Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

RegSvr32 error message on boot up - module failed to load [Solved]

Started by skedoosh , Feb 02 2014 06:19 PM

  • This topic is locked This topic is locked

#1
skedoosh
Posted 02 February 2014 - 06:19 PM

skedoosh

    New Member

  • Member
  • Pip
  • 6 posts


Hi, i am working on clearing my laptop, running windows 7 home premium. i was in the process of doing a removal of trojans and other adware using avast and when i restarted my computer it keeps popping up with this RegSvr32 error message, now every time i boot up my computer it will give me this message

"The module 'C:/Users/Joshua Loh/AppData/Local/A.../CoreMapLib.dll' failed to load. Make sure the binary is stored at the specific path or debug it to check for problems with the binary or dependent .DLL files. The specified module could not be found."

really frustrating malware that i cant get rid of, used adwcleaner and cleared the scan, then rebooted to find 2 more DLL errors so restored computer to original state with RegSvr32 error,

please help to remove this problem,

thanks

here is the OTL run scan i just did

OTL logfile created on: 2/3/2014 10:30:28 AM - Run 3
OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Joshua Loh\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.85 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 66.20% Memory free
7.71 Gb Paging File | 5.63 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.85 Gb Total Space | 179.24 Gb Free Space | 63.37% Space Free | Partition Type: NTFS

Computer Name: JOSHUALOH-PC | User Name: Joshua Loh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/02 19:25:04 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Joshua Loh\Desktop\OTL.exe
PRC - [2014/02/02 18:39:21 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/02 18:39:21 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/07 10:51:30 | 000,780,560 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2013/12/21 15:16:24 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/17 04:53:42 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/08/17 04:53:40 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/08/11 11:09:56 | 000,057,344 | ---- | M] (Atheros) -- C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
PRC - [2011/08/09 12:14:56 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/08/09 12:14:54 | 000,325,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/07/22 08:53:04 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2011/05/13 10:29:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/05/12 15:34:12 | 000,723,560 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2011/04/24 11:59:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/04/24 11:58:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/04/23 03:14:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/03/15 14:14:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/15 14:14:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/15 14:14:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/03/15 14:14:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/01/18 13:22:26 | 000,039,528 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2010/01/30 10:22:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/21 15:16:22 | 003,559,024 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/12/13 20:43:06 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/04/21 22:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 22:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/17 04:53:40 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/08/17 04:53:40 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/04/24 11:59:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/02 18:39:21 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/26 19:48:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/09/07 04:02:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/27 16:20:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/12/06 17:25:40 | 000,161,168 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/12/06 17:16:02 | 000,208,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/12/06 17:15:46 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/09/18 10:52:54 | 000,141,192 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Sleep Memory Optimizer\FFSService.exe -- (FFSOpzSvc)
SRV:64bit: - [2011/05/11 07:31:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/04/23 03:14:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/03/18 10:09:40 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2011/03/09 10:30:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2011/01/28 11:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/28 11:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/28 11:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/28 11:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/28 11:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/28 11:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/28 11:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/28 11:58:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/09/23 11:40:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/02/02 19:17:11 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/21 15:16:23 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/18 10:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 10:28:54 | 000,105,120 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/08/11 11:09:56 | 000,057,344 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2011/08/09 12:14:56 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/09 12:14:54 | 000,325,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/07/22 08:53:04 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2011/07/07 10:54:24 | 000,184,320 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2011/06/22 06:25:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/06/08 05:55:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/13 10:29:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/04/24 11:59:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/03/15 14:14:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/01/18 13:22:26 | 000,039,528 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2010/10/13 04:29:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/02 09:01:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 10:22:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/06/11 07:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/02 18:39:41 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/02/02 18:39:40 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/02/02 18:39:40 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/02/02 18:39:40 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/12/23 20:48:00 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/13 20:43:12 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/12/13 20:43:11 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 17:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/15 12:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 12:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 12:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 12:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 12:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 12:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 12:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 12:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/10/01 10:38:26 | 000,519,328 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/10/01 10:37:40 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/10/01 10:37:26 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/10/01 10:36:54 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/10/01 10:36:40 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/10/01 10:36:24 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/10/01 10:36:08 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/10/01 10:35:54 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/09/19 04:48:56 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/09/03 09:12:19 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/09/03 09:12:19 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/09/03 09:12:19 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/08/10 03:02:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/29 13:37:18 | 000,185,128 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/07/29 09:03:50 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/06/17 00:20:08 | 000,026,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2011/05/21 03:23:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 17:11:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 17:11:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 13:54:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 13:53:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 13:53:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 11:04:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 19:58:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/14 12:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 12:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 12:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/20 12:39:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/06/11 07:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 07:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 07:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 07:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 10:16:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 10:16:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/14 11:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\URLSearchHook: {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3306061
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{899E53A2-22D3-4A8A-80EF-142FD38F57B8}: "URL" = http://search.condui...6855347276&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3306061.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "Connect DLC 5 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Connect DLC 5 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Connect DLC 5 Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7BB337EF54-F2BD-7050-9B6D-82DADB227643%7D:3.0.9
FF - prefs.js..extensions.enabledAddons: securebrowsing%40m86security.com:3.721
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.48
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "http://search.condui...848122&UM=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Joshua Loh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/02/16 17:18:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014/01/13 20:52:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/02 18:39:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\YouTube To [email protected]: C:\PROGRA~2\YOUTUB~2\YOUTUB~1.XPI [2013/07/03 15:21:59 | 000,038,126 | ---- | M] ()

[2012/02/13 18:45:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Extensions
[2014/02/02 21:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\extensions
[2013/04/18 11:13:38 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/12/23 20:43:48 | 000,000,000 | ---D | M] (Autoplay Content Handler) -- C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\extensions\{B337EF54-F2BD-7050-9B6D-82DADB227643}
[2014/01/29 19:45:34 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013/03/07 15:12:43 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\extensions\[email protected]
[2014/01/06 19:50:27 | 000,000,000 | ---D | M] (Trustwave SecureBrowsing) -- C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\extensions\[email protected]
[2013/03/07 15:12:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\extensions\[email protected]\chrome
[2013/03/07 15:12:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\extensions\[email protected]\defaults
[2013/03/07 15:12:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\extensions\[email protected]\locale
[2013/03/07 15:12:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\extensions\[email protected]\skin
[2013/03/07 15:12:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\extensions\[email protected]\chrome\content\extensionCode
[2014/01/20 09:39:59 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/12/21 15:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/21 15:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/21 15:16:25 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/13 20:52:36 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.4.1311_1\
CHR - Extension: avast! Online Security = C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: Google Wallet = C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2009/06/11 07:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120213180626.dll (McAfee, Inc.)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Coupon Companion Plugin) - {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll (215 Apps)
O2 - BHO: (YouTube To MP3) - {43e8d393-3036-4f25-a522-d0ac693d3a68} - C:\Program Files (x86)\YouTube To MP3\YouTube To MP3.dll (SoundFrost Company)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120216144028.dll (McAfee, Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Connect DLC 5 Toolbar) - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Connect DLC 5 Toolbar) - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\Run: [Azrsworks] C:\Windows\SysWow64\regsvr32.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BackgroundContainer] C:\Users\Joshua Loh\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)
O4 - HKLM..\RunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\9fa7db77-153f-4c82-8a4c-a9bd90c82651.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA88C447-693B-4C85-BA35-E47C6056C95A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03e00f4e-5619-11e1-96b8-de5d9ada3f7f}\Shell - "" = AutoRun
O33 - MountPoints2\{03e00f4e-5619-11e1-96b8-de5d9ada3f7f}\Shell\AutoRun\command - "" = D:\Windows\CHECK\DriveNavigator.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/03 10:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/02/02 21:02:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/02 19:47:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/02 19:25:54 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Joshua Loh\Desktop\OTL.exe
[2014/01/16 19:22:28 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/16 19:22:25 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2014/01/16 19:22:13 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/13 21:11:34 | 000,000,000 | ---D | C] -- C:\Users\Joshua Loh\AppData\Local\Azrsworks

========== Files - Modified Within 30 Days ==========

[2014/02/03 10:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/03 10:22:26 | 000,024,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/03 10:22:26 | 000,024,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/03 10:21:03 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2014/02/03 10:14:16 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/03 10:13:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/03 10:00:13 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/02 20:57:36 | 001,166,132 | ---- | M] () -- C:\Users\Joshua Loh\Desktop\adwcleaner.exe
[2014/02/02 19:25:04 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Joshua Loh\Desktop\OTL.exe
[2014/02/02 19:17:11 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/02 19:17:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/02 18:39:53 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/02/02 18:39:41 | 000,080,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/02/02 18:39:40 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/02/02 18:39:40 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/02/02 18:39:40 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/02/02 18:39:39 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/02/02 18:39:36 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/01/30 11:04:12 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/18 15:51:31 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/01/17 17:46:38 | 000,428,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/16 19:25:04 | 000,719,447 | ---- | M] () -- C:\Users\Joshua Loh\Documents\f_wozniacki_day4_10.jpg
[2014/01/08 19:50:20 | 522,595,588 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2014/02/02 20:56:25 | 001,166,132 | ---- | C] () -- C:\Users\Joshua Loh\Desktop\adwcleaner.exe
[2014/01/16 19:25:03 | 000,719,447 | ---- | C] () -- C:\Users\Joshua Loh\Documents\f_wozniacki_day4_10.jpg
[2013/02/12 21:57:15 | 000,000,000 | ---- | C] () -- C:\Users\Joshua Loh\convert
[2012/12/03 20:33:31 | 000,000,000 | -H-- | C] () -- C:\Users\Joshua Loh\AppData\Roaming\Cricket2009.exe.lock

========== ZeroAccess Check ==========

[2009/07/14 15:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 12:54:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 12:25:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 12:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 13:54:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 12:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

Advertisements

#2
emeraldnzl
Posted 03 February 2014 - 12:25 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello skedoosh,

Welcome to Geekstogo.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
skedoosh
Posted 03 February 2014 - 03:36 AM

skedoosh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi emeraldnzl,

thanks for replying, sorry i didn't reply immediately i think we may be in a different time zone
as for your instructions here is the text files from scan and addition

here is the scan text and the addition text

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Joshua Loh (administrator) on JOSHUALOH-PC on 03-02-2014 20:00:46
Running from C:\Users\Joshua Loh\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Sleep Memory Optimizer\FFSService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files\mcafee\mpf\MpfAlert.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2275944 2011-08-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2642728 2011-07-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [981664 2011-10-01] (Atheros Commnucations)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-11] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-02] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-15] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-18] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-02] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1839233220-1059118130-344747168-1000\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Joshua Loh\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-1839233220-1059118130-344747168-1000\...\Run: [Azrsworks] - regsvr32.exe "C:\Users\Joshua Loh\AppData\Local\Azrsworks\coreMapLib.dll" <===== ATTENTION
HKU\S-1-5-21-1839233220-1059118130-344747168-1000\...\MountPoints2: {03e00f4e-5619-11e1-96b8-de5d9ada3f7f} - D:\Windows\CHECK\DriveNavigator.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3306061
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
URLSearchHook: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {899E53A2-22D3-4A8A-80EF-142FD38F57B8} URL = http://search.condui...6855347276&UM=2
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120213180626.dll (McAfee, Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Coupon Companion Plugin - {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll (215 Apps)
BHO-x32: YouTube To MP3 - {43e8d393-3036-4f25-a522-d0ac693d3a68} - C:\Program Files (x86)\YouTube To MP3\YouTube To MP3.dll (SoundFrost Company)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120216144028.dll (McAfee, Inc.)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default
FF DefaultSearchEngine: Connect DLC 5 Customized Web Search
FF SelectedSearchEngine: Connect DLC 5 Customized Web Search
FF Homepage: hxxp://www.google.com.au/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN42721080811848122&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Joshua Loh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Coupon Companion Plugin - C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\Extensions\[email protected] [2013-03-07]
FF Extension: Trustwave SecureBrowsing - C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\Extensions\[email protected] [2014-01-06]
FF Extension: Flashblock - C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-18]
FF Extension: Autoplay Content Handler - C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\Extensions\{B337EF54-F2BD-7050-9B6D-82DADB227643} [2013-12-23]
FF Extension: Flash and Video Download - C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-01-29]
FF Extension: Adblock Plus - C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: McAfee ScriptScan for Firefox - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011-09-03]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2011-09-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-21]
FF HKCU\...\Firefox\Extensions: [YouTube To [email protected]] - C:\PROGRA~2\YOUTUB~2\YOUTUB~1.XPI
FF Extension: YouTube To MP3 - C:\PROGRA~2\YOUTUB~2\YOUTUB~1.XPI [2013-01-18]

Chrome:
=======
CHR DefaultSearchKeyword: google.com.au
CHR Extension: (Google Docs) - C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-17]
CHR Extension: (Google Drive) - C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-17]
CHR Extension: (YouTube) - C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-30]
CHR Extension: (Google Search) - C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-30]
CHR Extension: (SiteAdvisor) - C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-06-30]
CHR Extension: (avast! Online Security) - C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-17]
CHR Extension: (Google Wallet) - C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-17]
CHR Extension: (Gmail) - C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-30]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-01-10]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-13]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-02] (AVAST Software)
R2 FFSOpzSvc; C:\Program Files\Sleep Memory Optimizer\FFSService.exe [141192 2011-09-18] (Acer Incorporated)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-07] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-09] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-07] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [501768 2011-03-18] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [199272 2011-12-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208536 2011-12-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [161168 2011-12-06] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-28] (McAfee, Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-11] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-02] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-23] ()
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-17] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-03 20:00 - 2014-02-03 20:02 - 00024524 _____ () C:\Users\Joshua Loh\Desktop\FRST.txt
2014-02-03 20:00 - 2014-02-03 20:00 - 00000000 ____D () C:\FRST
2014-02-03 19:57 - 2014-02-03 19:59 - 02080256 _____ (Farbar) C:\Users\Joshua Loh\Desktop\FRST64.exe
2014-02-02 21:19 - 2014-02-02 21:19 - 00027725 _____ () C:\Users\Joshua Loh\Desktop\AdwCleaner[S0].txt
2014-02-02 21:07 - 2014-02-02 21:12 - 00001998 _____ () C:\Users\Joshua Loh\Desktop\FSS.txt
2014-02-02 21:06 - 2014-02-02 21:06 - 00027610 _____ () C:\Users\Joshua Loh\Desktop\AdwCleaner[R0].txt
2014-02-02 21:04 - 2014-02-02 21:04 - 00011326 _____ () C:\Users\Joshua Loh\Desktop\02022014_201513.log
2014-02-02 21:02 - 2014-02-02 21:30 - 00000000 ____D () C:\AdwCleaner
2014-02-02 20:56 - 2014-02-02 20:57 - 01166132 _____ () C:\Users\Joshua Loh\Desktop\adwcleaner.exe
2014-02-02 19:47 - 2014-02-02 19:47 - 00000000 ____D () C:\_OTL
2014-02-02 19:44 - 2014-02-03 10:50 - 00103026 _____ () C:\Users\Joshua Loh\Desktop\OTL.Txt
2014-02-02 19:25 - 2014-02-02 19:25 - 00601088 _____ (OldTimer Tools) C:\Users\Joshua Loh\Desktop\OTL.exe
2014-01-16 19:42 - 2014-01-16 19:42 - 00000000 ____D () C:\Users\Joshua Loh\Downloads\Rudy.1993.DVDRip.XviD-MTz.[Movie-Torrentz]
2014-01-16 19:22 - 2013-11-27 12:11 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 19:22 - 2013-11-27 12:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 19:22 - 2013-11-27 12:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 19:22 - 2013-11-27 12:11 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 19:22 - 2013-11-27 12:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 19:22 - 2013-11-27 12:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 19:22 - 2013-11-27 12:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 19:22 - 2013-11-26 22:10 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 19:22 - 2013-11-26 21:02 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-13 21:11 - 2014-02-03 19:38 - 00000000 ____D () C:\Users\Joshua Loh\AppData\Local\Azrsworks
2014-01-09 15:43 - 2014-01-09 15:43 - 00000000 ____D () C:\Users\Joshua Loh\Downloads\Lone Survivor (2013) DVDScr (xvid) NL Subs. DMT
2014-01-08 19:50 - 2014-01-08 19:50 - 00266288 _____ () C:\Windows\Minidump\010814-42915-01.dmp

==================== One Month Modified Files and Folders =======

2014-02-03 20:02 - 2014-02-03 20:00 - 00024524 _____ () C:\Users\Joshua Loh\Desktop\FRST.txt
2014-02-03 20:00 - 2014-02-03 20:00 - 00000000 ____D () C:\FRST
2014-02-03 19:59 - 2014-02-03 19:57 - 02080256 _____ (Farbar) C:\Users\Joshua Loh\Desktop\FRST64.exe
2014-02-03 19:59 - 2011-10-29 10:19 - 01986438 _____ () C:\Windows\WindowsUpdate.log
2014-02-03 19:59 - 2011-09-03 09:06 - 00001832 _____ () C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
2014-02-03 19:58 - 2013-12-17 09:40 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 19:56 - 2011-10-29 10:42 - 00000000 ____D () C:\ProgramData\clear.fi
2014-02-03 19:55 - 2013-12-17 09:40 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 19:55 - 2013-11-21 11:54 - 00003400 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-02-03 19:55 - 2009-07-14 15:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-03 19:55 - 2009-07-14 15:21 - 00147810 _____ () C:\Windows\setupact.log
2014-02-03 19:50 - 2009-07-14 15:15 - 00024656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-03 19:50 - 2009-07-14 15:15 - 00024656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-03 19:39 - 2013-03-11 12:12 - 485928196 _____ () C:\Windows\MEMORY.DMP
2014-02-03 19:39 - 2013-03-11 12:12 - 00000000 ____D () C:\Windows\Minidump
2014-02-03 19:38 - 2014-01-13 21:11 - 00000000 ____D () C:\Users\Joshua Loh\AppData\Local\Azrsworks
2014-02-03 16:31 - 2012-05-04 00:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-03 16:03 - 2012-02-22 09:19 - 00000000 ____D () C:\Users\Joshua Loh\AppData\Local\CrashDumps
2014-02-03 10:50 - 2014-02-02 19:44 - 00103026 _____ () C:\Users\Joshua Loh\Desktop\OTL.Txt
2014-02-03 10:00 - 2009-07-14 13:50 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-03 09:28 - 2012-07-05 17:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-02 21:31 - 2013-01-18 15:30 - 00000000 ____D () C:\Program Files (x86)\Coupon Companion Plugin
2014-02-02 21:31 - 2012-02-13 17:43 - 00000000 ____D () C:\Users\Joshua Loh
2014-02-02 21:30 - 2014-02-02 21:02 - 00000000 ____D () C:\AdwCleaner
2014-02-02 21:30 - 2013-11-21 11:54 - 00000000 ____D () C:\Users\Joshua Loh\AppData\Local\Conduit
2014-02-02 21:30 - 2013-11-21 11:54 - 00000000 ____D () C:\ProgramData\Conduit
2014-02-02 21:30 - 2013-11-21 11:54 - 00000000 ____D () C:\Program Files (x86)\Connect_DLC_5
2014-02-02 21:30 - 2012-02-14 12:37 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-02-02 21:30 - 2012-02-13 17:43 - 00000000 ____D () C:\Users\Joshua Loh\AppData\Local\PowerCinema
2014-02-02 21:30 - 2011-10-29 10:34 - 00000000 ____D () C:\ProgramData\Atheros
2014-02-02 21:30 - 2009-07-14 13:50 - 00000000 ____D () C:\Windows\registration
2014-02-02 21:19 - 2014-02-02 21:19 - 00027725 _____ () C:\Users\Joshua Loh\Desktop\AdwCleaner[S0].txt
2014-02-02 21:12 - 2014-02-02 21:07 - 00001998 _____ () C:\Users\Joshua Loh\Desktop\FSS.txt
2014-02-02 21:06 - 2014-02-02 21:06 - 00027610 _____ () C:\Users\Joshua Loh\Desktop\AdwCleaner[R0].txt
2014-02-02 21:04 - 2014-02-02 21:04 - 00011326 _____ () C:\Users\Joshua Loh\Desktop\02022014_201513.log
2014-02-02 20:57 - 2014-02-02 20:56 - 01166132 _____ () C:\Users\Joshua Loh\Desktop\adwcleaner.exe
2014-02-02 19:47 - 2014-02-02 19:47 - 00000000 ____D () C:\_OTL
2014-02-02 19:25 - 2014-02-02 19:25 - 00601088 _____ (OldTimer Tools) C:\Users\Joshua Loh\Desktop\OTL.exe
2014-02-02 19:25 - 2012-02-13 20:20 - 00000000 ____D () C:\Users\Joshua Loh\AppData\Local\Adobe
2014-02-02 19:17 - 2012-05-04 00:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-02 19:17 - 2012-05-04 00:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-02 19:17 - 2011-09-03 08:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-02 18:39 - 2013-12-23 20:48 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-02 18:39 - 2012-04-21 23:03 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-02 18:39 - 2012-04-21 23:03 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-02 18:39 - 2012-04-21 23:03 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-02 18:39 - 2012-04-21 23:03 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-02 18:39 - 2012-04-21 23:03 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-02 18:39 - 2012-04-21 23:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-02 18:34 - 2013-12-12 10:42 - 00000000 ____D () C:\Users\Joshua Loh\AppData\Roaming\uTorrent
2014-01-30 11:04 - 2013-12-17 09:43 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-29 18:26 - 2012-02-13 17:44 - 00000000 ___RD () C:\Users\Joshua Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-29 16:45 - 2012-02-13 17:51 - 00000000 ____D () C:\Users\Joshua Loh\AppData\Roaming\Adobe
2014-01-29 16:35 - 2013-03-13 22:52 - 00000000 ____D () C:\Users\Joshua Loh\AppData\Roaming\vlc
2014-01-18 15:51 - 2012-02-13 20:29 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-17 17:46 - 2009-07-14 15:15 - 00428496 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-17 17:45 - 2010-11-21 14:17 - 00428648 _____ () C:\Windows\PFRO.log
2014-01-17 10:45 - 2013-08-06 18:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-17 10:39 - 2012-02-18 14:06 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 19:42 - 2014-01-16 19:42 - 00000000 ____D () C:\Users\Joshua Loh\Downloads\Rudy.1993.DVDRip.XviD-MTz.[Movie-Torrentz]
2014-01-13 20:53 - 2011-09-03 09:05 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-01-09 15:43 - 2014-01-09 15:43 - 00000000 ____D () C:\Users\Joshua Loh\Downloads\Lone Survivor (2013) DVDScr (xvid) NL Subs. DMT
2014-01-08 19:50 - 2014-01-08 19:50 - 00266288 _____ () C:\Windows\Minidump\010814-42915-01.dmp

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-03 11:46

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by Joshua Loh at 2014-02-03 20:02:57
Running from C:\Users\Joshua Loh\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

Acer Backup Manager (x32 Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (x32 Version: 1.5.2008.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2008.00 - CyberLink Corp.) Hidden
Acer Deep Sleep Settings (x32 Version: 1.00.3008 - Acer Incorporated)
Acer ePower Management (x32 Version: 6.00.3007 - Acer Incorporated)
Acer eRecovery Management (x32 Version: 5.00.3502 - Acer Incorporated)
Acer Games (x32 Version: 1.0.2.5 - WildTangent)
Acer Registration (x32 Version: 1.04.3502 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.0902.2011 - Acer Incorporated)
Acer Updater (x32 Version: 1.02.3500 - Acer Incorporated)
Acer VCM (x32 Version: 4.05.3501 - Acer Incorporated)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.4.144 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (Version: 7.04.000.98 - Atheros)
avast! Free Antivirus (x32 Version: 9.0.2013 - Avast Software)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (x32 Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2016.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.2016.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7709 - CyberLink Corp.) Hidden
clear.fi Client (x32 Version: 1.00.3500 - Acer Incorporated)
Connect DLC 5 Toolbar for IE (x32 Version: 6.17.2.8 - Connect DLC 5) <==== ATTENTION
Coupon Companion Plugin (x32 Version: 1.26.152.152 - 215 Apps) <==== ATTENTION
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Dolby Home Theater v4 (x32 Version: 7.2.7000.7 - Dolby Laboratories Inc)
eBay Worldwide (x32 Version: 2.2.0409 - OEM)
ETDWare PS/2-X64 10.0.6.3_WHQL (Version: 10.0.6.3 - ELAN Microelectronic Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.9.725 (x32 Version: 3.12.9.725 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Identity Card (x32 Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.2.18.0 (x32 Version: 1.2.18.0 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 8.15.10.2476 - Intel Corporation)
Intel® Rapid Start Technology (x32 Version: 1.0.0.1008 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 10.6.0.1002 - Intel Corporation)
iTunes (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (x32 Version: 5.1.4 - Acer Inc.)
McAfee Internet Security Suite (x32 Version: 11.0.654 - McAfee, Inc.)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
MiKTeX 2.9 (HKCU Version: 2.9 - MiKTeX.org)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Qualcomm Atheros Fast Reconnect (x32 Version: 1.0 - QualComm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7601.39013 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
Sleep Memory Optimizer (x32 Version: 1.00.3004 - Acer Incorporated)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Unity Web Player (HKCU Version: - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (x32 Version: 1.02.3503 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
YouTube To MP3 (x32 Version: - SoundFrost Company)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

30-12-2013 09:05:26 Windows Update
06-01-2014 08:53:06 Windows Update
13-01-2014 10:29:31 Windows Update
17-01-2014 00:08:52 Windows Update
22-01-2014 02:17:33 Windows Update
29-01-2014 05:38:37 Windows Update
02-02-2014 08:05:03 avast! antivirus system restore point
02-02-2014 08:15:11 Windows Update
02-02-2014 09:17:17 OTL Restore Point - 2/2/2014 7:47:16 PM
02-02-2014 09:45:30 OTL Restore Point - 2/2/2014 8:15:25 PM
02-02-2014 10:57:39 Restore Operation

==================== Hosts content: ==========================

2009-07-14 13:04 - 2009-06-11 07:30 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {10213627-1485-4C3F-9DD3-026095843A86} - System32\Tasks\Updater21804.exe => C:\Users\Joshua
Task: {200CAFFD-C336-4C7C-BF82-8D87D7948CE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
Task: {59D7C2AD-EA37-420B-8104-E4A06D5E07FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
Task: {95C60974-E9CC-41AD-B246-6A15A76396C0} - System32\Tasks\Adobe ARM => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-22] (Adobe Systems Incorporated)
Task: {9823F99D-1D67-44AE-BC35-19BC2480258A} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {9F357AE8-1931-4BEA-95CA-4D125E8E623C} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {B0F174CE-6386-4EFA-A3FC-F3AB4D484360} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-17] (Acer Incorporated)
Task: {B12287CF-8C61-47BC-9E1E-A5F8C4E13A13} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-02] (AVAST Software)
Task: {B28E0703-DCF4-4465-9E7F-81EFEE74E1A8} - System32\Tasks\Adobe Reader Speed Launcher => c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2013-12-19] (Adobe Systems Incorporated)
Task: {BE657D0B-C960-4CF9-8739-4102AE4E2AA8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-02] (Adobe Systems Incorporated)
Task: {C1968C7F-8D46-4441-967C-FF562C81DE1A} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-17] (CyberLink)
Task: {C2608B39-B977-4A51-8F6B-9EC2033A975E} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Joshua Loh\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {CB9D32E7-4F47-46E3-8117-AA2102FCD371} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {EA6EC3B7-E181-4095-AEBF-FF04684E1E0E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-17] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-10-29 11:02 - 2011-08-10 02:14 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-03 19:46 - 2014-02-03 18:00 - 02168320 _____ () C:\Program Files\AVAST Software\Avast\defs\14020300\algo.dll
2013-04-21 22:44 - 2013-04-21 22:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 22:44 - 2013-04-21 22:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-24 11:59 - 2011-04-24 11:59 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 11:59 - 2011-04-24 11:59 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 11:59 - 2011-04-24 11:59 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-08-17 04:53 - 2011-08-17 04:53 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2013-12-13 20:43 - 2013-12-13 20:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-21 15:16 - 2013-12-21 15:16 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2014 07:56:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 07:43:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 07:41:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 07:38:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 04:03:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 26.0.0.5087, time stamp: 0x52a0d293
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x1680
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (02/03/2014 02:30:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 01:42:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 10:15:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 10:13:18 AM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3196 (0xc7c)

Thread address : 0x0000000077CB12FA

Thread message :

Build VSCORE.14.4.0.380 / 5400.1158
Object being scanned = \Device\HarddiskVolume3\Windows\SysWOW64\netshell.dll
by C:\Program Files\AVAST Software\Avast\AvastSvc.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (02/03/2014 10:10:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/03/2014 07:55:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (02/03/2014 07:55:29 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (02/03/2014 07:44:08 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/03/2014 07:43:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (02/03/2014 07:42:00 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/03/2014 07:42:00 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (02/03/2014 07:42:00 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (02/03/2014 07:40:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/03/2014 07:40:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (02/03/2014 07:40:06 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (02/03/2014 07:56:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 07:43:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 07:41:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 07:38:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 04:03:32 PM) (Source: Application Error)(User: )
Description: plugin-container.exe26.0.0.508752a0d293ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753168001cf2094a6b8e93fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\ntdll.dllb7bdd3c0-8c94-11e3-9760-8cd8261f4a14

Error: (02/03/2014 02:30:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 01:42:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 10:15:51 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 10:13:18 AM) (Source: McLogEvent)(User: NT AUTHORITY)
Description: C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe900003196 (0xc7c)0x0000000077CB12FA
Build VSCORE.14.4.0.380 / 5400.1158
Object being scanned = \Device\HarddiskVolume3\Windows\SysWOW64\netshell.dll
by C:\Program Files\AVAST Software\Avast\AvastSvc.exe
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (02/03/2014 10:10:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 3946.19 MB
Available physical RAM: 2345.11 MB
Total Pagefile: 7890.56 MB
Available Pagefile: 5687.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:282.85 GB) (Free:178.8 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 3B9F1343)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 19 GB) (Disk ID: 3B9F1369)
Partition 1: (Not Active) - (Size=19 GB) - (Type=84)

==================== End Of Log ============================
  • 0

#4
emeraldnzl
Posted 03 February 2014 - 01:53 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello skedoosh,

i think we may be in a different time zone


Yes I think we may be. :)

Now

You appear to have two anti-virus programs running on your machine.

Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Please uninstall either of Avast or McAfee and anything to do with them.

If you decide to uninstall McAfee please do this after you have carried out the uninstall:

Download the McAfee removal tool from here and save the file to your desktop.

Close all McAfee Application windows you may have open, and double-click on MCPR.exe to start the removal tool.

Note: Windows Vista users will have to right-click on the file and select "Run as Administrator"

After the removal tool finishes, you should be prompted to restart your computer.

Once the computer restarts, your McAfee product should be uninstalled.

Anti-virus products are notorious for leaving behind bits and pieces, the removal tool will help in clearing up some of those bits and pieces.

Next

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Finally in this post

Please run FRST again with the Addition.txt box ticked and post back the two logs generated - FRST.txt and Addition.txt.

So when you return please post
  • Fixlog.txt
  • FRST.txt
  • Addition.txt
  • 0

#5
skedoosh
Posted 04 February 2014 - 03:11 AM

skedoosh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
thanks for being patient with me here, we had a power outage for half a day today

so i have decided to get rid of mcafee since i no longer have subcription to it and kept avast

i have removed all of mcafee and followed your steps.

i also noticed that restarting it after all the steps the RegSvr32 error was gone but a new one appeared being a "RunDLL" error saying

'There was a problem starting C:\Users\Joshua Loh\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
the specific module could not be found'

here are the three texts as well Fixlog, FRST and addition


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by Joshua Loh at 2014-02-04 19:21:38 Run:1
Running from C:\Users\Joshua Loh\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1839233220-1059118130-344747168-1000\...\Run: [BackgroundContainer] - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Joshua Loh\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
C:\Users\Joshua Loh\AppData\Local\Conduit
HKU\S-1-5-21-1839233220-1059118130-344747168-1000\...\Run: [Azrsworks] - regsvr32.exe "C:\Users\Joshua Loh\AppData\Local\Azrsworks\coreMapLib.dll" <===== ATTENTION
C:\Users\Joshua Loh\AppData\Local\Azrsworks
HKU\S-1-5-21-1839233220-1059118130-344747168-1000\...\MountPoints2: {03e00f4e-5619-11e1-96b8-de5d9ada3f7f} - D:\Windows\CHECK\DriveNavigator.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3306061
URLSearchHook: HKLM-x32 - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
C:\Program Files (x86)\Connect_DLC_5
URLSearchHook: HKCU - Connect DLC 5 Toolbar - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - C:\Program Files (x86)\Connect_DLC_5\prxtbConn.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {899E53A2-22D3-4A8A-80EF-142FD38F57B8} URL = http://search.condui...6855347276&UM=2
BHO-x32: Coupon Companion Plugin - {11111111-1111-1111-1111-110211181104} - C:\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll (215 Apps)
C:\Program Files (x86)\Coupon Companion Plugin
FF DefaultSearchEngine: Connect DLC 5 Customized Web Search
FF SelectedSearchEngine: Connect DLC 5 Customized Web Search
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN42721080811848122&UM=2&q=
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
C:\Program Files (x86)\Symantec
Task: {9823F99D-1D67-44AE-BC35-19BC2480258A} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
C:\Program Files (x86)\YourFileDownloader

*****************

HKU\S-1-5-21-1839233220-1059118130-344747168-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer => Value deleted successfully.
C:\Users\Joshua Loh\AppData\Local\Conduit => Moved successfully.
HKU\S-1-5-21-1839233220-1059118130-344747168-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Azrsworks => Value deleted successfully.
C:\Users\Joshua Loh\AppData\Local\Azrsworks => Moved successfully.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03e00f4e-5619-11e1-96b8-de5d9ada3f7f} => Key not found.
HKCR\CLSID\{03e00f4e-5619-11e1-96b8-de5d9ada3f7f} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Key deleted successfully.
C:\Program Files (x86)\Connect_DLC_5 => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{899E53A2-22D3-4A8A-80EF-142FD38F57B8} => Key deleted successfully.
HKCR\CLSID\{899E53A2-22D3-4A8A-80EF-142FD38F57B8} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110211181104} => Key deleted successfully.
C:\Program Files (x86)\Coupon Companion Plugin => Moved successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox Keyword.URL deleted successfully.
NOBU => Service deleted successfully.
C:\Program Files (x86)\Symantec => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9823F99D-1D67-44AE-BC35-19BC2480258A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9823F99D-1D67-44AE-BC35-19BC2480258A} => Key deleted successfully.
C:\Windows\System32\Tasks\YourFile Update => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile Update => Key deleted successfully.
"C:\Program Files (x86)\YourFileDownloader" => File/Directory not found.


The system needs a manual reboot.

==== End of Fixlog ====


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Joshua Loh (administrator) on JOSHUALOH-PC on 04-02-2014 19:23:32
Running from C:\Users\Joshua Loh\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files\Sleep Memory Optimizer\FFSService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2275944 2011-08-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2642728 2011-07-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [981664 2011-10-01] (Atheros Commnucations)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831528 2011-05-11] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-02] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-15] (Dritek System Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-18] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-02] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] - msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-1839233220-1059118130-344747168-1000\...\MountPoints2: {03e00f4e-5619-11e1-96b8-de5d9ada3f7f} - D:\Windows\CHECK\DriveNavigator.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: YouTube To MP3 - {43e8d393-3036-4f25-a522-d0ac693d3a68} - C:\Program Files (x86)\YouTube To MP3\YouTube To MP3.dll (SoundFrost Company)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - No Name - {d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc} - No File
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default
FF Homepage: hxxp://www.google.com.au/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Joshua Loh\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Coupon Companion Plugin - C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\Extensions\[email protected] [2013-03-07]
FF Extension: Trustwave SecureBrowsing - C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\Extensions\[email protected] [2014-01-06]
FF Extension: Flashblock - C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-18]
FF Extension: Autoplay Content Handler - C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\Extensions\{B337EF54-F2BD-7050-9B6D-82DADB227643} [2013-12-23]
FF Extension: Flash and Video Download - C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-01-29]
FF Extension: Adblock Plus - C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-21]
FF HKCU\...\Firefox\Extensions: [YouTube To [email protected]] - C:\PROGRA~2\YOUTUB~2\YOUTUB~1.XPI
FF Extension: YouTube To MP3 - C:\PROGRA~2\YOUTUB~2\YOUTUB~1.XPI [2013-01-18]

Chrome:
=======
CHR DefaultSearchKeyword: google.com.au
CHR Extension: (Google Docs) - C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-17]
CHR Extension: (Google Drive) - C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-17]
CHR Extension: (YouTube) - C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-30]
CHR Extension: (Google Search) - C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-30]
CHR Extension: (SiteAdvisor) - C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-06-30]
CHR Extension: (avast! Online Security) - C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-12-17]
CHR Extension: (Google Wallet) - C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-17]
CHR Extension: (Gmail) - C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-30]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2012-06-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-12-13]

==================== Services (Whitelisted) =================

S2 0262481391502935mcinstcleanup; C:\Users\Joshua Loh\AppData\Local\Temp\0262481391502935mcinst.exe [834664 2013-07-13] (McAfee, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-02] (AVAST Software)
R2 FFSOpzSvc; C:\Program Files\Sleep Memory Optimizer\FFSService.exe [141192 2011-09-18] (Acer Incorporated)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-07] (Intel Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-11] (Atheros)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-12-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-12-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-02] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2013-12-23] ()
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-17] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-04 19:07 - 2014-02-04 19:06 - 03218352 _____ (McAfee, Inc.) C:\Users\Joshua Loh\Desktop\MCPR.exe
2014-02-03 20:02 - 2014-02-03 20:05 - 00034624 _____ () C:\Users\Joshua Loh\Desktop\Addition.txt
2014-02-03 20:00 - 2014-02-04 19:24 - 00017850 _____ () C:\Users\Joshua Loh\Desktop\FRST.txt
2014-02-03 20:00 - 2014-02-04 19:23 - 00000000 ____D () C:\FRST
2014-02-03 19:57 - 2014-02-03 19:59 - 02080256 _____ (Farbar) C:\Users\Joshua Loh\Desktop\FRST64.exe
2014-02-02 21:19 - 2014-02-02 21:19 - 00027725 _____ () C:\Users\Joshua Loh\Desktop\AdwCleaner[S0].txt
2014-02-02 21:07 - 2014-02-02 21:12 - 00001998 _____ () C:\Users\Joshua Loh\Desktop\FSS.txt
2014-02-02 21:06 - 2014-02-02 21:06 - 00027610 _____ () C:\Users\Joshua Loh\Desktop\AdwCleaner[R0].txt
2014-02-02 21:04 - 2014-02-02 21:04 - 00011326 _____ () C:\Users\Joshua Loh\Desktop\02022014_201513.log
2014-02-02 21:02 - 2014-02-02 21:30 - 00000000 ____D () C:\AdwCleaner
2014-02-02 20:56 - 2014-02-02 20:57 - 01166132 _____ () C:\Users\Joshua Loh\Desktop\adwcleaner.exe
2014-02-02 19:47 - 2014-02-02 19:47 - 00000000 ____D () C:\_OTL
2014-02-02 19:44 - 2014-02-03 10:50 - 00103026 _____ () C:\Users\Joshua Loh\Desktop\OTL.Txt
2014-02-02 19:25 - 2014-02-02 19:25 - 00601088 _____ (OldTimer Tools) C:\Users\Joshua Loh\Desktop\OTL.exe
2014-01-16 19:42 - 2014-01-16 19:42 - 00000000 ____D () C:\Users\Joshua Loh\Downloads\Rudy.1993.DVDRip.XviD-MTz.[Movie-Torrentz]
2014-01-16 19:22 - 2013-11-27 12:11 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 19:22 - 2013-11-27 12:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 19:22 - 2013-11-27 12:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 19:22 - 2013-11-27 12:11 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 19:22 - 2013-11-27 12:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 19:22 - 2013-11-27 12:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 19:22 - 2013-11-27 12:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 19:22 - 2013-11-26 22:10 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 19:22 - 2013-11-26 21:02 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-09 15:43 - 2014-01-09 15:43 - 00000000 ____D () C:\Users\Joshua Loh\Downloads\Lone Survivor (2013) DVDScr (xvid) NL Subs. DMT
2014-01-08 19:50 - 2014-01-08 19:50 - 00266288 _____ () C:\Windows\Minidump\010814-42915-01.dmp

==================== One Month Modified Files and Folders =======

2014-02-04 19:24 - 2014-02-03 20:00 - 00017850 _____ () C:\Users\Joshua Loh\Desktop\FRST.txt
2014-02-04 19:23 - 2014-02-03 20:00 - 00000000 ____D () C:\FRST
2014-02-04 19:23 - 2011-10-29 10:19 - 02084088 _____ () C:\Windows\WindowsUpdate.log
2014-02-04 19:19 - 2012-07-05 17:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-04 19:19 - 2011-10-29 10:42 - 00000000 ____D () C:\ProgramData\clear.fi
2014-02-04 19:18 - 2013-12-17 09:40 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 19:18 - 2013-11-21 11:54 - 00003400 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-02-04 19:18 - 2010-11-21 14:17 - 00454656 _____ () C:\Windows\PFRO.log
2014-02-04 19:18 - 2009-07-14 15:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-04 19:18 - 2009-07-14 15:21 - 00147978 _____ () C:\Windows\setupact.log
2014-02-04 19:08 - 2009-07-14 15:15 - 00024656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 19:08 - 2009-07-14 15:15 - 00024656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 19:07 - 2013-12-21 15:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-04 19:06 - 2014-02-04 19:07 - 03218352 _____ (McAfee, Inc.) C:\Users\Joshua Loh\Desktop\MCPR.exe
2014-02-03 21:31 - 2012-05-04 00:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-03 20:58 - 2013-12-17 09:40 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 20:05 - 2014-02-03 20:02 - 00034624 _____ () C:\Users\Joshua Loh\Desktop\Addition.txt
2014-02-03 19:59 - 2014-02-03 19:57 - 02080256 _____ (Farbar) C:\Users\Joshua Loh\Desktop\FRST64.exe
2014-02-03 19:39 - 2013-03-11 12:12 - 485928196 _____ () C:\Windows\MEMORY.DMP
2014-02-03 19:39 - 2013-03-11 12:12 - 00000000 ____D () C:\Windows\Minidump
2014-02-03 16:03 - 2012-02-22 09:19 - 00000000 ____D () C:\Users\Joshua Loh\AppData\Local\CrashDumps
2014-02-03 10:50 - 2014-02-02 19:44 - 00103026 _____ () C:\Users\Joshua Loh\Desktop\OTL.Txt
2014-02-03 10:00 - 2009-07-14 13:50 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-02 21:31 - 2012-02-13 17:43 - 00000000 ____D () C:\Users\Joshua Loh
2014-02-02 21:30 - 2014-02-02 21:02 - 00000000 ____D () C:\AdwCleaner
2014-02-02 21:30 - 2013-11-21 11:54 - 00000000 ____D () C:\ProgramData\Conduit
2014-02-02 21:30 - 2012-02-13 17:43 - 00000000 ____D () C:\Users\Joshua Loh\AppData\Local\PowerCinema
2014-02-02 21:30 - 2011-10-29 10:34 - 00000000 ____D () C:\ProgramData\Atheros
2014-02-02 21:30 - 2009-07-14 13:50 - 00000000 ____D () C:\Windows\registration
2014-02-02 21:19 - 2014-02-02 21:19 - 00027725 _____ () C:\Users\Joshua Loh\Desktop\AdwCleaner[S0].txt
2014-02-02 21:12 - 2014-02-02 21:07 - 00001998 _____ () C:\Users\Joshua Loh\Desktop\FSS.txt
2014-02-02 21:06 - 2014-02-02 21:06 - 00027610 _____ () C:\Users\Joshua Loh\Desktop\AdwCleaner[R0].txt
2014-02-02 21:04 - 2014-02-02 21:04 - 00011326 _____ () C:\Users\Joshua Loh\Desktop\02022014_201513.log
2014-02-02 20:57 - 2014-02-02 20:56 - 01166132 _____ () C:\Users\Joshua Loh\Desktop\adwcleaner.exe
2014-02-02 19:47 - 2014-02-02 19:47 - 00000000 ____D () C:\_OTL
2014-02-02 19:25 - 2014-02-02 19:25 - 00601088 _____ (OldTimer Tools) C:\Users\Joshua Loh\Desktop\OTL.exe
2014-02-02 19:25 - 2012-02-13 20:20 - 00000000 ____D () C:\Users\Joshua Loh\AppData\Local\Adobe
2014-02-02 19:17 - 2012-05-04 00:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-02 19:17 - 2012-05-04 00:06 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-02 19:17 - 2011-09-03 08:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-02 18:39 - 2013-12-23 20:48 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-02 18:39 - 2012-04-21 23:03 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-02 18:39 - 2012-04-21 23:03 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-02 18:39 - 2012-04-21 23:03 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-02 18:39 - 2012-04-21 23:03 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-02 18:39 - 2012-04-21 23:03 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-02 18:39 - 2012-04-21 23:02 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-02 18:34 - 2013-12-12 10:42 - 00000000 ____D () C:\Users\Joshua Loh\AppData\Roaming\uTorrent
2014-01-30 11:04 - 2013-12-17 09:43 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-29 18:26 - 2012-02-13 17:44 - 00000000 ___RD () C:\Users\Joshua Loh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-29 16:45 - 2012-02-13 17:51 - 00000000 ____D () C:\Users\Joshua Loh\AppData\Roaming\Adobe
2014-01-29 16:35 - 2013-03-13 22:52 - 00000000 ____D () C:\Users\Joshua Loh\AppData\Roaming\vlc
2014-01-18 15:51 - 2012-02-13 20:29 - 00002023 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-01-17 17:46 - 2009-07-14 15:15 - 00428496 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-17 10:45 - 2013-08-06 18:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-17 10:39 - 2012-02-18 14:06 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 19:42 - 2014-01-16 19:42 - 00000000 ____D () C:\Users\Joshua Loh\Downloads\Rudy.1993.DVDRip.XviD-MTz.[Movie-Torrentz]
2014-01-09 15:43 - 2014-01-09 15:43 - 00000000 ____D () C:\Users\Joshua Loh\Downloads\Lone Survivor (2013) DVDScr (xvid) NL Subs. DMT
2014-01-08 19:50 - 2014-01-08 19:50 - 00266288 _____ () C:\Windows\Minidump\010814-42915-01.dmp

Some content of TEMP:
====================
C:\Users\Joshua Loh\AppData\Local\Temp\0262481391502935mcinst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-03 11:46

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by Joshua Loh at 2014-02-04 19:24:31
Running from C:\Users\Joshua Loh\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Acer Backup Manager (x32 Version: 3.0.0.99 - NTI Corporation)
Acer Crystal Eye Webcam (x32 Version: 1.5.2008.00 - CyberLink Corp.)
Acer Crystal Eye Webcam (x32 Version: 1.5.2008.00 - CyberLink Corp.) Hidden
Acer Deep Sleep Settings (x32 Version: 1.00.3008 - Acer Incorporated)
Acer ePower Management (x32 Version: 6.00.3007 - Acer Incorporated)
Acer eRecovery Management (x32 Version: 5.00.3502 - Acer Incorporated)
Acer Games (x32 Version: 1.0.2.5 - WildTangent)
Acer Registration (x32 Version: 1.04.3502 - Acer Incorporated)
Acer ScreenSaver (x32 Version: 1.1.0902.2011 - Acer Incorporated)
Acer Updater (x32 Version: 1.02.3500 - Acer Incorporated)
Acer VCM (x32 Version: 4.05.3501 - Acer Incorporated)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.4.144 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Suite (64) (Version: 7.04.000.98 - Atheros)
avast! Free Antivirus (x32 Version: 9.0.2013 - Avast Software)
Backup Manager V3 (x32 Version: 3.0.0.99 - NTI Corporation) Hidden
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (x32 Version: 7.0.765.0 - Microsoft Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 1.0.2016.00 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.2016.00 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7709 - CyberLink Corp.) Hidden
clear.fi Client (x32 Version: 1.00.3500 - Acer Incorporated)
Connect DLC 5 Toolbar for IE (x32 Version: 6.17.2.8 - Connect DLC 5) <==== ATTENTION
Coupon Companion Plugin (x32 Version: 1.26.152.152 - 215 Apps) <==== ATTENTION
Crazy Chicken Kart 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
Dolby Home Theater v4 (x32 Version: 7.2.7000.7 - Dolby Laboratories Inc)
eBay Worldwide (x32 Version: 2.2.0409 - OEM)
ETDWare PS/2-X64 10.0.6.3_WHQL (Version: 10.0.6.3 - ELAN Microelectronic Corp.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.9.725 (x32 Version: 3.12.9.725 - DVDVideoSoft Ltd.)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotogràfica del Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Identity Card (x32 Version: 1.00.3501 - Acer Incorporated)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.2.18.0 (x32 Version: 1.2.18.0 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 8.15.10.2476 - Intel Corporation)
Intel® Rapid Start Technology (x32 Version: 1.0.0.1008 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 10.6.0.1002 - Intel Corporation)
iTunes (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Jewel Match 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (x32 Version: 5.1.4 - Acer Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
MiKTeX 2.9 (HKCU Version: 2.9 - MiKTeX.org)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Norton Online Backup (x32 Version: 2.1.17869 - Symantec Corporation)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Qualcomm Atheros Fast Reconnect (x32 Version: 1.0 - QualComm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (x32 Version: 6.1.7601.39013 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
Sleep Memory Optimizer (x32 Version: 1.00.3004 - Acer Incorporated)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Torchlight (x32 Version: 2.2.0.97 - WildTangent) Hidden
Unity Web Player (HKCU Version: - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
Welcome Center (x32 Version: 1.02.3503 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
YouTube To MP3 (x32 Version: - SoundFrost Company)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

30-12-2013 09:05:26 Windows Update
06-01-2014 08:53:06 Windows Update
13-01-2014 10:29:31 Windows Update
17-01-2014 00:08:52 Windows Update
22-01-2014 02:17:33 Windows Update
29-01-2014 05:38:37 Windows Update
02-02-2014 08:05:03 avast! antivirus system restore point
02-02-2014 08:15:11 Windows Update
02-02-2014 09:17:17 OTL Restore Point - 2/2/2014 7:47:16 PM
02-02-2014 09:45:30 OTL Restore Point - 2/2/2014 8:15:25 PM
02-02-2014 10:57:39 Restore Operation

==================== Hosts content: ==========================

2009-07-14 13:04 - 2009-06-11 07:30 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {10213627-1485-4C3F-9DD3-026095843A86} - System32\Tasks\Updater21804.exe => C:\Users\Joshua
Task: {200CAFFD-C336-4C7C-BF82-8D87D7948CE7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
Task: {524927CB-2E7A-4038-97EC-1D7430347D79} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Joshua Loh\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {59D7C2AD-EA37-420B-8104-E4A06D5E07FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
Task: {95C60974-E9CC-41AD-B246-6A15A76396C0} - System32\Tasks\Adobe ARM => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-22] (Adobe Systems Incorporated)
Task: {9F357AE8-1931-4BEA-95CA-4D125E8E623C} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {B0F174CE-6386-4EFA-A3FC-F3AB4D484360} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-08-17] (Acer Incorporated)
Task: {B12287CF-8C61-47BC-9E1E-A5F8C4E13A13} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-02] (AVAST Software)
Task: {B28E0703-DCF4-4465-9E7F-81EFEE74E1A8} - System32\Tasks\Adobe Reader Speed Launcher => c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2013-12-19] (Adobe Systems Incorporated)
Task: {BE657D0B-C960-4CF9-8739-4102AE4E2AA8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-02] (Adobe Systems Incorporated)
Task: {C1968C7F-8D46-4441-967C-FF562C81DE1A} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-08-17] (CyberLink)
Task: {CB9D32E7-4F47-46E3-8117-AA2102FCD371} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-29] (Egis Technology Inc.)
Task: {EA6EC3B7-E181-4095-AEBF-FF04684E1E0E} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-08-17] (CyberLink Corp.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-10-29 11:02 - 2011-08-10 02:14 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-03 19:46 - 2014-02-03 18:00 - 02168320 _____ () C:\Program Files\AVAST Software\Avast\defs\14020300\algo.dll
2014-02-04 19:20 - 2014-02-04 18:46 - 02168320 _____ () C:\Program Files\AVAST Software\Avast\defs\14020400\algo.dll
2013-04-21 22:44 - 2013-04-21 22:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 22:44 - 2013-04-21 22:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-24 11:59 - 2011-04-24 11:59 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-24 11:59 - 2011-04-24 11:59 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-24 11:59 - 2011-04-24 11:59 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2011-08-17 04:53 - 2011-08-17 04:53 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2013-12-13 20:43 - 2013-12-13 20:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-12-21 15:16 - 2013-12-21 15:16 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2014 07:19:08 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 07:18:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: 026248~1.EXE, version: 7.8.113.0, time stamp: 0x51e05b9a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x6f8
Faulting application start time: 0x026248~1.EXE0
Faulting application path: 026248~1.EXE1
Faulting module path: 026248~1.EXE2
Report Id: 026248~1.EXE3

Error: (02/04/2014 07:08:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: McSvHost.exe, version: 2.0.230.0, time stamp: 0x4d41ff46
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000007fee443ccd8
Faulting process id: 0x9bc
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report Id: McSvHost.exe3

Error: (02/04/2014 07:07:10 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (02/04/2014 07:01:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 07:56:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 07:43:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 07:41:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 07:38:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 04:03:32 PM) (Source: Application Error) (User: )
Description: Faulting application name: plugin-container.exe, version: 26.0.0.5087, time stamp: 0x52a0d293
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x1680
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3


System errors:
=============
Error: (02/04/2014 07:19:10 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Application Installer Cleanup (0262481391502935) service terminated unexpectedly. It has done this 1 time(s).

Error: (02/04/2014 07:19:02 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (02/04/2014 07:08:14 PM) (Source: Service Control Manager) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/04/2014 07:00:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (02/04/2014 07:00:40 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (02/03/2014 07:55:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (02/03/2014 07:55:29 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (02/03/2014 07:44:08 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/03/2014 07:43:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (02/03/2014 07:42:00 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (02/04/2014 07:19:08 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2014 07:18:58 PM) (Source: Application Error)(User: )
Description: 026248~1.EXE7.8.113.051e05b9aunknown0.0.0.000000000c0000005000000006f801cf2185e709cf0aC:\Users\JOSHUA~1\AppData\Local\Temp\026248~1.EXEunknown2f176642-8d79-11e3-9a21-dce84f56d813

Error: (02/04/2014 07:08:03 PM) (Source: Application Error)(User: )
Description: McSvHost.exe2.0.230.04d41ff46unknown0.0.0.000000000c0000005000007fee443ccd89bc01cf218367295675C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeunknowna8dcad80-8d77-11e3-aa63-b41ba794b91e

Error: (02/04/2014 07:07:10 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Joshua Loh\Documents\Downloads\SoftonicDownloader_for_free-mp4-mp3-converter.exe

Error: (02/04/2014 07:01:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 07:56:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 07:43:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 07:41:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 07:38:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/03/2014 04:03:32 PM) (Source: Application Error)(User: )
Description: plugin-container.exe26.0.0.508752a0d293ntdll.dll6.1.7601.18247521ea8e7c0000374000ce753168001cf2094a6b8e93fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Windows\SysWOW64\ntdll.dllb7bdd3c0-8c94-11e3-9760-8cd8261f4a14


==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 3946.19 MB
Available physical RAM: 1940.67 MB
Total Pagefile: 7890.56 MB
Available Pagefile: 5852.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:282.85 GB) (Free:178.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 3B9F1343)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 19 GB) (Disk ID: 3B9F1369)
Partition 1: (Not Active) - (Size=19 GB) - (Type=84)

==================== End Of Log ============================
  • 0

#6
emeraldnzl
Posted 04 February 2014 - 12:55 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again skedoosh,

'There was a problem starting C:\Users\Joshua Loh\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll
the specific module could not be found'


Means we are making progress. That one is a baddy, we have removed part of it, now to remove the rest.

Download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
After that

Please download : ADWCleaner to your desktop (use the Download Now @ BleepingComputer button)..

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

So when you return please post
  • Fixlog.txt
  • JRT.txt
  • AdwCleaner log
  • 0

#7
skedoosh
Posted 04 February 2014 - 06:41 PM

skedoosh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hello emeraldnzl,

it appears that the RegSvr32 error and the RunDLL error were gone on the reboot after the adwcleaner clean (not sure if its fully solved though)

so i have done the next set of steps resulting in the 3 text logs being fixlog, JRT and adwcleaner
here they are,


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by Joshua Loh at 2014-02-05 10:24:06 Run:2
Running from C:\Users\Joshua Loh\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {524927CB-2E7A-4038-97EC-1D7430347D79} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Joshua Loh\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
C:\ProgramData\Conduit
C:\Users\Joshua Loh\AppData\Local\Temp\0262481391502935mcinst.exe
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{524927CB-2E7A-4038-97EC-1D7430347D79} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{524927CB-2E7A-4038-97EC-1D7430347D79} => Key deleted successfully.
C:\Windows\System32\Tasks\BackgroundContainer Startup Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => Key deleted successfully.
C:\ProgramData\Conduit => Moved successfully.
C:\Users\Joshua Loh\AppData\Local\Temp\0262481391502935mcinst.exe => Moved successfully.

==== End of Fixlog ====


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Joshua Loh on Wed 02/05/2014 at 10:25:45.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\cr_installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021804.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021804.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021804.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0021804.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222182204}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440244184404}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220222182204}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440244184404}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0021804.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0021804.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0021804.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0021804.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3306061
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440244184404}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440244184404}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Joshua Loh\AppData\Roaming\mozilla\firefox\profiles\p4dzlr1t.default\extensions\[email protected]
Successfully deleted the following from C:\Users\Joshua Loh\AppData\Roaming\mozilla\firefox\profiles\p4dzlr1t.default\prefs.js

user_pref("CT3306061.smartbar.homepage", "true");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN42721080811848122&UM=2&SearchSource=3&q={searchTerms}");
user_pref("extensions.crossrider.bic", "13c4c086ee8badd8be6b80f5f94bc64c");
user_pref("extensions.crossriderapp21804.21804.InstallationThankYouPage", true);
user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1358485196);
user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.searchUserConifrmation", false);
user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setHomepage", false);
user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setNewTab", false);
user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setSearch", false);
user_pref("extensions.crossriderapp21804.21804.active", true);
user_pref("extensions.crossriderapp21804.21804.addressbar", "");
user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
user_pref("extensions.crossriderapp21804.21804.backgroundver", 38);
user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1358485196");
user_pref("extensions.crossriderapp21804.21804.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1358485196");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.expiration", "Fri Jun 07 2013 18:14:52 GMT+0930");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.value", "%22var%20start_time%3D1368590400%3C%3DMath.floor%28new%20Date/1E3%29%3F378693E4%3A1368504E3%
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Fri Jun 07 2013 18:14:52 GMT+0930");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_ab_cap1.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_ab_cap1.value", "%22lbcmmpmjjaockhkcofljpakjcbmjmgla%2Cankoaclbfmdocnmjbokdkohpehjjinen%22");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_bu1.value", "1361270564");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Sun Jun 09 2013 14:25:00 GMT+0930");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22AU%22");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1370584881");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221368543718%22");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_disclosure_tmp.expiration", "Fri Jun 07 2013 18:14:28 GMT+0930");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_disclosure_tmp.value", "1370594068");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2288976%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2288976%26
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221357677777%22");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%2214019%22");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.value", "1358485748392");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221175%22");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22132729%22");
user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1358485315096");
user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
user_pref("extensions.crossriderapp21804.21804.domain", "");
user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
user_pref("extensions.crossriderapp21804.21804.group", 0);
user_pref("extensions.crossriderapp21804.21804.homepage", "");
user_pref("extensions.crossriderapp21804.21804.iframe", false);
user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22A04BA5FF247C46BCBBAE3239C12B5C5BIE%22%2C%22installer_verifi
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "54");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Fri Jun 07 2013 21:24:54 GMT+0930");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3Afalse%2C%22VirtualBox%22%3Afalse%2C%22VMWa
user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1175,baseCDN:
user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
user_pref("extensions.crossriderapp21804.21804.newtab", "");
user_pref("extensions.crossriderapp21804.21804.opensearch", "");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return ap
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 6);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 15);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 39);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelect
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 3);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 5);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 9);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 4);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.d
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 4);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=fun
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 4);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferre
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 3);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"unde
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 4);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 3);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);}
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 2);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 3);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAge
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 3);
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===t
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.name", "omniCommands");
user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.ver", 2);
user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
user_pref("extensions.crossriderapp21804.21804.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/21804/plugins/088/ff/plugins.json");
user_pref("extensions.crossriderapp21804.21804.pluginsversion", 51);
user_pref("extensions.crossriderapp21804.21804.publisher", "Innovative Apps");
user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
user_pref("extensions.crossriderapp21804.21804.thankyou", "");
user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
user_pref("extensions.crossriderapp21804.21804.ver", 54);
user_pref("extensions.crossriderapp21804.adsOldValue", -1);
user_pref("extensions.crossriderapp21804.apps", "21804");
user_pref("extensions.crossriderapp21804.bic", "13c4c086ee8badd8be6b80f5f94bc64c");
user_pref("extensions.crossriderapp21804.cid", 21804);
user_pref("extensions.crossriderapp21804.firstrun", false);
user_pref("extensions.crossriderapp21804.hadappinstalled", true);
user_pref("extensions.crossriderapp21804.installationdate", 1358485287);
user_pref("extensions.crossriderapp21804.lastcheck", 22843075);
user_pref("extensions.crossriderapp21804.lastcheckitem", 22843240);
user_pref("extensions.crossriderapp21804.modetype", "production");
user_pref("extensions.crossriderapp21804.reportInstall", true);
user_pref("extensions.m86sb.ta.categories", "{\r\n \"version\": \"3.721\",\r\n \"Images\": {\r\n\"Large\":{\r\n \"Adult Content\": [\r\n \"data:
user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN42721080811848122&UM=2&SearchSource=13");
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN42721080811848122&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
user_pref("smartbar.homePageOwnerCTID", "CT3306061");
user_pref("smartbar.machineId", "VJGICUNGLCJ0Z/EL8U+XR3LSEKVL56/CQYTCCJKXBAHOB6U315X8YJSB65CQ3R3PKJM3GG+ESUUE4SZOP7YEWA");
Emptied folder: C:\Users\Joshua Loh\AppData\Roaming\mozilla\firefox\profiles\p4dzlr1t.default\minidumps [109 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/05/2014 at 10:38:33.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



# AdwCleaner v3.018 - Report created 02/02/2014 at 21:14:10
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joshua Loh - JOSHUALOH-PC
# Running from : C:\Users\Joshua Loh\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Coupon Companion Plugin
Folder Deleted : C:\Program Files (x86)\Connect_DLC_5
Folder Deleted : C:\Users\Joshua Loh\AppData\Local\Conduit
Folder Deleted : C:\Users\Joshua Loh\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\Joshua Loh\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Joshua Loh\AppData\LocalLow\Connect_DLC_5
Folder Deleted : C:\Users\Joshua Loh\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Joshua Loh\AppData\Roaming\yourfiledownloader
Folder Deleted : C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\CT3306061
Folder Deleted : C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\Extensions\{d1b5aad5-d1ae-4b20-88b1-feeaeb4c1ebc}
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\searchplugins\Conduit.xml
File Deleted : C:\Windows\System32\Tasks\YourFile Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255185504}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244184404}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8D38915-1355-4B07-B9A7-FF98006B80EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{669DAE3F-A8CD-4842-AB83-FF8191BE0721}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255185504}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\Coupon Companion Plugin
Key Deleted : HKCU\Software\AppDataLow\Software\Connect_DLC_5
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\Software\Connect_DLC_5
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Companion Plugin

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\prefs.js ]

Line Deleted : user_pref("CT3306061.FF19Solved", "true");
Line Deleted : user_pref("CT3306061.UserID", "UN42721080811848122");
Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3306061.fullUserID", "UN42721080811848122.IN.20131121115331");
Line Deleted : user_pref("CT3306061.installDate", "21/11/2013 11:53:49");
Line Deleted : user_pref("CT3306061.installSessionId", "{8748DD86-98EB-44D1-8BD1-D32CDCB40E8E}");
Line Deleted : user_pref("CT3306061.installSp", "TRUE");
Line Deleted : user_pref("CT3306061.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3306061.keyword", "true");
Line Deleted : user_pref("CT3306061.originalHomepage", "www.google.com.au/");
Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3306061.originalSearchEngine", "");
Line Deleted : user_pref("CT3306061.originalSearchEngineName", "");
Line Deleted : user_pref("CT3306061.searchRevert", "true");
Line Deleted : user_pref("CT3306061.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3306061.searchUserMode", "2");
Line Deleted : user_pref("CT3306061.smartbar.homepage", "true");
Line Deleted : user_pref("CT3306061.toolbarInstallDate", "21-11-2013 11:53:34");
Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.22.5.10");
Line Deleted : user_pref("CT3306061.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("browser.search.defaultenginename", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN42721080811848122&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "Connect DLC 5 Customized Web Search");
Line Deleted : user_pref("extensions.crossrider.bic", "13c4c086ee8badd8be6b80f5f94bc64c");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationThankYouPage", true);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationTime", 1358485196);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.searchUserConifrmation", false);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setHomepage", false);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setNewTab", false);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.InstallationUserSettings.setSearch", false);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.active", true);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.addressbarenhanced", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundver", 38);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallationTime.value", "1358485196");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_aoi.value", "1358485196");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.expiration", "Fri Jun 07 2013 18:14:52 GMT+0930");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_arbitrary_code.value", "%22var%20start_time%3D1368590400%3C%3DMath.floor%28new%20Date/1E3%29%3F378693E4%3A1368504E3%3B_GPL_PLUGIN.st%3D%7B%5C[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.expiration", "Fri Jun 07 2013 18:14:52 GMT+0930");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_blocklist.value", "%22nonexistantdomain.com%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_ab_cap1.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_ab_cap1.value", "%22lbcmmpmjjaockhkcofljpakjcbmjmgla%2Cankoaclbfmdocnmjbokdkohpehjjinen%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_cf_bu1.value", "1361270564");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.expiration", "Sun Jun 09 2013 14:25:00 GMT+0930");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_country_code.value", "%22AU%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_crr.value", "1370584881");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_currenttime.value", "%221368543718%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_disclosure_tmp.expiration", "Fri Jun 07 2013 18:14:28 GMT+0930");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_ib_disclosure_tmp.value", "1370594068");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%2288976%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2288976%26subid%3D%26pid%3D1322%22%[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_installtime.value", "%221357677777%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_parent_zoneid.value", "%2214019%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_pc_20120828.value", "1358485748392");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_product_id.value", "%221175%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie._GPL_zoneid.value", "%22132729%22");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.cookie.dbtest.value", "1358485315096");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.description", "Coupon Companion");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.domain", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.group", 0);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22A04BA5FF247C46BCBBAE3239C12B5C5BIE%22%2C%22installer_verifier%22%3A%22bdab5326d1a03b[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_appVer.value", "54");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_lastVersion.value", "1");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.expiration", "Fri Jun 07 2013 21:24:54 GMT+0930");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.expiration", "Fri Feb 01 2030 00:00:00 GMT+1030");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%22%3Afalse%2C%22Wireshark%22%3Afalse%2C%22VirtualBox%22%3Afalse%2C%22VMWare%22%3Afalse%2C%22Inside[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1175,baseCDN:\"couponcp-a.akamaihd.net[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.name", "Coupon Companion Plugin");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return appAPI.appInfo.id;}else{return appAPI.appID;}}};$jquery.ex[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.name", "base");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1.ver", 6);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(b){if(void 0===this||null===this)throw new TypeError;var c=Obje[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000014.ver", 15);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.code", "var a=appAPI.db.getList(),cf_ran=!1,_GPL_BG={vars:{},rules:{},started:!1,allowed:!1,log:function(b){console.log(b)},factor[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_1000015.ver", 39);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection();}else{if(document.g[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_13.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigat[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.ver", 5);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&ty[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.ver", 9);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, Joh[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.appID(),url:appAPI._cr_config.debug_app};return h.Class.[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.name", "debug");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_21.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(n[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.name", "resources");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_config.appID()},b,g=new e.Deferred(),f;return e.Class.exte[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.name", "initializer");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_28.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery [...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.name", "jquery_1_7_1");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.ver", 4);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());var CrossRiderResourcesManager=(function(){var C={appId[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_47.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.name", "appApiMessage");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.code", "if(appAPI.__should_activate_validation__===true){(function(){var k={};var f=appAPI.appInfo.name;var l=function(s,r,t){var q=\"[[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.name", "appApiValidation");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_72.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(func[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.name", "omniCommands");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_0", "4,14,78,16,64,47,72,98,1000015");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,72,98,1000014,28");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/21804/plugins/088/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.pluginsversion", 51);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.publisher", "Innovative Apps");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.thankyou", "");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp21804.21804.ver", 54);
Line Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp21804.apps", "21804");
Line Deleted : user_pref("extensions.crossriderapp21804.bic", "13c4c086ee8badd8be6b80f5f94bc64c");
Line Deleted : user_pref("extensions.crossriderapp21804.cid", 21804);
Line Deleted : user_pref("extensions.crossriderapp21804.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp21804.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp21804.installationdate", 1358485287);
Line Deleted : user_pref("extensions.crossriderapp21804.lastcheck", 22843075);
Line Deleted : user_pref("extensions.crossriderapp21804.lastcheckitem", 22843240);
Line Deleted : user_pref("extensions.crossriderapp21804.modetype", "production");
Line Deleted : user_pref("extensions.crossriderapp21804.reportInstall", true);
Line Deleted : user_pref("extensions.m86sb.ta.sites", "{\"version\":\"4.111\",\"sites\":{\"Adsense\":{\"smallMode\":true,\"smallBubble\":true,\"noMessages\":true,\"mapping\":{\"host\":\"^.*\\\\.googlesyndication\\\\[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN42721080811848122&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3306061&CUI=UN42721080811848122&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&SearchSource=2&CUI=UN42721080811848122&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3306061");
Line Deleted : user_pref("smartbar.machineId", "VJGICUNGLCJ0Z/EL8U+XR3LSEKVL56/CQYTCCJKXBAHOB6U315X8YJSB65CQ3R3PKJM3GG+ESUUE4SZOP7YEWA");

-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [27610 octets] - [02/02/2014 21:02:14]
AdwCleaner[S0].txt - [27575 octets] - [02/02/2014 21:14:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27636 octets] ##########
# AdwCleaner v3.018 - Report created 05/02/2014 at 11:01:52
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Joshua Loh - JOSHUALOH-PC
# Running from : C:\Users\Joshua Loh\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Joshua Loh\AppData\LocalLow\Connect_DLC_5
File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{24C1F23B-0796-4C3A-8E00-BAB4D876D4A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8D38915-1355-4B07-B9A7-FF98006B80EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{669DAE3F-A8CD-4842-AB83-FF8191BE0721}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D1B5AAD5-D1AE-4B20-88B1-FEEAEB4C1EBC}]
Key Deleted : HKCU\Software\AppDataLow\Software\Connect_DLC_5
Key Deleted : HKLM\Software\Connect_DLC_5

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\prefs.js ]

Line Deleted : user_pref("CT3306061.FF19Solved", "true");
Line Deleted : user_pref("CT3306061.UserID", "UN42721080811848122");
Line Deleted : user_pref("CT3306061.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3306061.fullUserID", "UN42721080811848122.IN.20131121115331");
Line Deleted : user_pref("CT3306061.installDate", "21/11/2013 11:53:49");
Line Deleted : user_pref("CT3306061.installSessionId", "{8748DD86-98EB-44D1-8BD1-D32CDCB40E8E}");
Line Deleted : user_pref("CT3306061.installSp", "TRUE");
Line Deleted : user_pref("CT3306061.installerVersion", "1.8.1.4");
Line Deleted : user_pref("CT3306061.keyword", "true");
Line Deleted : user_pref("CT3306061.originalHomepage", "www.google.com.au/");
Line Deleted : user_pref("CT3306061.originalSearchAddressUrl", "");
Line Deleted : user_pref("CT3306061.originalSearchEngine", "");
Line Deleted : user_pref("CT3306061.originalSearchEngineName", "");
Line Deleted : user_pref("CT3306061.searchRevert", "true");
Line Deleted : user_pref("CT3306061.searchUninstallUserMode", "2");
Line Deleted : user_pref("CT3306061.searchUserMode", "2");
Line Deleted : user_pref("CT3306061.toolbarInstallDate", "21-11-2013 11:53:34");
Line Deleted : user_pref("CT3306061.versionFromInstaller", "10.22.5.10");
Line Deleted : user_pref("CT3306061.xpeMode", "0");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.backgroundjs", "\n\n//\n");
Line Deleted : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1175,baseCDN:\"couponcp-a.akamaihd.net[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={};}var CR__bIsIEWindow=false;if(typeof window!==\"undefined\"&&typeof window.navigat[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _firefoxVersion!==\"undefined\"&&_firefoxVersion>14)&&ty[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, Joh[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.queue.push(b);}};appAPI.ready=function(c,b){a.when.apply(n[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jquery = null;\n\nif (document && typeof document.getElementById !== \"undefined\") {\n\n/*! jQuery [...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPTY_CHANNEL__\";var d=function(j){return(typeof j===\"object\"&&j!==null);};var b=function(j){return[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_78.code", "if(typeof jQuery!==\"undefined\"&&(jQuery)&&typeof navigator!==\"undefined\"&&typeof navigator.userAgent!==\"undefined\"){(func[...]
Line Deleted : user_pref("extensions.crossriderapp21804.21804.plugins.plugin_98.code", "(function(){var b=\"cr_\"+appAPI.appID+\"internalMessage\";var a=function(){var d=function(g){if(g===true){unsafeWindow.appAPI=[...]
Line Deleted : user_pref("extensions.m86sb.ta.sites", "{\"version\":\"4.111\",\"sites\":{\"Adsense\":{\"smallMode\":true,\"smallBubble\":true,\"noMessages\":true,\"mapping\":{\"host\":\"^.*\\\\.googlesyndication\\\\[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Joshua Loh\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [33631 octets] - [02/02/2014 21:02:14]
AdwCleaner[S0].txt - [33695 octets] - [02/02/2014 21:14:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [33756 octets] ##########
  • 0

#8
emeraldnzl
Posted 04 February 2014 - 06:47 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

(not sure if its fully solved though)


No we haven't quite finished but we are making good progress and almost there. :)

Now

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • If you are given an option to quarantine files ensure the scan is set to do so.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, before you do that though, make sure you copy the logfile to notepad somewhere you can find it again
  • Then click on: Finish
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.

  • 0

#9
skedoosh
Posted 04 February 2014 - 09:24 PM

skedoosh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi emeraldnzl,

so i have done the ESET online scanner which took a little over 2 hours
i followed all the steps set out and the logfile was basically the list of threats

i rebooted after the scan has finished, and it seems to be rebooting a little bit quicker than usual and doesn't have that malware trying to wipe out everything. No more error messages popping up either :thumbsup:
overall seems to be much more responsive than before when entering the C: drive and other areas that i use often.

the scan results stated
scanned files: 168398
infected files: 29
cleaned files: 26

could you please recommend some ways and measures to maintaining my computer safe as well, thank you

and here is the logfile

C:\Users\All Users\Microsoft\BingDesktop\BingCore\temp\tmp1A16.exe a variant of Win32/Kryptik.BTWL trojan
C:\Users\All Users\Microsoft\BingDesktop\BingCore\temp\tmp733E.exe Win32/Boaxxe.BE trojan
C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Connect_DLC_5\Connect_DLC_5ToolbarHelper.exe.vir Win32/Toolbar.Conduit.V application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Connect_DLC_5\ldrtbConn.dll.vir a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Connect_DLC_5\tbConn.dll.vir a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Companion Plugin\ButtonUtil.dll.vir a variant of Win32/Toolbar.CrossRider.G application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin-bg.exe.vir a variant of Win32/Toolbar.CrossRider.E application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.dll.vir a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Companion Plugin\Coupon Companion Plugin.exe.vir a variant of Win32/Toolbar.CrossRider.E application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Coupon Companion Plugin\Coupon Companion PluginGui.exe.vir a variant of Win32/Toolbar.CrossRider.F application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Joshua Loh\AppData\Local\Conduit\CT3306061\Connect_DLC_5AutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.V application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Joshua Loh\AppData\LocalLow\Connect_DLC_5\ldrtbConn.dll.vir a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Joshua Loh\AppData\LocalLow\Connect_DLC_5\tbConn.dll.vir a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\FRST\Quarantine\Conduit04-02-2014_19-21-38\CT3306061\Connect_DLC_5AutoUpdateHelper.exe Win32/Toolbar.Conduit.V application cleaned by deleting - quarantined
C:\FRST\Quarantine\Connect_DLC_504-02-2014_19-21-39\Connect_DLC_5ToolbarHelper.exe Win32/Toolbar.Conduit.V application cleaned by deleting - quarantined
C:\FRST\Quarantine\Connect_DLC_504-02-2014_19-21-39\ldrtbConn.dll a variant of Win32/Toolbar.Conduit.P application cleaned by deleting - quarantined
C:\FRST\Quarantine\Connect_DLC_504-02-2014_19-21-39\tbConn.dll a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\FRST\Quarantine\Coupon Companion Plugin04-02-2014_19-21-39\ButtonUtil.dll a variant of Win32/Toolbar.CrossRider.G application cleaned by deleting - quarantined
C:\FRST\Quarantine\Coupon Companion Plugin04-02-2014_19-21-39\Coupon Companion Plugin-bg.exe a variant of Win32/Toolbar.CrossRider.E application cleaned by deleting - quarantined
C:\FRST\Quarantine\Coupon Companion Plugin04-02-2014_19-21-39\Coupon Companion Plugin.dll a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined
C:\FRST\Quarantine\Coupon Companion Plugin04-02-2014_19-21-39\Coupon Companion Plugin.exe a variant of Win32/Toolbar.CrossRider.E application cleaned by deleting - quarantined
C:\FRST\Quarantine\Coupon Companion Plugin04-02-2014_19-21-39\Coupon Companion PluginGui.exe a variant of Win32/Toolbar.CrossRider.F application cleaned by deleting - quarantined
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp1A16.exe a variant of Win32/Kryptik.BTWL trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp733E.exe Win32/Boaxxe.BE trojan cleaned by deleting - quarantined
C:\Users\Joshua Loh\AppData\Roaming\Mozilla\Firefox\Profiles\p4dzlr1t.default\extensions\{B337EF54-F2BD-7050-9B6D-82DADB227643}\components\AutoplayContentHandler.js Win32/Boaxxe.BE trojan cleaned by deleting - quarantined
C:\Users\Joshua Loh\Documents\Downloads\jZipV1.exe probably a variant of Win32/Toolbar.SearchSuite.J application cleaned by deleting - quarantined
C:\Users\Joshua Loh\Documents\Downloads\SoftonicDownloader_for_free-mp4-mp3-converter.exe Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
  • 0

#10
emeraldnzl
Posted 04 February 2014 - 09:35 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again skedoosh,

No more error messages popping up either


I think you are good to go now. :thumbsup:

We have a couple of last steps to perform and then you're all set.Posted Image

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
To remove AdwCleaner double click on adwcleaner.exe to run the tool.
Click on Uninstall, then confirm with yes to remove AdwCleaner from your computer.

Any remaining tools may be deleted.

Next, we need to clean your restore points and set a new one:

Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

  • In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Under Protection Settings, click the radio button Configure.
  • Under Disk Space Usage, click the radio button Delete.
  • Click Continue, and then click OK.
-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#11
skedoosh
Posted 04 February 2014 - 10:02 PM

skedoosh

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank You so much emeraldnzl,
i really appreciate your patience and help to remove not just the original malware but others

once again thank you for all your help :thumbsup: :)

have a good day!
  • 0

#12
emeraldnzl
Posted 04 February 2014 - 10:11 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Thank You so much emeraldnzl,


You are very welcome. :happy:

I will keep this topic open for a day or two in case any issues arise.
  • 0

#13
emeraldnzl
Posted 04 April 2014 - 03:09 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP