Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hard drive space keeps decreasing [Closed] [Solved]


  • This topic is locked This topic is locked

#1
GTech

GTech

    Member

  • Member
  • PipPip
  • 78 posts
Hey guys, I've posted on here before, but wanted to resolve an issue that I'm having on my laptop. It's an old laptop and I've always had issues with it being extremely slow. I know I have a bunch of viruses on here. To be honest, I watch a lot of porn on it lol so that can be one of the issues. But only streaming, I never download it. And I've noticed that my hard drive space keeps decreasing even though I don't do much downloading on it. And now it's reached to 0 bytes. So if anyone can help me clean as many viruses I have on my laptop, that be great. I know it probably won't be the same (I could care less because it's an old laptop) but if it can run faster that would help a lot. Because even though Wi-Fi is in my room, videos still buffer even though I notice the video has been loaded. Thanks in advanced.
  • 0

Advertisements


#2
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Hi GTech, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):

  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Privet Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.

Note: Please, bare in mind that I am still a trainee and my replies need to be reviewed by my teachers before I post them to you which requires time as both teachers and helpers are volunteers here. Take it as a good thing because now you have two people examining your problem. I really hope that we will be able to send you home with a smile on your face. :)

 

  • Step #1 Scan with OTL
  • Please download OldTimer's Listit from one of the following locations and save it to your Desktop.
    Download Link 1
    Download Link 2
    Downlaod LInk 3
  • Copy and Paste the following code inside the Custom Scans/Fixes box;
    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button;
  • After the scan two logs will be produced;
  • Copy and paste the content of the logs in your next reply

 

  • Step #2 windirstat scan
  • Please download windirstat from here.
  • Right click on it and Run as Administrator;
  • Install and run the program;
  • Choose All local drives from the prompt;
  • Wait for the scan to finish;
  • Check which folders/files taking up the spaces;
  • Report me back.

 

  • Required Log(s):
    • Old Timer's ListIT Log(s)--
    • OTL.txt;
    • Extras.tst
  • WinDirStat report

Regards,
Valinorum
  • 0

#3
GTech

GTech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hello Valinorum , thank you for replying to my post. Here are the logs for the OTL scan. However, I couldn't find the report for the WinDirStat. I looked in the folder but there didn't seem to be any report log.

OTL

OTL logfile created on: 14/02/2014 11:07:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GTech\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.82% Memory free
6.12 Gb Paging File | 4.82 Gb Available in Paging File | 78.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 0.06 Gb Free Space | 0.03% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.72 Gb Free Space | 45.90% Space Free | Partition Type: NTFS

Computer Name: GTECH-PC | User Name: GTech | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/14 23:06:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GTech\Downloads\OTL.exe
PRC - [2014/02/01 00:42:04 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/10/16 00:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/02/27 16:38:44 | 001,259,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/11/19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/11/08 03:51:06 | 000,768,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/05/03 13:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2012/03/19 04:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 03:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/10/14 23:47:52 | 000,641,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/09/08 17:08:40 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2009/01/09 11:06:32 | 001,735,760 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/10 03:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/05/23 13:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/01 00:42:03 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/09/23 06:55:54 | 002,704,352 | ---- | M] () -- c:\ProgramData\BitGuard\2.6.1694.246\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.dll
MOD - [2011/10/16 00:16:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/10/15 23:53:41 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/10/15 23:51:28 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008/11/17 06:29:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\ProgramData\BitGuard\2.6.1694.246\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe -- (BitGuard)
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/01 00:42:03 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/16 00:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/09/08 17:08:40 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/06/04 09:15:02 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/06/04 09:15:02 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/04/11 02:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/12/10 03:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/11/08 03:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/09 21:52:40 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/04/19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/06/28 16:04:14 | 000,093,304 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2011/05/13 02:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 02:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/05/13 02:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/05/13 02:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011/05/13 02:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2008/11/17 06:29:08 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2801948

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...?babsrc=HP_Prot
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000223ae259802
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2801948
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "0s\nfH٧WILD=r"
FF - prefs.js..browser.search.selectedEngine: "(8l\\dfv|,hM*W ݕe86 )82=Xu \r(P{,#L)"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\GTech\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\GTech\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/09/01 17:13:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/11/14 20:06:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.6.4\FF [2012/09/01 22:58:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/08 14:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GTech\AppData\Roaming\Mozilla\Extensions
[2013/10/19 20:35:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GTech\AppData\Roaming\Mozilla\Firefox\Profiles\9ml3xsoq.default\Extensions
[2014/02/01 00:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\Extensions
[2014/02/01 00:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/01 00:42:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\BabylonChromeToolBar.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\GTech\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: PriceGong = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.5_0\
CHR - Extension: appbario8 = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\caloheeledhajihipjihanmihhegodlc\10.15.0.562_0\
CHR - Extension: General Crawler = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\
CHR - Extension: Babylon Toolbar = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
CHR - Extension: NCH EN = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn\2.3.19.11_0\
CHR - Extension: AdBlock = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: AVG Safe Search = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
CHR - Extension: Skype Click to Call = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601\
CHR - Extension: Skype Click to Call = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771\
CHR - Extension: Skype Click to Call = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0\
CHR - Extension: Skype Click to Call = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: AVG Do Not Track = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Yontoo Layers = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.0_0\
CHR - Extension: Google Wallet = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\GTech\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {167D9323-F7CC-48F5-948A-6F012831A69F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Users\GTech\Desktop\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Media Finder] "C:\Program Files\Media Finder\Media Finder.exe" /opentotray File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html ()
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B991A39-2177-4916-AC3F-B66D3061740E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\bitguard\261694~1.246\{16cdf~1\bitguard.dll) - c:\ProgramData\BitGuard\2.6.1694.246\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\GTech\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\GTech\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/02/01 00:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2014/02/14 23:02:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/14 23:02:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/14 23:02:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/14 23:02:30 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/14 16:53:35 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2940857735-2357682170-2313198792-1000UA.job
[2014/02/14 16:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/13 00:53:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2940857735-2357682170-2313198792-1000Core.job
[2014/02/13 00:04:25 | 153,260,190 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2014/02/05 00:16:13 | 000,002,046 | ---- | M] () -- C:\Users\GTech\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/05 00:16:13 | 000,002,044 | ---- | M] () -- C:\Users\GTech\Desktop\Google Chrome.lnk
[2014/02/02 18:00:10 | 000,116,924 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2014/01/25 12:21:36 | 009,687,274 | ---- | M] () -- C:\Users\GTech\Desktop\Dirt Off Your Shoulder Remix (Edit).mp3

========== Files Created - No Company Name ==========

[2014/01/25 12:19:49 | 009,687,274 | ---- | C] () -- C:\Users\GTech\Desktop\Dirt Off Your Shoulder Remix (Edit).mp3
[2011/10/10 19:30:13 | 000,101,376 | ---- | C] () -- C:\Users\GTech\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/02 18:05:20 | 000,006,756 | ---- | C] () -- C:\Users\GTech\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 10:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 23:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 21:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/05/08 13:26:51 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\Antares
[2011/10/29 17:33:25 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\AVG2012
[2011/11/30 12:17:48 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\Babylon
[2012/05/08 14:24:56 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\BabylonToolbar
[2012/09/09 22:02:16 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\DAEMON Tools Lite
[2011/10/30 07:20:42 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\DriverCure
[2013/06/22 18:35:10 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\File Scout
[2012/02/19 18:47:21 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\FrostWire
[2012/07/02 20:46:29 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\Go PDF Reader
[2012/06/25 00:50:13 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\Media Finder
[2012/05/27 17:02:34 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\OpenOffice.org
[2012/05/08 13:48:56 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\PACE Anti-Piracy
[2011/10/30 07:20:41 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\SpeedMaxPc
[2011/10/10 13:50:18 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\TMP
[2014/02/14 23:14:03 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\uTorrent

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 04:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/20 21:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/20 21:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2008/01/20 21:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2008/01/20 21:23:54 | 000,328,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2009/06/15 07:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2008/04/18 00:48:39 | 000,269,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/20 21:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2008/01/20 21:24:35 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/03/02 23:39:32 | 000,551,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2008/01/20 21:24:02 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 09:49:43 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/20 21:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2006/11/02 04:46:05 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/20 21:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/06/18 22:31:48 | 000,361,984 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2008/01/20 21:24:23 | 000,310,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/20 21:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/20 21:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/20 21:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/20 21:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/20 21:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2008/01/20 21:24:02 | 000,221,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 08:32:33 | 000,126,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2009/06/15 07:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2008/06/25 22:29:02 | 000,565,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/20 21:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2008/01/20 21:24:36 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/03/02 23:39:32 | 000,551,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/20 21:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2009/06/15 07:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2008/01/20 21:23:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 11:24:40 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 07:21:29 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/01/20 21:25:00 | 002,623,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/06 06:09:57 | 000,603,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2008/01/20 21:24:54 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 07:21:29 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2008/01/20 21:24:04 | 000,153,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2008/01/20 21:23:50 | 001,054,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2008/01/20 21:24:54 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2008/01/20 21:24:54 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/20 21:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 21:23:49 | 001,013,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2008/01/20 21:24:47 | 000,393,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2008/01/20 21:23:39 | 000,452,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2008/01/20 21:24:27 | 000,071,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2008/01/20 21:24:59 | 000,161,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2009/08/06 21:23:45 | 001,929,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2008/01/20 21:24:22 | 000,175,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 14:32:52 | 000,513,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 07:12:29 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is ECEC-C891
Directory of C:\
02/11/2006 08:02 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes

< MD5 for: EXPLORER.EXE >
[2009/03/23 14:14:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/03/23 14:14:39 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/03/23 14:14:39 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\ERDNT\cache\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/03/23 14:14:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows.old\Windows\System32\drivers\etc\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/20 21:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008/01/20 21:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\System32\services.exe
[2008/01/20 21:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows.old\Windows\ERDNT\cache\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows.old\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows.old\Windows\System32\en-US\services.exe.mui
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Windows.old\Documents and Settings\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Windows.old\ProgramData\Application Data\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Windows.old\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Windows.old\ProgramData\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Windows.old\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2011/04/22 18:14:58 | 000,000,391 | ---- | M] () MD5=3A1F9EAC442B6887821402A8E7498820 -- C:\Windows.old\Users\GTech\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6T6FAEQD\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\System32\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\en-US\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\System32\services.msc
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.RDB >
[2012/04/19 07:43:10 | 000,178,348 | ---- | M] () MD5=039C8CFBD74EE07F38CD9E4C7D95C5C6 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb
[2012/04/19 07:43:10 | 000,000,453 | ---- | M] () MD5=3D2ADA15FEF5B5FF468243161543D610 -- C:\Program Files\OpenOffice.org 3\program\services.rdb
[2012/04/13 05:55:44 | 000,008,060 | ---- | M] () MD5=7CA7D7150EC46321162F932ADCF5F35B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\ERDNT\cache\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\ERDNT\cache\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 1242 bytes -> C:\ProgramData\Microsoft:BiEbL4QDS3oGVekwxK8G0OVVhcKe
@Alternate Data Stream - 1150 bytes -> C:\ProgramData\Microsoft:aMAQ2NAxKxpTnV8fVTzUB

< End of report >


Extras


OTL Extras logfile created on: 14/02/2014 11:07:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GTech\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 60.82% Memory free
6.12 Gb Paging File | 4.82 Gb Available in Paging File | 78.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 0.06 Gb Free Space | 0.03% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.72 Gb Free Space | 45.90% Space Free | Partition Type: NTFS

Computer Name: GTECH-PC | User Name: GTech | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = CHM] -- C:\Program Files\Go PDF Reader\GoPDFReader.exe (Download Manager Ltd.)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\GTech\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3500CB86-553E-4AF2-9CD9-97CED8F1C568}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3FB95236-81AE-474B-9473-1B75B44DDE08}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{45A21FD2-C7C3-4AD3-8DC6-FD9FD97931FE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{63376F44-B27D-4CC0-9ABC-F5EEFEF07CF1}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{65DB31BB-2C9D-4251-A6A3-C8DC9F50270D}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{82A78315-0398-4FB0-9C4F-4D2B77A81986}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{8AFB895E-13F2-4879-BCE7-A17C2DA912C0}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{9899C1BA-E717-43F6-AD1B-2AC10C022737}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{99D85D1C-3841-4831-8393-A63D89539AC4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{A45A6562-AB3F-47D4-AD71-DD62F543A548}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AC2A75F6-D0FB-47E5-8FC4-6ACCC972CE28}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{B4CA21DC-E3ED-4328-AED4-B2807E9B34FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BA6BC74B-50EA-4C55-9223-F25FC61B6441}" = dir=in | app=c:\users\gtech\appdata\local\temp\ibtmpf564504\component_514.decrpt |
"{C045FACA-581E-4F21-9242-D0149175FF7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB050BCB-A5B0-4157-9240-2458983F1AEE}" = dir=in | app=c:\users\gtech\appdata\local\temp\softonic_ssk_conduit.exe |
"{CBC03185-2AEC-4796-902D-C77E67C61391}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{DC0DBE66-4F4D-41F4-856B-8ADD4F7E9F14}" = dir=out | app=c:\users\gtech\appdata\local\temp\ibtmpf564504\component_514.decrpt |
"{EAF5FA09-C04D-47DA-ADED-EFCAC94F0EEB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{F070C5F6-FEFD-46DB-8900-0065F4D2C85C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F5E7D988-7609-44B0-BFBB-1CD8FDCEED52}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{F81D0EB0-1CFA-4A6B-8E8D-1A1C04D937DE}" = dir=out | app=c:\users\gtech\appdata\local\temp\softonic_ssk_conduit.exe |
"TCP Query User{CB77F133-DDD7-431C-87CB-78331A23592B}C:\windows.old\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\windows.old\program files\frostwire\frostwire.exe |
"UDP Query User{D8C7DE49-A7CE-4A22-87BF-D5A0F8105F46}C:\windows.old\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\windows.old\program files\frostwire\frostwire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" =
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype 6.3
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F8F3768-C682-48A5-8939-C60867F57A28}" = Auto-Tune EFX RTAS
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 4.00
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{854C5F15-0B8E-4DC2-890C-D1C77BAFEBC2}" = AVG 2012
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.03
"{95292902-411B-4390-BCBD-8EA445F9456C}" = Auto-Tune EFX VST
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C5FB822B-2EED-44F2-B38F-5C7DD1FC5EB0}" = AVG 2012
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA054439-21A7-D2EF-DE23-38AA0560535F}" = ATI Catalyst Install Manager
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{FFF74EC9-1FF4-4456-99E3-4F05129F4FAB}" = Antares Auto-Tune Evo VST
"7-Zip" = 7-Zip 9.20
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AVG" = AVG 2012
"BabylonToolbar" = Babylon toolbar on IE
"blekkotb_031" = blekko search bar
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"DAEMON Tools Lite" = DAEMON Tools Lite
"GoPDFReader" = Go PDF Reader
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{3165EA9B-36CC-499B-96FF-36FC30E10EF4}" = License Support
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.8.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCH_EN Toolbar" = NCH EN Toolbar
"Portable Office" = Portable Office 2007
"PriceGong" = PriceGong 2.6.4
"uTorrent" = Torrent
"WinRAR archiver" = WinRAR 4.11 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab Music Converter" = FoxTab Music Converter
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15/02/2014 12:13:59 AM | Computer Name = GTech-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/02/2014 12:15:01 AM | Computer Name = GTech-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/02/2014 12:15:01 AM | Computer Name = GTech-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/02/2014 12:15:01 AM | Computer Name = GTech-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/02/2014 12:15:01 AM | Computer Name = GTech-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/02/2014 12:15:01 AM | Computer Name = GTech-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/02/2014 12:15:01 AM | Computer Name = GTech-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/02/2014 12:15:02 AM | Computer Name = GTech-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/02/2014 12:15:02 AM | Computer Name = GTech-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/02/2014 12:15:02 AM | Computer Name = GTech-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 15/02/2014 12:15:02 AM | Computer Name = GTech-PC | Source = Windows Search Service | ID = 3013
Description =

[ Broadcom Wireless LAN Events ]
Error - 03/06/2012 9:30:46 PM | Computer Name = GTech-PC | Source = WLAN-Tray | ID = 0
Description = 21:30:46, Sun, Jun 03, 12 Error - Unable to gain access to user store


Error - 05/06/2012 6:45:38 PM | Computer Name = GTech-PC | Source = WLAN-Tray | ID = 0
Description = 18:45:37, Tue, Jun 05, 12 Error - Unable to gain access to user store


Error - 07/06/2012 3:14:34 PM | Computer Name = GTech-PC | Source = WLAN-Tray | ID = 0
Description = 15:14:33, Thu, Jun 07, 12 Error - Unable to gain access to user store


Error - 10/06/2012 8:31:53 PM | Computer Name = GTech-PC | Source = WLAN-Tray | ID = 0
Description = 20:31:52, Sun, Jun 10, 12 Error - Unable to gain access to user store


Error - 21/06/2012 2:11:33 AM | Computer Name = GTech-PC | Source = WLAN-Tray | ID = 0
Description = 02:11:33, Thu, Jun 21, 12 Error - Unable to gain access to user store


Error - 02/10/2012 9:11:30 PM | Computer Name = GTech-PC | Source = WLAN-Tray | ID = 0
Description = 21:11:30, Tue, Oct 02, 12 Error - Unable to gain access to user store


Error - 09/02/2013 10:39:45 PM | Computer Name = GTech-PC | Source = WLAN-Tray | ID = 0
Description = 21:39:44, Sat, Feb 09, 13 Error - Unable to gain access to user store


Error - 16/02/2013 12:39:06 AM | Computer Name = GTech-PC | Source = WLAN-Tray | ID = 0
Description = 23:39:06, Fri, Feb 15, 13 Error - Unable to gain access to user store


Error - 18/04/2013 8:46:25 PM | Computer Name = GTech-PC | Source = WLAN-Tray | ID = 0
Description = 20:46:25, Thu, Apr 18, 13 Error - Unable to gain access to user store


Error - 19/04/2013 11:33:25 PM | Computer Name = GTech-PC | Source = WLAN-Tray | ID = 0
Description = 23:33:25, Fri, Apr 19, 13 Error - Unable to gain access to user store


[ System Events ]
Error - 15/02/2014 12:27:03 AM | Computer Name = GTech-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/02/2014 12:28:00 AM | Computer Name = GTech-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/02/2014 12:29:00 AM | Computer Name = GTech-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/02/2014 12:30:00 AM | Computer Name = GTech-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/02/2014 12:31:00 AM | Computer Name = GTech-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/02/2014 12:32:00 AM | Computer Name = GTech-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/02/2014 12:33:00 AM | Computer Name = GTech-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/02/2014 12:34:00 AM | Computer Name = GTech-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/02/2014 12:35:00 AM | Computer Name = GTech-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15/02/2014 12:36:00 AM | Computer Name = GTech-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
  • 0

#4
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts

However, I couldn't find the report for the WinDirStat. I looked in the folder but there didn't seem to be any report log.

After the scan you can manually check which folder is taking how much space and can inform me so that I can plan a fix.
  • 0

#5
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Hi GTech, :)

The process is long. Take your time and peruse over and over again.

  • Step #1 Uninstall Programs
    I want you to uninstall the following program(s) listed below due to poor reputation we receive about them. To uninstall a program, go to Start > Control Panel > Uninstall a program or Start > Control Panel > Programs and Features. Wait for the list to fill up and double-click on the items I have listed below and follow the on-screen instruction to remove/uninstall them.
  • Java 6 Update 7
  • BabylonObjectInstaller
  • Yontoo Layers Runtime 1.10.01
  • Babylon toolbar on IE
  • blekko search bar
  • NCH EN Toolbar

 

  • Step #2 P2P Warning
    **IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
  • Torrent
I shall provide you with a few reference links, please read them up to know the risks of having a P2P program.

Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P file-sharing as a major conduit to spread their wares.

My recommendation is that you uninstall the programs listed above.

If you choose not to remove them, please do not use them until this computer is clean.
 

  • Step #3 Fix with OTL
  • Re-run OTL by right clicking and choosing Run as administrator;
  • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

    :Commands
    [createrestorepoint]

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\ProgramData\BitGuard\2.6.1694.246\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe -- (BitGuard)
    IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2801948
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...?babsrc=HP_Prot
    IE - HKCU\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000223ae259802
    IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2801948
    FF - prefs.js..browser.search.order.1: "0s\nfH٧WILD=r"
    FF - prefs.js..browser.search.selectedEngine: "(8l\\dfv|,hM*W ݕe86 )82=Xu \r(P{,#L)"
    CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\BabylonChromeToolBar.dll
    CHR - Extension: Babylon Toolbar = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
    CHR - Extension: AVG Safe Search = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\
    CHR - Extension: Yontoo Layers = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.0_0\
    O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
    O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\GTech\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll ()
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
    O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {167D9323-F7CC-48F5-948A-6F012831A69F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
    O13 - gopher Prefix: missing
    O20 - AppInit_DLLs: (c:\progra~2\bitguard\261694~1.246\{16cdf~1\bitguard.dll) - c:\ProgramData\BitGuard\2.6.1694.246\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.dll ()
    [2011/11/30 12:17:48 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\Babylon
    [2012/05/08 14:24:56 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\BabylonToolbar
    [2012/02/19 18:47:21 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\FrostWire
    [2011/10/30 07:20:41 | 000,000,000 | ---D | M] -- C:\Users\GTech\AppData\Roaming\SpeedMaxPc
    @Alternate Data Stream - 1242 bytes -> C:\ProgramData\Microsoft:BiEbL4QDS3oGVekwxK8G0OVVhcKe
    @Alternate Data Stream - 1150 bytes -> C:\ProgramData\Microsoft:aMAQ2NAxKxpTnV8fVTzUB

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" =-

    :Commands
    [emptytemp]

  • Click on "Run Fix" and let the program run unhindered;
  • Your PC will reboot automatically and a log will be opened;
  • Please post it in your next reply.

 

  • Step #4 Fix with AdwCleaner
  • Right-click on AdwCleaner.exe and choose Run as administrator;
  • Click on Scan and let the program run unhindered;
  • When done, click on Clean and allow the system to reboot after it is done;
  • A log will be opened automatically after the restart;
  • Copy and Paste the contents of this log in your reply.

 

  • Step #5 Fix with Junkware Removal Tool
    Download Junkware Removal Tool by thisisu to your Desktop from the link below.
    Download Link 1
    Download Link 2
  • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
  • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
  • Please be patient as the tool cleans your system;
  • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
  • Copy and Paste the contents of the log in your next reply.

 

  • Step #6 Delete Windows.old folder
    Peruse this article to delete Windows.old folder. Do not try to delete it manually.

 

  • Required Log(s):
  • OTL Fix Log;
  • AdwCleaner Log;
  • Junkware Removal Tool Log

Regards,
Valinorum
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#7
GTech

GTech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
OTL Fix Log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service BitGuard stopped successfully!
Service BitGuard deleted successfully!
File C:\ProgramData\BitGuard\2.6.1694.246\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
File C:\Program Files\NCH_EN\prxtbNCH_.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{167d9323-f7cc-48f5-948a-6f012831a69f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
File C:\Program Files\NCH_EN\prxtbNCH_.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "0s\nfH٧WILD=r" removed from browser.search.order.1
Prefs.js: "(8l\\dfv|,hM*W ݕe86 )82=Xu \r(P{,#L)" removed from browser.search.selectedEngine
File C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\BabylonChromeToolBar.dll not found.
C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0 folder moved successfully.
C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins folder moved successfully.
C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\content\Icons folder moved successfully.
C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\content folder moved successfully.
C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0 folder moved successfully.
C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.0_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ deleted successfully.
C:\Program Files\PriceGong\2.6.4\PriceGongIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
File C:\Program Files\NCH_EN\prxtbNCH_.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
C:\Program Files\AVG\AVG2012\avgssie.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\ deleted successfully.
File C:\Program Files\blekkotb_031\blekkotb_019X.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}\ deleted successfully.
C:\Users\GTech\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
File C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{37483b40-c254-4a72-bda4-22ee90182c1e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
File C:\Program Files\NCH_EN\prxtbNCH_.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8769adce-dba5-48e9-afb5-67b12cdf2e61} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\ not found.
File C:\Program Files\blekkotb_031\blekkotb_019X.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{167D9323-F7CC-48F5-948A-6F012831A69F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167D9323-F7CC-48F5-948A-6F012831A69F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37483B40-C254-4A72-BDA4-22EE90182C1E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483B40-C254-4A72-BDA4-22EE90182C1E}\ not found.
File C:\Program Files\NCH_EN\prxtbNCH_.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\bitguard\261694~1.246\{16cdf~1\bitguard.dll deleted successfully.
File move failed. c:\ProgramData\BitGuard\2.6.1694.246\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.dll scheduled to be moved on reboot.
C:\Users\GTech\AppData\Roaming\Babylon folder moved successfully.
Folder C:\Users\GTech\AppData\Roaming\BabylonToolbar\ not found.
C:\Users\GTech\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully.
C:\Users\GTech\AppData\Roaming\FrostWire\themes folder moved successfully.
C:\Users\GTech\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully.
C:\Users\GTech\AppData\Roaming\FrostWire folder moved successfully.
C:\Users\GTech\AppData\Roaming\SpeedMaxPc\SpeedMaxPc folder moved successfully.
ADS C:\ProgramData\Microsoft:BiEbL4QDS3oGVekwxK8G0OVVhcKe deleted successfully.
ADS C:\ProgramData\Microsoft:aMAQ2NAxKxpTnV8fVTzUB deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: GTech
->Temp folder emptied: 1742245916 bytes
->Temporary Internet Files folder emptied: 114640524 bytes
->Java cache emptied: 63147 bytes
->FireFox cache emptied: 123292095 bytes
->Google Chrome cache emptied: 30515056 bytes
->Flash cache emptied: 24139 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64433731 bytes
RecycleBin emptied: 40818189 bytes

Total Files Cleaned = 2,018.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02282014_124156

Files\Folders moved on Reboot...
c:\ProgramData\BitGuard\2.6.1694.246\{16cdff19-861d-48e3-a751-d99a27784753}\BitGuard.dll moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

AdwCleaner Log

# AdwCleaner v3.020 - Report created 28/02/2014 at 13:46:28
# Updated 27/02/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : GTech - GTECH-PC
# Running from : C:\Users\GTech\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Found : C:\Users\GTech\AppData\Roaming\Mozilla\Firefox\Profiles\9ml3xsoq.default\bprotector_extensions.sqlite
File Found : C:\Users\GTech\AppData\Roaming\Mozilla\Firefox\Profiles\9ml3xsoq.default\bprotector_prefs.js
File Found : C:\Users\GTech\AppData\Roaming\Mozilla\Firefox\Profiles\9ml3xsoq.default\invalidprefs.js
File Found : C:\Users\Public\Desktop\Babylon.lnk
File Found : C:\Windows\System32\Tasks\BitGuard
File Found : C:\Windows\System32\Tasks\NCH Software
Folder Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\caloheeledhajihipjihanmihhegodlc
Folder Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Folder Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn
Folder Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found C:\Program Files\blekkotb_031
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\PriceGong
Folder Found C:\ProgramData\Anti-phishing Domain Advisor
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\BitGuard
Folder Found C:\ProgramData\blekko toolbars
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Found C:\ProgramData\NCH Software
Folder Found C:\ProgramData\Premium
Folder Found C:\ProgramData\SpeedMaxPc
Folder Found C:\Users\GTech\AppData\Local\Babylon
Folder Found C:\Users\GTech\AppData\Local\blekkotb_031
Folder Found C:\Users\GTech\AppData\Local\Conduit
Folder Found C:\Users\GTech\AppData\LocalLow\BabylonToolbar
Folder Found C:\Users\GTech\AppData\LocalLow\Conduit
Folder Found C:\Users\GTech\AppData\LocalLow\PriceGong
Folder Found C:\Users\GTech\AppData\Roaming\DriverCure
Folder Found C:\Users\GTech\AppData\Roaming\file scout
Folder Found C:\Users\GTech\AppData\Roaming\Media Finder
Folder Found C:\Users\GTech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Found C:\Users\GTech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Found C:\Users\GTech\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
Folder Found C:\Users\GTech\AppData\Roaming\NCH Software
Folder Found C:\Users\GTech\AppData\Roaming\SpeedMaxPc

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\e558b8ae734e540
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\Google\Chrome\Extensions\caloheeledhajihipjihanmihhegodlc
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\NCH Software
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SpeedMaxPC
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3007394
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\e558b8ae734e540
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\caloheeledhajihipjihanmihhegodlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\BitGuard
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADA88841-005E-46C5-8E45-4560A9121DC5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Found : HKLM\Software\SpeedMaxPC
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18639


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\GTech\AppData\Roaming\Mozilla\Firefox\Profiles\9ml3xsoq.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11432 octets] - [28/02/2014 13:46:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11493 octets] ##########
# AdwCleaner v3.020 - Report created 28/02/2014 at 14:08:34
# Updated 27/02/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : GTech - GTECH-PC
# Running from : C:\Users\GTech\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Found : C:\Users\GTech\AppData\Roaming\Mozilla\Firefox\Profiles\9ml3xsoq.default\bprotector_extensions.sqlite
File Found : C:\Users\GTech\AppData\Roaming\Mozilla\Firefox\Profiles\9ml3xsoq.default\bprotector_prefs.js
File Found : C:\Users\GTech\AppData\Roaming\Mozilla\Firefox\Profiles\9ml3xsoq.default\invalidprefs.js
File Found : C:\Users\Public\Desktop\Babylon.lnk
File Found : C:\Windows\System32\Tasks\BitGuard
File Found : C:\Windows\System32\Tasks\NCH Software
Folder Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\caloheeledhajihipjihanmihhegodlc
Folder Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Folder Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn
Folder Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found C:\Program Files\blekkotb_031
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\PriceGong
Folder Found C:\ProgramData\Anti-phishing Domain Advisor
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\BitGuard
Folder Found C:\ProgramData\blekko toolbars
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Found C:\ProgramData\NCH Software
Folder Found C:\ProgramData\Premium
Folder Found C:\ProgramData\SpeedMaxPc
Folder Found C:\Users\GTech\AppData\Local\Babylon
Folder Found C:\Users\GTech\AppData\Local\blekkotb_031
Folder Found C:\Users\GTech\AppData\Local\Conduit
Folder Found C:\Users\GTech\AppData\LocalLow\BabylonToolbar
Folder Found C:\Users\GTech\AppData\LocalLow\Conduit
Folder Found C:\Users\GTech\AppData\LocalLow\PriceGong
Folder Found C:\Users\GTech\AppData\Roaming\DriverCure
Folder Found C:\Users\GTech\AppData\Roaming\file scout
Folder Found C:\Users\GTech\AppData\Roaming\Media Finder
Folder Found C:\Users\GTech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Found C:\Users\GTech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Found C:\Users\GTech\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
Folder Found C:\Users\GTech\AppData\Roaming\NCH Software
Folder Found C:\Users\GTech\AppData\Roaming\SpeedMaxPc

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\e558b8ae734e540
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\Google\Chrome\Extensions\caloheeledhajihipjihanmihhegodlc
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\NCH Software
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SpeedMaxPC
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Key Found : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Key Found : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3007394
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\e558b8ae734e540
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\caloheeledhajihipjihanmihhegodlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\BitGuard
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADA88841-005E-46C5-8E45-4560A9121DC5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Found : HKLM\Software\SpeedMaxPC
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18639


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\GTech\AppData\Roaming\Mozilla\Firefox\Profiles\9ml3xsoq.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [23006 octets] - [28/02/2014 13:46:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [23067 octets] ##########



# AdwCleaner v3.020 - Report created 28/02/2014 at 14:12:10
# Updated 27/02/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : GTech - GTECH-PC
# Running from : C:\Users\GTech\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\SpeedMaxPc
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Deleted : C:\Program Files\blekkotb_031
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\PriceGong
Folder Deleted : C:\Users\GTech\AppData\Local\Babylon
Folder Deleted : C:\Users\GTech\AppData\Local\blekkotb_031
Folder Deleted : C:\Users\GTech\AppData\Local\Conduit
Folder Deleted : C:\Users\GTech\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\GTech\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\GTech\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\GTech\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\GTech\AppData\Roaming\file scout
Folder Deleted : C:\Users\GTech\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\GTech\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
Folder Deleted : C:\Users\GTech\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\GTech\AppData\Roaming\SpeedMaxPc
Folder Deleted : C:\Users\GTech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\GTech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Deleted : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Folder Deleted : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\caloheeledhajihipjihanmihhegodlc
Folder Deleted : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclijllifhfpomppedeljakfegbcpojn
File Deleted : C:\Users\Public\Desktop\Babylon.lnk
File Deleted : C:\Users\GTech\AppData\Roaming\Mozilla\Firefox\Profiles\9ml3xsoq.default\bprotector_extensions.sqlite
File Deleted : C:\Users\GTech\AppData\Roaming\Mozilla\Firefox\Profiles\9ml3xsoq.default\bprotector_prefs.js
File Deleted : C:\Users\GTech\AppData\Roaming\Mozilla\Firefox\Profiles\9ml3xsoq.default\invalidprefs.js
File Deleted : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Deleted : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\BitGuard
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{8A9386B4-E958-4C4C-ADF4-8F26DB3E4829}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\caloheeledhajihipjihanmihhegodlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\caloheeledhajihipjihanmihhegodlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADA88841-005E-46C5-8E45-4560A9121DC5}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADA88841-005E-46C5-8E45-4560A9121DC5}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]
Key Deleted : HKCU\Software\e558b8ae734e540
Key Deleted : HKLM\SOFTWARE\e558b8ae734e540
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3007394
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\SpeedMaxPC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18639


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\GTech\AppData\Roaming\Mozilla\Firefox\Profiles\9ml3xsoq.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [23148 octets] - [28/02/2014 13:46:28]
AdwCleaner[S0].txt - [11868 octets] - [28/02/2014 14:12:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11929 octets] ##########


JRT


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista ™ Home Premium x86
Ran by GTech on 28/02/2014 at 14:23:13.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2940857735-2357682170-2313198792-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_USERS\.DEFAULT\Software\bProtector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\GTech\appdata\local\cre"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\GTech\AppData\Roaming\mozilla\firefox\profiles\9ml3xsoq.default\minidumps [48 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\GTech\appdata\local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Successfully deleted: [Folder] C:\Users\GTech\appdata\local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/02/2014 at 14:27:10.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#8
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Did you remove the Windows.old folder as administered on Step #6? How much space you have now? Give me a fresh set of OTL Log.
  • 0

#9
GTech

GTech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
My apologies for the late reply. I've been busy with school and Placement and I don't get home till very late so I haven't had the chance to proceed. I will try to get that for you tomorrow. If not, latest Thursday. Please don't close the thread because I assume it's a hassle to open/re-open due to inactivity. I just wanted to inform you that I will get it done ASAP. Thank you for your patience.

Edited by GTech, 04 March 2014 - 11:53 PM.

  • 0

#10
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Acknowledged. :)
  • 0

Advertisements


#11
GTech

GTech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Did you remove the Windows.old folder as administered on Step #6? How much space you have now? Give me a fresh set of OTL Log.


Yes I did remove the Windows.old folder. Also space seems to be restored in my hard drive. I only have 50 gigs out of 250 but it`s more than it was before. Also, in regards to one of the previous steps using WinDirStat I found out that My Computer has the most space taken up (230 Gig). And here's an updated scan from OTL

OTL logfile created on: 06/03/2014 12:38:21 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = c:\users\GTech\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 44.86% Memory free
6.16 Gb Paging File | 4.59 Gb Available in Paging File | 74.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 52.85 Gb Free Space | 24.22% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 6.72 Gb Free Space | 45.90% Space Free | Partition Type: NTFS

Computer Name: GTECH-PC | User Name: GTech | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/15 01:56:21 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/02/14 23:06:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\GTech\Downloads\OTL.exe
PRC - [2013/10/16 00:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/06/11 19:27:20 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/02/27 16:38:44 | 001,259,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/11/19 17:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/11/08 03:51:06 | 000,768,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/03/19 04:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 03:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/10/14 23:47:52 | 000,641,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/09/08 17:08:40 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2009/01/09 11:06:32 | 001,735,760 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/23 13:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2005/07/16 05:00:00 | 000,651,264 | ---- | M] (Seifert) -- C:\Program Files\WinDirStat\windirstat.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/15 01:56:20 | 003,578,992 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/06/11 19:27:19 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2011/10/16 00:16:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/10/15 23:53:41 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/10/15 23:51:28 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008/11/17 06:29:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 01:56:20 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/16 00:30:02 | 005,175,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/09/08 17:08:40 | 002,932,224 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2009/08/24 07:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/06/04 09:15:02 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/06/04 09:15:02 | 000,084,248 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2013/04/11 02:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/12/10 03:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/11/08 03:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/09 21:52:40 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/04/19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/06/28 16:04:14 | 000,093,304 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2011/05/13 02:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/05/13 02:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011/05/13 02:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
DRV - [2011/05/13 02:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011/05/13 02:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2008/11/17 06:29:08 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "(8l\\dfv|,hM*W ݕe86 )82=Xu \r(P{,#L)"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\GTech\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\GTech\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/09/01 17:13:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2013/11/14 20:06:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/08 14:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GTech\AppData\Roaming\Mozilla\Extensions
[2014/02/28 12:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GTech\AppData\Roaming\Mozilla\Firefox\Profiles\9ml3xsoq.default\Extensions
[2014/02/28 12:22:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/02/01 00:41:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/15 01:56:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.5_0\BabylonChromeToolBar.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Users\GTech\AppData\Local\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\GTech\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: AdBlock = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Skype Click to Call = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601\
CHR - Extension: Skype Click to Call = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771\
CHR - Extension: Skype Click to Call = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0\
CHR - Extension: Skype Click to Call = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: Google Wallet = C:\Users\GTech\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Users\GTech\Desktop\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html ()
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html ()
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B991A39-2177-4916-AC3F-B66D3061740E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\GTech\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\GTech\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/28 22:06:35 | 000,000,000 | -HSD | C] -- C:\found.001
[2014/02/28 14:23:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/02/28 13:59:52 | 000,000,000 | ---D | C] -- C:\Users\GTech\Desktop\Scans
[2014/02/28 13:45:53 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/28 12:41:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/14 23:37:09 | 000,000,000 | ---D | C] -- C:\Users\GTech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2014/02/14 23:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
[2014/02/14 23:37:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat

========== Files - Modified Within 30 Days ==========

[2014/03/06 00:26:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/06 00:19:07 | 000,002,046 | ---- | M] () -- C:\Users\GTech\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/03/06 00:19:06 | 000,002,044 | ---- | M] () -- C:\Users\GTech\Desktop\Google Chrome.lnk
[2014/03/06 00:14:50 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2940857735-2357682170-2313198792-1000UA.job
[2014/03/05 23:53:17 | 155,657,402 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2014/03/05 23:49:01 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/05 23:48:59 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/05 23:48:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/05 23:48:20 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/03 00:59:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2940857735-2357682170-2313198792-1000Core.job
[2014/03/01 01:16:11 | 005,294,979 | ---- | M] () -- C:\Users\GTech\Desktop\How Many Mics (Instrumental).mp3
[2014/03/01 01:03:01 | 002,962,299 | ---- | M] () -- C:\Users\GTech\Desktop\How Many Mics Remix.mp3
[2014/02/27 19:06:00 | 002,770,189 | ---- | M] () -- C:\Users\GTech\Desktop\Eye For A Eye Remix Accaplla.mp3
[2014/02/23 11:41:45 | 003,220,274 | ---- | M] () -- C:\Users\GTech\Desktop\Eye For A Eye Remix (GTech verse).mp3
[2014/02/22 22:51:42 | 008,261,704 | ---- | M] () -- C:\Users\GTech\Desktop\Lauryn Hill - Ex-Factor Instrumental.mp3
[2014/02/17 17:34:52 | 002,847,715 | ---- | M] () -- C:\Users\GTech\Desktop\show me remix- renegade , gtech open verse.mp3
[2014/02/17 17:07:56 | 007,265,201 | ---- | M] () -- C:\Users\GTech\Desktop\Show Me Remix ft. Renegade.mp3
[2014/02/17 13:32:45 | 013,924,335 | ---- | M] () -- C:\Users\GTech\Desktop\Tempted to Touch Remix (new).mp3
[2014/02/14 23:37:10 | 000,000,830 | ---- | M] () -- C:\Users\GTech\Desktop\WinDirStat.lnk

========== Files Created - No Company Name ==========

[2014/03/01 01:02:42 | 002,962,299 | ---- | C] () -- C:\Users\GTech\Desktop\How Many Mics Remix.mp3
[2014/02/28 22:32:45 | 005,294,979 | ---- | C] () -- C:\Users\GTech\Desktop\How Many Mics (Instrumental).mp3
[2014/02/27 19:04:41 | 002,770,189 | ---- | C] () -- C:\Users\GTech\Desktop\Eye For A Eye Remix Accaplla.mp3
[2014/02/27 12:33:43 | 005,332,608 | ---- | C] () -- C:\Users\GTech\Desktop\The Firm - Executive Decision (Instrumental).mp3
[2014/02/23 11:40:32 | 003,220,274 | ---- | C] () -- C:\Users\GTech\Desktop\Eye For A Eye Remix (GTech verse).mp3
[2014/02/22 22:50:48 | 008,261,704 | ---- | C] () -- C:\Users\GTech\Desktop\Lauryn Hill - Ex-Factor Instrumental.mp3
[2014/02/17 17:34:47 | 002,847,715 | ---- | C] () -- C:\Users\GTech\Desktop\show me remix- renegade , gtech open verse.mp3
[2014/02/17 17:07:42 | 007,265,201 | ---- | C] () -- C:\Users\GTech\Desktop\Show Me Remix ft. Renegade.mp3
[2014/02/17 13:32:11 | 013,924,335 | ---- | C] () -- C:\Users\GTech\Desktop\Tempted to Touch Remix (new).mp3
[2014/02/14 23:37:10 | 000,000,830 | ---- | C] () -- C:\Users\GTech\Desktop\WinDirStat.lnk
[2011/10/10 19:30:13 | 000,101,376 | ---- | C] () -- C:\Users\GTech\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/02 18:05:20 | 000,006,756 | ---- | C] () -- C:\Users\GTech\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 10:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 23:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 21:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#12
GTech

GTech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I also wanted to add that my laptop lags a lot. It would always freeze when I'm browsing the internet. I know we haven't fully fixed my issue, but I thought I'd just add that. Not sure if I've mentioned it or not. Thanks.
  • 0

#13
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts

Also, in regards to one of the previous steps using WinDirStat I found out that My Computer has the most space taken up (230 Gig).

Click on the '+' sign on left side of the folders shown in WinDirStat and check which files are taking up the spaces and report to me.
  • 0

#14
GTech

GTech

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
The most space that's being taken up besides My Computer is OS (C:)(94.6%/217.6 GB) which contains the folder Users (62.9%/136.8 GB) > Folder GTech (99.8%/136.6 GB) > Desktop (96.3%/131.5 GB).

That should be the ones that's taking most of the space. I can keep going but there's a lot of folders to go through.
  • 0

#15
Valinorum

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 2,913 posts
Go to that Desktop folder normally and check what it contains. Do you install all your programs there? Maybe they are taking all your spaces.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP