Posted Image JAVA Advice
WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:If you still want to update your Java, follow the instructions below:

A.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:

  • Download the latest version of the Java Runtime Environment (JRE) Version from Here or Here and save it to your desktop.
  • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 7u45
  • Click the "Download button under the JRE" column.
  • On the Java SE Runtime Environment page, click the button to "Accept License Agreement".
  • Under the Java SE Runtime Environment 7u45 heading:
    To install the version for your system:
    • For Windows 64bit systems, look for Windows x64 29.27MB, click the jre-7u45-windows-64.exe file and save it to your desktop. Do Not run it from the Java site.
  • Close any programs you may have running - especially your web browser.

B.
Uninstall all versions of Java

  • Click the Start Orb, then Control Panel. Under the Programs or Programs and Features section click Uninstall a program. The list of installed programs will populate.
  • Remove all older versions of Java. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE or J2SE
    The versions I see on the computer are:
    Java 7 Update 5
  • Right click each program and click Uninstall and follow the on screen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
C.
Install the latest JAVA

Back on your desktop:
  • Right click the jre-7u45-windows-x64.exe file and click Run as Administrator and OK the UAC prompt to install the newest version.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.


Step-2.

Update Adobe Reader

Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy.
  • Click the Start Orb and click Control Panel. Under the Programs heading click Uninstall a program
  • Remove ALL instances of Adobe Reader. The version(s) I see on the computer are:
    • Adobe Reader 10.1.8
  • Right click each program and cilck Uninstall
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from Here.
  • Remove the check mark next to Yes, install McAfee Security Scan Plus-optional box.
  • Click the Download Now button to download Adobe Reader and follow the directions.
Alternative Option: After uninstalling Adobe Reader, you could try installing Foxit Reader from HERE. Foxit Reader is a much smaller program. It has fewer add-ons therefore loads more quickly.
NOTE: When installing FoxitReader, be careful not to install anything to do with AskBar or any other 3rd party software.


Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the updates went.
2. Let me know if any issues remain.
  • 0

#13
BLACKR0B0T

BLACKR0B0T

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Things are looking good. All the updates went well and no problems have been occurring.
Thank you for your time and help to getting to this stage.
  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thank you for your time and help to getting to this stage.

You are welcome. I'm glad the updates went well.

OK! Well done. :thumbsup: Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please complete the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

If you didn't uninstall ESET after running the program we will do it now.

Step-1.

Uninstall ESET

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

ESET

3. Right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files (86)\ESET

2. Close Windows Explorer.

Step-2.

Uninstall AdwCleaner

Re-open AdwCleaner
  • Click the Uninstall button
  • Confirm with yes
Posted Image

Step-3.

1. Please re-open Posted Image on your desktop.
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
The above process will remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.

Step-4.

Delete the following Files and Folders (If Present):

JRT.exe
JRT.txt
esetsmartinstaller_enu.exe
(If you used Firefox to run the ESET scan)
SecurityCheck.exe
checkup.txt
jre-7u45-windows-64.exe
The Adobe Reader setup file


Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.

Step-5.

Reset Hidden Files and Folders

1. Click the Start Orb and click Computer.
2. In the Menu bar at the top click the Tools menu and click Folder Oprtions...
3. On the Folder Options window click the View tab.
4. In the Advanced settings: box, Under Hidden files and folders, click the Do not show hidden files and folders button.
5. Click the Hide protected operating system files (Recommended) box.
6. Click Apply and then OK

Step-6.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

  • Click the Start Orb. Click Control Panel. Click System and Maintenance
  • Click System
  • In the left column under Tasks, click Advance System Settings and accept the warning if you get one
  • Click the System Protection Tab
  • Windows Vista: In the Available Disks box put a check mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?
    Windows 7/8: In the Protection Settings section, make sure the protection for the System drive is ON. If it isn't, click the Configure button and turn it on.

    Note: It may take some time for the system to populate the Available Disks box, so be patient.
  • Click the Create button at the bottom
  • Type in a name fo the restore point, i.e: Clean
  • Click Create
  • A small System Protection window will come up telling you a Restore Point is being created.
  • Another System Protection window will come up telling you the Restore Point has been created, click OK
  • Click OK again.
  • Close the Control Panel
Now we can purge the old Restore Points
  • Click Start(Windows 7 Orb), click Run (or press the Windows key and R together) to bring up the Run box.
  • Copy and Paste the following in the Run box:
    cleanmgr
  • Click OK
    A Disk Cleanup Options popup will open
    Posted Image
  • Click Files from all users on this computer

    A Drive Selection popup will open
    NOTE: You will not see this window unless you have more than one drive or partition on your computer.
    Posted Image
    If you chose Files from all users on this computer above, then click on Continue for UAC prompt.
  • Select the system drive, C:\ and click OK.
  • For a few moments the system will make some calculations
    Posted Image
  • The Disk Cleanup Window will open:
    Posted Image
  • Click the More Options tab.
    NOTE: If there isn't a More Options button then click the Clean up system files button at the bottom of the window. Disk Cleanup will reload and the More Options button should be visible.
  • Click the Clean up button under the System Restore and Shadow Copies section. (See screenshot below)
    Posted Image
  • In the Disk Cleanup dialog box, click Delete (See screenshot below).
    Posted Image
  • You will get a Disk Cleanup confirmation (See screenshot below)
    Posted Image
  • Click Delete Files, and then click OK.


Preventing Re-Infection

Below, I have included a number of recommendations for how to protect your computer against future malware infections.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats. Microsoft releases security updates that help your computer from becoming vulnerable.
Please either enable Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Vista and Windows 7 Users:
1. Click Start> All Programs, from the list find Windows Update and click it.

:Turn On Automatic Updates:

Vista and Windows 7
1. Click Start> Control Panel. Click Security. Under Windows Update, Click Turn automatic on or off.
2. On the next page, under Important Updates, Click the Drop down arrow on the right side of the box and Click Install Updates Automatically(recommended).
If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your task bar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software or need it to play games on-line.
In that instance I would recommend that you only use Firefox or Chrome to visit those sites and do the following:If you still want to keep Java
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
: Keep Adobe Reader Updated :
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed
NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

NOTE: Many installers offer third-party downloads that are installed automatically when you do not uncheck certain checkboxes. While most of the time not being malicious you usually do not want these on your computer. Be careful during the installation process and you will avoid seeing tons of new unwanted toolbars in your favorite web browser.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

This webpage is worth bookmarking/reading for future reference:
Securing Your Web Browser

:Alternate Browsers:

If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
:Install the MVPs Hosts File:
  • MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
NOTE: Please read all of the information on the MVP Hosts page before you install the HOSTS file. This file will may result in some of the web sites you visit not working as expected or not at all. There are work arounds for this but you will need to read about them on the web page. If you install the MVP HOSTS file and decide you don't want it you can replace it with the HOSTS file that you were using before. The web page has directions for this.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========
  • Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
  • SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
  • SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
  • WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.
SPECIAL NOTICE

CryptoLocker is the generic name for an increasingly prevalent and nasty strain of malicious software that encrypts the files on your computer until you pay a ransom. Some variants encrypt you personal files(MP3s, photos, doc files,ect;). But ither variants encrypy virtually every file, including system files. According to reports from security firms, CryptoLocker is most often spread through booby-trapped email attachments, but the malware also can be deployed by hacked and malicious Web sites by exploiting outdated browser plugins.
Unfortunately, there isn't a way to recover the files short of paying the ransom because the encryption uses 2048-bit RSA keys that would take like a quadrillion years to decrypt.
We haven't seen a lot of the CryptoLocker ransomeware in the wild yet, but if enough people pay the ransom to get their files back it will become more prevelant. You can read more about the CryptoLocker ransomware here

Fortunately there is a program that will help prevent this type of ransomeware and other malware. You should download it and install it now.
Click here to go to the CryptoPrevent web page. You can read about the program. There are also a couple of videos toward the end of the page that show the program in action.
Scroll to the bottom of the page and click the Download "CryptoPrevent Installer" button and download the file to the desktop. Close the browser and all open programs.
Double click the CryptoPreventSetup.exe file to install it.
Right click the CryptoPreventSetup.exe file and click Run as Administrator and OK ant UAC prompts to install the program.
Next, Double click the CryptoPrevent icon on the desktop to run the program.
Next, Right click the Cryptoprevent icon on the desktop and click Run as Administrator and OK any UAC prompt to run the program.

Posted Image

When the program opens make sure all boxes are checked and then click the Block button to apply the protection.

NOTE: I don't think the free version has an update tab so you will need to check the web site from time to time to check for newer versions of the program. Or you can pay a one time fee of $15 and get the Premium Edition which includes an automatic updating function.

It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========
  • TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
  • CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.
========BACKUPS================
  • Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • Tweaking.com's Registry Backup - Download the installer for Registry Backup from the link below and save it to the desktop :
    Link
  • Click one of the Download buttons under Installer
    A tutorial for Registry Backup explaining the various features can be viewed here
========Keep Installed Programs Up to Date========
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A program that will do this is listed below. Download and install the program and run it monthly:
Filehippo Update Checker

Finally, please read How did I get infected in the first place? by Mr. Tony Cline

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

IF I have helped you and you want to say "thanks", you can do that by clicking the Rep+ button at the bottom right of this post. :)

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe :wave:
godawgs
  • 1

#15
BLACKR0B0T

BLACKR0B0T

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I got to part 6 in the purge all restore points (seeing as my pc i all in japanese and i dont know a lot of the technical terms it took me some time but, i got to the purge point. once i got there, i got to the run cleanmgr stage but then it skipped the next stages(3,4,5) did 6 and when i got to stage 7 there was no 'more options'. and im not sure why. is it cause my step6, part7 wasnt names clean(i thought you just were using it as an example so i made my own name) Not to sure whats up cause all other stages have been fine up until now.(on my end that is)
Looking forward to your response.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP